Cryptography
Key Takeaways & Definition
- β Definition: Cryptography is derived from the Greek words kryptos (hidden) and graphein (to write). It is the practice and study of techniques for secure communication in the presence of adversarial behavior.
- β Core Concept: It transforms readable data (Plaintext) into unreadable gibberish (Ciphertext) so that only authorized parties can read it.
- β Key Objective: To ensure the Confidentiality, Integrity, and Authenticity of information.
1. Definition of Cryptography
Cryptography is the science of protecting information by transforming it into a secure format. In the digital age, it is the mathematical foundation of cybersecurity. Without it, your credit card number would travel across the internet in plain text for anyone to steal.
Etymology:
- β Kryptos (Greek) = Hidden, secret
- β Graphein (Greek) = To write
- β Cryptography = The art of secret writing
Historical Evolution:
- β Ancient Times: Caesar Cipher (shift letters by 3)
- β World War II: Enigma machine (complex mechanical encryption)
- β 1970s: Birth of modern public-key cryptography (RSA)
- β 2000s: AES becomes global standard
- β 2020s: Post-quantum cryptography research (preparing for quantum computers)
Why It Matters:
- β Every HTTPS website uses cryptography to secure data
- β Banking transactions rely on encryption
- β Messaging apps (WhatsApp, Signal) use end-to-end encryption
- β Cryptocurrencies (Bitcoin, Ethereum) are built on cryptographic principles
- β Military and government communications require top-secret encryption
Plaintext β [Encryption with Key] β Ciphertext β [Decryption with Key] β Plaintext
2. Objectives of Cryptography
Modern cryptography is not just about secrecy; it has four main goals:
Confidentiality π
Ensuring that only authorized parties can understand the data (Encryption).
How it works:
- β Data is encrypted before transmission
- β Only those with the correct key can decrypt
- β Prevents eavesdropping and interception
Example: When you send your credit card number to Amazon, HTTPS encrypts it so hackers monitoring the network see only gibberish.
Integrity β
Ensuring that the data has not been altered during transit (Hashing).
How it works:
- β A hash (digital fingerprint) is generated from the original data
- β Receiver generates a hash from received data
- β If hashes match, data is unchanged
Example: When you download software, the website provides a SHA-256 hash. After downloading, you hash the fileβif it matches, the file wasn't tampered with.
Authentication π
Verifying the identity of the sender (Digital Signatures).
How it works:
- β Sender signs message with their private key
- β Receiver verifies signature with sender's public key
- β Proves the message came from claimed sender
Example: When your bank sends an email, a digital signature proves it's actually from the bank, not a phishing scammer.
Non-repudiation Γ°ΕΈβΒ
Preventing the sender from denying that they sent the message (Digital Signatures).
How it works:
- β Digital signature creates undeniable proof of authorship
- β Like a legal signature on a contract
- β Sender cannot later claim "I didn't send that"
Example: You digitally sign a contract to buy a house. Later, you cannot deny signing it because the cryptographic signature is mathematically tied to your private key.
3. Types of Cryptography
There are three primary ways to encrypt data.
Symmetric Key Cryptography Γ°ΕΈβΒ
Mechanism:
Uses a single shared key for both encryption and decryption.
How It Works:
- β Alice and Bob agree on a secret key (in person or via secure channel)
- β Alice encrypts message with the key
- β Alice sends encrypted message to Bob
- β Bob decrypts message using the same key
Pros:
- β Extremely fast (minimal computation)
- β Efficient for large data volumes
- β Perfect for encrypting hard drives, databases
Cons:
- β Key Distribution Problem: How do you safely send the key to the receiver? If intercepted, security is broken.
- β Key Management: Need different keys for each pair of users (N users = NΓ(N-1)/2 keys)
Analogy:
A house key. You give a copy to your friend; both of you can lock and unlock the door. But if someone steals the key, they can access everything.
Real-World Use:
- β Encrypting your laptop's hard drive (BitLocker, FileVault)
- β Securing Wi-Fi connections (WPA2/WPA3)
- β Encrypting database files
- β VPN tunnels (after key exchange)
Asymmetric Key Cryptography ππ
Mechanism:
Uses a pair of keys: a Public Key (for encryption) and a Private Key (for decryption).
How It Works:
- β Bob generates a key pair: Public Key (shares with everyone) + Private Key (keeps secret)
- β Alice encrypts message using Bob's Public Key
- β Alice sends encrypted message to Bob
- β Bob decrypts message using his Private Key (only he has this)
Key Principle:
Public Key locks (encrypts), Private Key unlocks (decrypts).
Anyone can encrypt a message to Bob, but only Bob can decrypt it.
