Introduction to Cryptography

Cryptography

Cryptography

History of Cryptography

Modern cryptography

Cryptography or cryptology (from

History of Cryptography

Cryptography

Ancient Greek: “hidden, secret”; and “to write”, or “study”, respectively [1] ) is the practice and study of techniques for

secure communicationin the presence of third parties called

authenticationor integrity checks.

secrecyin

adversaries. [2] More generally, cryptography is about constructing and analyzing

non-repudiation [4] are central to modern cryptography.

copyright infringementof digital media. [9]

protocolsthat prevent third parties or the public from reading private messages; [3] various aspects in

information securitysuch as data

secrecyin

authenticationor integrity checks.

confidentiality,

computational complexity,

data integrity,

data integrity,

confidentiality,

digital signatures,

authentication, and

authentication,

communication science, and

non-repudiation [4] are central to modern cryptography.

adversaries. [2] More generally, cryptography is about constructing and analyzing

copyright infringementof digital media. [9]

Modern cryptography exists at the intersection of the disciplines of

mathematics,

abstract mathematics.

statistics,

computer science,

communication science, and

computer networks, and

electrical engineering,

electronic commerce,

communication science, and

computer science,

communications, such as those of

physics.

statistics,

mathematics,

Applications of cryptography include

electronic commerce,

electrical engineering,

communication science, and

chip-based payment cards,

computer passwords, and

digital currencies,

digital signatures,

computer science,

computer passwords, and

computer networks, and

computer science,

military communications.

communications, such as those of

communication science, and

Cryptography prior to the modern age was effectively synonymous with

encryption , the conversion of information from a readable state to apparent

encryption, which is the process of converting ordinary information (called

nonsense.

one-time pad.

physics.

The originator of an encrypted message shares the decoding technique only with intended recipients to preclude access from adversaries.

The cryptography literature

Modern cryptography

Cryptography

often uses the namesAlice (“A”) for the sender, Bob (“B”) for the intended recipient, and Eve (“eavesdropper“) for the adversary. [5] Since the development of

rotor cipher machinesin

block ciphersor

computersin

World WarIand the advent of

cipher (or

Scientific American column.

computersin

secrecyin

computer securitygenerally.

World WarII, the methods used to carry out cryptology have become increasingly complex and its application more widespread.

Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic

algorithmsare designed around

RSAalgorithm was published in

Keccakwould be the new SHA-3 hash algorithm.

computational hardness assumptions, making such algorithms hard to break in practice by any adversary.

It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means.

These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in

integer factorizationalgorithms, and faster computing technology require these solutions to be continually adapted.

There exist

one-time pad—but these schemes are more difficult to use in practice than the best theoretically breakable but computationally secure mechanisms.

The growth of cryptographic technology has raised a number of legal issues in the information age.

Cryptography’s potential for use as a tool for

espionageand

symmetricand

linguisticand

seditionhas led many governments to classify it as a weapon and to limit or even prohibit its use and export. [6] In some jurisdictions where the use of cryptography is legal, laws permit investigators to

compel the disclosureof encryption keys for documents relevant to an investigation. [7] [8] Cryptography also plays a major role in

compel the disclosureof encryption keys for documents relevant to an investigation. [7] [8] Cryptography also plays a major role in

RFC2828advises thatsteganographyis sometimes included in cryptology.

seditionhas led many governments to classify it as a weapon and to limit or even prohibit its use and export. [6] In some jurisdictions where the use of cryptography is legal, laws permit investigators to

digital rights managementand

espionageand

symmetricand

copyright infringementof digital media. [9]

non-repudiation [4] are central to modern cryptography.

FEAL. [4]

Terminology

The first use of the termcryptograph(as opposed tocryptogram) dates back to the 19th century—originating from The Gold-Bug , a novel byEdgar Allan Poe.

compel the disclosureof encryption keys for documents relevant to an investigation. [7] [8] Cryptography also plays a major role in

Until modern times, cryptography referred almost exclusively to

encryption, which is the process of converting ordinary information (called

encryption , the conversion of information from a readable state to apparent

plaintext) into unintelligible form (called

ciphertext).

stream ciphers.

computer science,

Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext.

