One of the most fascinating areas of information and network security, in my opinion, is the area of cryptography.  In truth, many aspects of cryptography still baffle me but it also the one area that really piques my interest.  I recall my first steps into the cryptographic realm and wondered how anyone was able to comprehend it all.  At the time, my mathematical foundation was weak so understanding the ideas presented to me were confusing.  Much of cryptography, from a mathematical perspective, has its roots in number theory which is the branch of pure mathematics concerned with the properties of numbers in general (integers in particular).  To be more precise, the sub-field of computational number theory which is the study of algorithms relevant in number theory, specifically fast algorithms for prime testing (3, 5, 7, etc.) and integer factorization, is where cryptography resides in the mathematical world.

So, what is cryptography and why should anyone care about it?  Cryptography is the art of transforming a message into an intermediate form that contains the same information as the original message but is hidden or secret to anyone who does not know how to reverse the transformation.  In layman’s terms, it is the science writing in secret code.  Before I supply an example let me use and clarify the proper terminology for this meaning.  A message exists in plain text which means anyone who understands the language the message was written in is able to understand it.  This is how all messages exist prior to the cryptographic process taking place.  The information is always used and understood in plain text form to one or more persons.  Once a message has undergone the cryptographic process of transforming it from a plain text message into a secret message, it is called a cipher text.  Let’s review this quickly.  A message existing in plain text undergoes a cryptographic process and becomes cipher text.

Now why should we care?  Cryptography has been used for thousands of years.  It has allowed people, most notably governments until the last few decades, to hide information they did not want others to see.  The Egyptians used cryptography, Julius Caesar used it, the Germans used it in the World Wars, and there’s a strong possibility that you use it today possibly without even knowing it.  Information you wish to keep private but need to exchange with someone else, such as your social security number, medical and dental records, financial information, business secrets, etc. usually must undergo a cryptographic process.  It is commonplace today to exchange this type of information across a computer network such as the Internet.  Unless otherwise stated, it is important to realize that these computer networks are insecure and the use of cryptography will help keep private data private.  As the technological age progresses the use of cryptography will greatly increase and understanding its principles is essential to using it properly.  The history of cryptography is an interesting one and I encourage anyone interested in this field to read more about it.  Wikipedia has an excellent article on the history of cryptography, History of Cryptography.

There are many mathematical algorithms that are used within the cryptographic field.  The discussion of these algorithms is not the focus of this article.  However, the three most common methods or schemes is.  The three most common schemes are: symmetric, asymmetric, and hash functions.

Symmetric encryption uses a single key to encrypt the plain text into cipher text.  A key is much like the key to a door lock.  It allows the person possessing the key to access what is inside.  The key may not necessarily be a physical object, such as a door key, but a method or rule set for unlocking the cipher text.  A classic example employing symmetric encryption where the key is a simple substitution using the letter three locations to the right of the current letter in the alphabet was made famous by Julius Caesar and is thus known as the Caesar cipher.  This example is illustrated below:

The sender of the information has created a plain text message and then encrypts it using a key and then is able to transmit the cipher text.  The receiver of the message is then able to decrypt the cipher text using the same key back into the original plain text.  The detriment to this method of encryption is that there is a single key that must be known by two or more persons in order for the cryptographic process to function.  The distribution of this key is often the weak or fail point in the process.

Symmetric cryptography is usually further broken down into stream ciphers and block ciphers.  We will discuss stream and block ciphers in another article but keep in mind that when stream cipher or block cipher is used in an article, book, magazine, etc. that it is usually implying symmetric encryption.  For completeness’ sake, the following algorithms are symmetric:  DES, 3DES, AES, CAST128, CAST256, Rivest Ciphers, Blowfish, IDEA, Twofish, etc.

The second most common cryptographic scheme is asymmetric.  Asymmetric cryptography or public key cryptography (PKC) uses two keys, one for encryption and the other for decryption.  PKC was the creation of Stanford professor Martin Hellman and graduate student Whitfield Diffie in 1976.  PKC allowed two parties to communicate securely through an insecure communication channel without having to share a secret key.  This eliminated the biggest issue concerning symmetric encryption.

Public key cryptography uses, in mathematical terms, one-way functions.  One-way functions are functions that are easy to compute but attempting to compute the function from its inverse is extremely difficult.  The mathematical details of how this is accomplished can be quite complex but oftentimes involves an algorithm with multiplication and its inverse factorization or exponentiation and its inverse logarithm.

Although there are two keys and they are loosely related mathematically, knowing one key will not compromise the other key.  The two keys are referred to as the public key and the private key.  A public key is freely released to anyone and is usually housed by a certificate authority (CA) which ensures the integrity of the public key to people wishing to use the key.  The private key is never shared.

If I wanted to send a message that I wanted to encrypt to someone I would use that person’s public key to encrypt the message and then send the encrypted message.  The person receiving the encrypted message from me would decrypt it with their private key as they are the only person capable of decrypting a message encrypted with their private key.

The reverse can also be used for message non-repudiation.  I could encrypt a message with my private key, thus proving that the message originated from me because I am the only one who has my private key, and transmit the encrypted message to someone else who is capable of decrypting the message using my public key.  This is the principle behind digital signatures.

A few common asymmetric algorithms in use: RSA, DSA, Diffie-Hellman, El Gamal, ECC, PKCS, etc.

The last common scheme of cryptography is hash functions, also called one-way functions or message digests.  Hash functions provide a digital fingerprint by computing a fixed-length value based on the plain text.  Should the data be tampered with or altered in some manner, the hash function will produce a different value than the original one, indicating data tampering.  Hash functions do not require a key to produce this result.  One of the most well known uses for hash functions involving the storing of passwords within an operating system.

Common hash functions include: Message Digest (2, 4, 5), SHA, Whirlpool, etc.

If you are interested in reading why there are three common schemes I suggest you read the following article, Why Three Encryption Techniques?

References:
1. http://en.wikipedia.org/wiki/Number_theory
2. http://en.wikipedia.org/wiki/History_of_cryptography
3. http://www.ciphersbyritter.com/LEARNING.HTM
4. http://www.garykessler.net/library/crypto.html
5. http://en.wikipedia.org/wiki/Public-key_cryptography