Pros:
- β Solves key distribution problem (can share public key openly)
- β Enables digital signatures
- β Foundation of internet security (SSL/TLS)
Cons:
- β Much slower (100-1000x slower than symmetric)
- β Mathematically complex (large prime numbers, elliptic curves)
- β Not practical for large files
Analogy:
A mailbox. Anyone can drop a letter in (Public Key), but only the postman with the specific key can open it (Private Key).
Real-World Use:
- β HTTPS/SSL certificates
- β Email encryption (PGP, S/MIME)
- β Digital signatures
- β Cryptocurrency wallets
- β SSH authentication
Hash Functions #οΈβ£
Mechanism:
A mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash). It is a one-way function.
Characteristics:
- β Deterministic: Same input always produces same hash
- β Fixed size: Output always same length (e.g., SHA-256 = 256 bits)
- β One-way: Cannot reverse hash to get original data
- β Avalanche effect: Tiny input change = completely different hash
Goal:
To verify Integrity. If even one bit of the file changes, the hash changes completely.
Example:
Input: "Hello"
SHA-256: 185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969
Input: "hello" (lowercase 'h')
SHA-256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
Completely different hashes!
Analogy:
A fingerprint. You can identify a person by their fingerprint, but you cannot recreate the person from just the fingerprint.
Real-World Use:
- β Password storage: Websites store hashes, not actual passwords
- β File integrity: Verify downloads weren't corrupted/tampered
- β Digital signatures: Hash the document, then sign the hash
- β Blockchain: Each block contains hash of previous block
- β Git version control: Each commit has a unique hash
4. Cryptographic Algorithms
These are the specific formulas used to encrypt data.
AES (Advanced Encryption Standard) Γ°ΕΈβ
- β Type: Symmetric
- β Key Size: 128, 192, or 256 bits
- β Status: The global standard. Used by governments and banks.
Why It's Strong:
- β Adopted by US government in 2001
- β AES-256 would take billions of years to brute force with current technology
- β Resistant to all known attacks (as of 2026)
Real-World Use:
- β Military: Classified documents
- β Banks: Securing financial transactions
- β Tech giants: Apple FileVault, Android encryption
- β VPNs: Tunnel encryption
Fun Fact: Even with a supercomputer trying 1 trillion keys per second, cracking AES-256 would take longer than the age of the universe.
DES (Data Encryption Standard) β οΈ
- β Type: Symmetric
- β Key Size: 56 bits
- β Status: Obsolete and insecure
History:
- β Developed by IBM in 1970s
- β Adopted as US federal standard in 1977
- β Cracked in 1999 (56 hours using distributed computing)
- β Officially deprecated in 2005
Why It Failed:
- β 56-bit key too short (can try all 256 = 72 quadrillion keys)
- β Modern hardware can crack it in minutes
Lesson: As computing power increases, key sizes must increase. What was secure in 1977 is trivial to crack today.
RSA (Rivest-Shamir-Adleman) Γ°ΕΈβΒ
- β Type: Asymmetric
- β Key Size: Typically 2048 or 4096 bits
- β Status: The standard for secure data transmission over the internet (SSL/TLS)
How It Works:
- β Based on mathematical difficulty of factoring large prime numbers
- β Easy to multiply two large primes: 61 Γ 53 = 3233
- β Extremely hard to factor: "What two primes multiply to 3233?" (when using 617-digit numbers)
Real-World Use:
- β HTTPS: Secure websites (padlock icon)
- β Email encryption: PGP/GPG
- β Digital signatures: Code signing certificates
- β SSH keys: Secure remote server access
Vulnerability:
- β Quantum computers (when they become practical) could break RSA by efficiently factoring large numbers
- β Post-quantum cryptography research is ongoing
SHA (Secure Hash Algorithm) #οΈβ£
- β Type: Hashing
- β Variants: SHA-1 (deprecated), SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512), SHA-3
- β Status: SHA-256 widely used; SHA-1 considered broken
SHA-256 Details:
- β Produces 256-bit (64 hexadecimal characters) hash
- β Used in Bitcoin mining
- β Collision probability: 1 in 2256 (astronomically small)
Real-World Use:
- β Blockchain: Bitcoin, Ethereum
- β Digital certificates: SSL/TLS
- β Password hashing: With salt and iteration (bcrypt, PBKDF2)
- β File verification: ISO downloads, software updates
SHA-1 Deprecation:
- β 2017: Google demonstrated practical collision attack
- β No longer acceptable for security purposes
- β Migrated to SHA-256/SHA-3
β οΈ Symmetric vs. Asymmetric (Exam Focus)
| Feature | Symmetric Cryptography | Asymmetric Cryptography |
|---|---|---|
| Keys Used | One (Shared Secret) | Two (Public & Private) |
| Speed | Fast (Less computation) | Slow (Complex math) |
| Key Distribution | Difficult (must share secretly) | Easy (public key can be shared openly) |
| Usage | Bulk data encryption (Hard Drives) | Key exchange & Digital Signatures |
| Key Size | Shorter (128-256 bits) | Longer (2048-4096 bits) |
| Examples | AES, DES, 3DES, RC4 | RSA, ECC, Diffie-Hellman |
| Analogy | Single house key (shared) | Mailbox (public slot, private key) |
| Vulnerability | Key theft breaks everything | Private key theft breaks only that user |
Memory Trick:
SYMMETRIC = Same key, You Must Meet to Exchange it To stay securely Related, It's fast Cryptography
ASYMMETRIC = Anyone can send Securely, You keep private key Mathematically, Much slower, Enables digital signatures To Replace In-person key exchange
5. Cryptography in Cybersecurity
Cryptography is the backbone of all secure internet protocols.