A

cipher (or

Scientific American column.

block ciphersor

cypher) is a pair of algorithms that create the encryption and the reversing decryption.

The detailed operation of a cipher is controlled both by the algorithm and in each instance by a “key“.

The key is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext.

Formally, a “cryptosystem” is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, and the encryption and decryption algorithms which correspond to each key.

Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive) for most purposes.

Historically, ciphers were often used directly for encryption or decryption without additional procedures such as

authenticationor integrity checks.

integer factorizationor the

information securitysuch as data

There are two kinds of cryptosystems:

symmetricand

linguisticand

espionageand

asymmetric.

symmetricand

physics.

In symmetric systems the same key (the secret key) is used to encrypt and decrypt a message.

Asymmetric systems use a public key to encrypt a message and a private key to decrypt it.

Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths.

Asymmetric systems use a public key to encrypt a message and a private key to decrypt it.

In symmetric systems the same key (the secret key) is used to encrypt and decrypt a message.

Use of asymmetric systems enhances the security of communication.

Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman), and ECC (Elliptic Curve Cryptography).

Symmetric models include the commonly used AES (Advanced Encryption Standard) which replaced the older DES (Data Encryption Standard).

In

colloquialuse, the term “code” is often used to mean any method of encryption or concealment of meaning.

However, in cryptography,

Modern cryptography

Cryptography

codehas a more specific meaning.

secrecyin

linguisticand

It means the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a

code word(for example, “wallaby” replaces “attack at dawn”).

Cryptanalysisis the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to crack encryption algorithms or their implementations.

Some use the terms

cryptographyand

quantum cryptographyand

Topics in Cryptographyfor more.

cryptologyinterchangeably in English, while others (including US military practice generally) use

cryptographyto refer specifically to the use and practice of cryptographic techniques and

cryptologyto refer to the combined study of cryptography and cryptanalysis.

Cryptographic hash functionsare a third type of cryptographic algorithm.

cryptologyto refer to the combined study of cryptography and cryptanalysis.

cryptographyto refer specifically to the use and practice of cryptographic techniques and

cryptographyand

English is more flexible than several other languages in which

cryptology(done by cryptologists) is always used in the second sense above.

cryptologyto refer to the combined study of cryptography and cryptanalysis.

RFC2828advises thatsteganographyis sometimes included in cryptology.

compel the disclosureof encryption keys for documents relevant to an investigation. [7] [8] Cryptography also plays a major role in

The study of characteristics of languages that have some application in cryptography or cryptology (e.g. frequency data, letter combinations, universal patterns, etc.) is called cryptolinguistics.

History of Cryptography

Cryptography

Cryptography is also a branch of

Before the modern era, cryptography focused on message confidentiality (i.e., encryption)—conversion of

messagesfrom a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely the key needed for decryption of that message).

Encryption attempted to ensure

secrecyin

computersin

symmetricand

communications, such as those of

military communications.

communication science, and

spies, military leaders, and

diplomats.

physics.

mathematics,

In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity

authentication,

authentication, and

mathematics,

digital signatures,

digital currencies,

data integrity,

interactive proofsand

computersin

linguisticand

secure computation, among others.

authentication,

computational complexity,

Computer era

Prior to the early 20th century, cryptography was mainly concerned with

linguisticand

symmetricand

espionageand

lexicographicpatterns.

cryptographyand

computersin

Since then the emphasis has shifted, and cryptography now makes extensive use of mathematics, including aspects of

information theory,

mathematics,

authentication,

computational complexity,

confidentiality,

secure computation, among others.

statistics,

mathematics,

physics.

combinatorics,

statistics,

mathematics,

abstract algebra,

abstract mathematics.

intractable, such as the

number theory, and finite mathematics generally.

mathematics,

Cryptography is also a branch of

Cryptography

History of Cryptography

engineering, but an unusual one since it deals with active, intelligent, and malevolent opposition (see cryptographic engineering and

security engineering); other kinds of engineering (e.g., civil or chemical engineering) need deal only with neutral natural forces.

