Introduction to Cryptography

Recently, I have come across some content related to certificates, which reminds me that my previous understanding of cryptography was also a collection of fragmented impressions, so I would like to take this opportunity to sort it out.

The origins of cryptography can be traced back to ancient civilizations, where it was used primarily for protecting messages and secrets. Its evolution over time has led to the sophisticated encryption techniques we use today in the digital age.

This article contains two topics:

1. Key Concepts in Cryptography: plaintext, ciphertext, encryption & decryption, keys, cryptographic algorithms
2. Types of Cryptography

a)  Symmetric Key Cryptography (same key for encryption and decryption).

b)  Asymmetric Key Cryptography (public and private key pair).

c)  Hash Functions (one-way functions for integrity checks).

d)  Hybrid Cryptosystems (combination of symmetric and asymmetric encryption).

e) Zero-Knowledge Proofs (ZKPs) (proving knowledge without revealing it).

f)   Homomorphic Encryption (performing computations on encrypted data).

Key Concepts in Cryptography

1. Plaintext and Ciphertext: plaintext are original data; ciphertext is the encrypted version of the plaintext, which can't be understood w/o the decryption key.
2. Encryption: the process of converting plaintext into ciphertext using a cryptographic algorithm and a key, makes data unreadable w/o decryption key.
3. Decryption: the reverse of encryption, makes ciphertext back to plaintext.
4. Keys: a key is info that used by cryptographic algorithms to transform plaintext into ciphertext and vice versa. The security of the cryptographic system depends heavily on the secrecy and management of the keys (with software or hardware).
5. Cryptographic algorithms: mathematical functions or set of rules used for encryption and decryption.

Types of Cryptography

1. Symmetric Key Cryptography

a)   Definition: use same key for both encryption and decryption.

b)   Characteristics:

i)   Efficient: faster than asymmetric ones because they use simpler mathematical operations

ii)   Key distribution problem: challenge is securely exchanging the secret key between the sender and the receiver, especially over internet.

c)   Use cases: disk encryption (entire disks or volumes), file encryption (sensitive files), network encryption (protecting communication channels, e.g., VPN or Wi-Fi).

2. Asymmetric Key Cryptography

a)  Definition: use two different keys - a public key and a private key; public key is widely distributed and used for encryption, private key is confidential and used for decryption.

b)  Characteristics:

i)   Key distribution: solves the key distribution problem by allowing the public key to be freely shared, while the private key remains secret.

ii)   Performance: generally slower than symmetric key cryptography due to the complex mathematical operations involved.

c)  Use cases: SSH authentication (automatic password less authentication), SSL / TLS for secure communication (HTTPS), email encryption, digital signatures (verify the authenticity of documents or messages), crypto currency and blockchain…

3. Hash Functions

a)  Definition: transform input data of arbitrary length into a fixed-size string of characters, can’t be reversed

b)  Characteristics:

i)  Fixed-length output: output a hash value has a fixed size

ii)  Deterministic: same input always produces the same hash output

iii) Collision resistance: good hash function ensures that it’s computationally difficult to find two different inputs produce the same hash value.

c)  Use cases: data integrity (file downloads), digital signatures (verify the authenticity of documents or messages), password storage (store hashed one to prevent plaintext password storage) …

4. Hybrid Cryptosystems:

a)   Definition: combine both symmetric and asymmetric cryptography to take advantage of the strengths of both. Asymmetric cryptography is used for securely exchanging a symmetric key, which is then used for the actual encryption of the data.

b)   Use cases: HTTPS (secure web browsing, where asymmetric encryption is used to establish a secure connection, symmetric encryption is used to protect the session data), email encryption (email contents with a symmetric key after exchanging the key using asymmetric cryptography)

5. Zero-Knowledge Proofs:

a)   Definition: allow one party (the prover) to prove to another party (the verifier) that they know a value (like a password or secret) without revealing the value itself. ZKPs are often used for privacy-preserving applications.

b)  Use cases:

i)   blockchain privacy to protect transaction details in cryptocurrency

ii)   authentication systems to prove knowledge of a password without actually revealing it.

6. Homomorphic Encryption

a)   Definition: a form of encryption that allows computations to be performed on encrypted data without first decrypting it. The result of the computation remains encrypted and can only be decrypted with the proper key.

b)   Use cases:

i)   cloud computing: performing computations on data stored in the cloud without revealing the raw data.

ii)   privacy-preserving machine learning: running ML models on encrypted datasets.

Conclusion

Cryptography is a critical part of modern digital life, providing essential tools to secure communications, protect privacy, ensure the integrity of data, and verify identities. Whether we're encrypting personal files, using online banking, or verifying the legitimacy of a digital signature, cryptography is the technology that keeps data safe and secure.