Introduction to Cryptography: Defining Key Vocabulary
What is cryptography?
Cryptography is the technology of using mathematics and computation to encrypt and decrypt the data, using different algorithms. It allows the storing and transferring the data safely across the network. With cryptography, only concerned people or legitimate parties can access and decrypt the data, thus maintaining confidentiality of the data being transmitted and received.
Since cryptography involves encryption and decryption, let’s see what they are.
- Encryption: The process of converting plaintext into ciphertext is called encryption. This is done to ensure that the encrypted data cannot be read by anyone while it is being transmitted over the network. Only concerned people can decrypt and read the data.
- Decryption: Decryption is the process of converting ciphertext to plaintext. For decryption, the receiver must have the key for decrypting the encrypted data. The key can be a private key or symmetric key, depending upon what cryptographic algorithm is being used.
The foremost important reason to use cryptography is to maintain confidentiality, accuracy and integrity of data. Thus, cryptography keeps information private and only intended users can decrypt and read the data.
Cryptography makes eavesdropping attacks impossible over the network and it ensures information and data security. Cryptography also ensures data is safely stored and even if it is accessed by third person, they cannot read the data in plaintext.
Private and public keys in cryptography
A key is a bit valued string which is used to convert the plaintext into ciphertext and vice-versa. A key can be a word, number or phrase. The key is kept private and secure to ensure no other person can access the key, and it is a fundamental part of cryptography.
Cryptography makes use of public and private keys. A public key is issued publicly by the organization and it is used by the end user to encrypt the data. The encrypted data, once received by the organization, is decrypted by using a private key and the data is converted to plaintext.
It’s the onus of the organization to store the private key at a safe location. Proper authorization needs to be maintained to ensure only authorized people have access to private keys.
Symmetric and asymmetric encryption
Cryptography uses symmetric and asymmetric encryption for encryption and decryption of data.
- Symmetric encryption: In symmetric encryption, the sender and recipient of the data use the same key to encrypt and decrypt the data. This type of encryption is called symmetric encryption. The sender and receiver must exchange the key with each other over a secure channel to maintain confidentiality.
The following encryption algorithms make use of symmetric encryption: 3DES, AES, DES and RC4.
- Asymmetric encryption: In asymmetric encryption, the sender and the receiver of the data should use different keys for encrypting and decrypting the data. This type of encryption is called asymmetric encryption. One of the keys is distributed publicly for encrypting and the other is kept securely for decryption.
The following encryption algorithms make use of asymmetric encryption: ECC (Elliptic Curve Cryptography), DSA (Digital Signature Algorithm), RSA (Rivest-Shamir-Adleman), El Gamal and Diffie-Hellman.
A hash function takes an arbitrary amount of data as an input and produces a hash of a fixed size. This hash is called a hash value. The hash value is stored and can be later used to verify the user. The credentials of the user are hashed and compared to the one stored in the database. If both match, then the user is authorized; if not, access is denied.
Hash functions are one-way functions and cannot be reversed. Thus, they cannot be decrypted.
A digital signature is a mathematical technique for authentication and verification of software, messages, documents and more. It also provides data integrity and non-repudiation — that is, it prevents the sender from claiming that he or she did not actually send the information.
This technique ties a person to digital data, which can be verified by the receiver or by any third party independently. The digital signature is calculated by the data and a secret key known to the signer only.
A cryptanalyst is the one who analyzes and decrypts the encrypted data, even without knowledge of the decryption key. The analysis of cryptosystem, ciphertext and ciphers is called cryptanalysis. Cryptanalysts decode and decipher messages for political, law enforcement and military agencies.
Cryptography technology provides us with secure transmission of data between sender and receiver, thus maintaining the confidentiality, authenticity, integrity of the data. Cryptography is an integral part of the digital world and its use and application cannot be ignored.