There is also active research examining the relationship between cryptographic problems and

quantum physics(see

quantum cryptographyand

secrecyin

quantum cryptographyand

cryptographyand

quantum physics(see

quantum computer).

computer science,

computer networks, and

Just as the development of digital computers and electronics helped in cryptanalysis, it made possible much more complex ciphers.

Furthermore, computers allowed for the encryption of any kind of data representable in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant.

Computer use has thus supplanted linguistic cryptography, both for cipher design and cryptanalysis.

Many computer ciphers can be characterized by their operation on

binary

bitsequences (sometimes in groups or blocks), unlike classical and mechanical schemes, which generally manipulate traditional characters (i.e., letters and digits) directly.

However, computers have also assisted cryptanalysis, which has compensated to some extent for increased cipher complexity.

Nonetheless, good modern ciphers have stayed ahead of cryptanalysis; it is typically the case that use of a quality cipher is very efficient (i.e., fast and requiring few resources, such as memory or CPU capability), while breaking it requires an effort many orders of magnitude larger, and vastly larger than that required for any classical cipher, making cryptanalysis so inefficient and impractical as to be effectively impossible.

Advent of modern cryptography

Modern cryptography

However, in cryptography,

Cryptanalysisof the new mechanical devices proved to be both difficult and laborious.

In the United Kingdom, cryptanalytic efforts at

Bletchley Parkduring WWII spurred the development of more efficient means for carrying out repetitious tasks.

This culminated in the development of the

Colossus, the world’s first fully electronic, digital,

programmablecomputer, which assisted in the decryption of ciphers generated by the German Army’s

Lorenz SZ40/42machine.

rotor cipher machinesin

secrecyin

Extensive open academic research into cryptography is relatively recent; it began only in the mid-1970’s.

In recent times, IBM personnel designed the algorithm that became the Federal (i.e., US)

Data Encryption Standard;

Data Encryption Standard(DES) and the

Whitfield Diffieand

espionageand

symmetricand

Martin Hellmanpublished

RSAalgorithm was published in

linguisticand

their key agreement algorithm;

and the

and

RSAalgorithm was published in

Martin Hellmanpublished

algorithmsare designed around

Martin Gardner‘s

Scientific American column.

cipher (or

FEAL. [4]

Following their work in 1976, it became popular to consider cryptography systems based on mathematical problems that are easy to state but have been found difficult to solve.

Since then, cryptography has become a widely used tool in communications,

computer networks, and

computer passwords, and

computer science,

computer securitygenerally.

computersin

secrecyin

Some modern cryptographic techniques can only keep their keys secret if certain mathematical problems are

intractable, such as the

abstract algebra,

abstract mathematics.

integer factorizationor the

authenticationor integrity checks.

interactive proofsand

discrete logarithmproblems, so there are deep connections with

abstract mathematics.

mathematics,

abstract algebra,

There are very few cryptosystems that are proven to be unconditionally secure.

The

The US

one-time padis one, and was proven to be so by Claude Shannon.

There are a few important algorithms that have been proven secure under certain assumptions.

For example, the infeasibility of factoring extremely large integers is the basis for believing that

RSAis secure, and some other systems, but even so proof of unbreakability is unavailable since the underlying mathematical problem remains open.

In practice, these are widely used, and are believed unbreakable in practice by most competent observers.

There are systems similar to RSA, such as one by

Michael O. Rabinthat are provably secure provided factoring

n = pqis impossible; it is quite unusable in practice.

interactive proofsand

linguisticand

The

The US

As well as being aware of cryptographic history, cryptographic algorithm and system designers must also sensibly consider probable future developments while working on their designs.

For instance, continuous improvements in computer processing power have increased the scope of

brute-force attacks, so when specifying

key lengths, the required key lengths are similarly advancing.

The potential effects of

quantum computingare already being considered by some cryptographic system designers developing

post-quantum cryptography; the announced imminence of small implementations of these machines may be making the need for preemptive caution rather more than merely speculative. [4]

Symmetric-key cryptography

Public-key cryptography

Main article:Symmetric-key algorithm

symmetricand

RSAalgorithm was published in

diagram showing encrypt with a key and decrypt process

Symmetric-key cryptography, where a single key is used for encryption and decryption

Public-key cryptography, where different keys are used for encryption and decryption.