HTTPS (SSL/TLS) Γ°ΕΈΕΒ
How it works:
- β Asymmetric encryption (RSA) used to exchange a session key
- β Symmetric encryption (AES) used to transfer website data
- β Best of both worlds: Security + Speed
Why both?
- β Asymmetric too slow for bulk data
- β Symmetric requires secure key exchange
- β Solution: Use asymmetric to exchange symmetric key
Visual indicator: π Padlock in browser address bar
VPN (Virtual Private Network) π‘οΈ
How it works:
- β Encrypts the "tunnel" between your device and VPN server
- β Prevents ISP, hackers, or government from seeing your traffic
- β Uses combination of asymmetric (key exchange) and symmetric (data tunnel)
Protocols:
- β OpenVPN (AES-256)
- β WireGuard (ChaCha20)
- β IPSec (AES)
Digital Certificates π
How it works:
- β Certificate Authority (CA) digitally signs website's public key
- β Your browser verifies the signature
- β Proves the website is who they claim to be
Components:
- β Website's public key
- β Domain name
- β Expiration date
- β CA's digital signature
Example: When you visit https://amazon.com, your browser checks that the certificate was signed by a trusted CA (like DigiCert, Let's Encrypt).
6. Applications of Cryptography
Digital Signatures Γ’ΕΒοΈ
Use case: Proving authenticity of documents, software, emails.
How it works:
- β Hash the document
- β Encrypt hash with private key (this is the signature)
- β Receiver decrypts signature with sender's public key
- β Receiver hashes the document
- β If hashes match, document is authentic and unaltered
Real examples:
- β Code signing (macOS, Windows)
- β PDF contract signing
- β Blockchain transactions
E-Commerce π³
Use case: Securing credit card transactions.
How it works:
- β Payment info encrypted with website's public key (HTTPS)
- β Only payment processor can decrypt
- β Prevents man-in-the-middle attacks
Statistics:
- β 100% of legitimate e-commerce uses HTTPS
- β Unencrypted payment forms are illegal in many countries (PCI DSS)
Blockchain/Cryptocurrency βΏ
Use case: Securing the ledger of transactions.
How it works:
- β Each transaction digitally signed
- β Blocks linked via cryptographic hashes
- β Proof-of-Work requires solving cryptographic puzzles
Key algorithms:
- β SHA-256 (Bitcoin mining)
- β Elliptic Curve Cryptography (wallet addresses)
Password Storage π
Use case: Storing passwords as Hashes, not plain text.
How it works:
- β User creates password:
MyP@ssw0rd - β System adds salt:
MyP@ssw0rd + random_salt_xyz - β System hashes:
bcrypt(MyP@ssw0rd + random_salt_xyz) = stored hash - β Login: Hash entered password + salt, compare to stored hash
Why this matters:
- β Database breach doesn't expose actual passwords
- β Attacker must crack each hash individually (salt prevents rainbow tables)
Conclusion
Cryptography is the invisible shield protecting our digital lives. From online banking to private messaging, from government secrets to cryptocurrency, modern society depends on mathematical algorithms to ensure confidentiality, integrity, authentication, and non-repudiation.
Remember:
- β Symmetric = Fast, one key, key distribution challenge
- β Asymmetric = Slow, two keys, solves key distribution
- β Hashing = One-way, integrity verification, password storage
- β AES = Industry standard symmetric encryption
- β RSA = Industry standard asymmetric encryption
- β SHA-256 = Industry standard hashing
The future: Post-quantum cryptography will protect us when quantum computers arrive!