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way).

This was the only kind of encryption publicly known until June 1976.

logic diagram showing International Data Encryption Algorithm cypher process

Symmetric key ciphers are implemented as either

block ciphersor

rotor cipher machinesin

computersin

stream ciphers.

ciphertext).

physics.

A block cipher enciphers input in blocks of plaintext as opposed to individual characters, the input form used by a stream cipher.

The

The US

Data Encryption Standard(DES) and the

Data Encryption Standard;

Advanced Encryption Standard(AES) are block cipher designs that have been designated

Advanced Encryption Standard(AES) are block cipher designs that have been designated

Data Encryption Standard(DES) and the

cryptography standardsby the US government (though DES’s designation was finally withdrawn after the AES was adopted).

Despite its deprecation as an official standard, DES (especially its still-approved and much more secure

triple-DESvariant) remains quite popular; it is used across a wide range of applications, from ATM encryption

to

e-mail privacy

and

and the

secure remote access.

stream ciphers.

Many other block ciphers have been designed and released, with considerable variation in quality.

Many, even some designed by capable practitioners, have been thoroughly broken, such as

FEAL. [4]

cipher (or

Scientific American column.

Stream ciphers, in contrast to the ‘block’ type, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the

one-time pad.

nonsense.

asymmetric.

In a stream cipher, the output stream is created based on a hidden internal state that changes as the cipher operates.

That internal state is initially set up using the secret key material.

RC4is a widely used stream cipher; see

block ciphersor

secrecyin

Category:Stream ciphers. [4] Block ciphers can be used as stream ciphers; see

non-repudiation [4] are central to modern cryptography.

Block cipher modes of operation.

Cryptographic hash functionsare a third type of cryptographic algorithm.

cryptographyto refer specifically to the use and practice of cryptographic techniques and

They take a message of any length as input, and output a short, fixed length

digital signatures,

For good hash functions, an attacker cannot find two messages that produce the same hash.

MD4is a long-used hash function that is now broken;

MD5, a strengthened variant of MD4, is also widely used but broken in practice.

The US

The

National Security Agencydeveloped the Secure Hash Algorithm series of MD5-like hash functions: SHA-0 was a flawed algorithm that the agency withdrew;

SHA-1is widely deployed and more secure than MD5, but cryptanalysts have identified attacks against it; the

SHA-2family improves on SHA-1, but is vulnerable to clashes as of 2011; and the US standards authority thought it “prudent” from a security perspective to develop a new standard to “significantly improve the robustness of

NIST‘s overall hash algorithm toolkit.”

Thus, a

hash function design competitionwas meant to select a new U.S. national standard, to be called

SHA-3, by 2012.

The competition ended on October 2, 2012 when the NIST announced that

Keccakwould be the new SHA-3 hash algorithm.

RSAalgorithm was published in

algorithmsare designed around

Unlike block and stream ciphers that are invertible, cryptographic hash functions produce a hashed output that cannot be used to retrieve the original input data.

Cryptographic hash functions are used to verify the authenticity of data retrieved from an untrusted source or to add a layer of security.

Modern cryptography

Advent of modern cryptography

Cryptography

The modern field of cryptography can be divided into several areas of study.

The chief ones are discussed here; see

Topics in Cryptographyfor more.

cryptographyand

quantum cryptographyand

Public-key cryptography

Symmetric-key cryptography

Cryptography

diagram of Public-key cryptography showing public key and private key

Public-key cryptography, where different keys are used for encryption and decryption.

Symmetric-key cryptography, where a single key is used for encryption and decryption

Symmetric-key cryptosystems use the same key for encryption and decryption of a message, although a message or group of messages can have a different key than others.

A significant disadvantage of symmetric ciphers is the

key managementnecessary to use them securely.

digital rights managementand

espionageand

Each distinct pair of communicating parties must, ideally, share a different key, and perhaps for each ciphertext exchanged as well.

The number of keys required increases as the

squareof the number of network members, which very quickly requires complex key management schemes to keep them all consistent and secret.

headshots of Whitfield Diffie and Martin Hellman

Optional