Cryptography Tutorial

This tutorial covers the basics of the science of cryptography. It explains how programmers
and network professionals can use cryptography to maintain the privacy of computer data.
Starting with the origins of cryptography, it moves on to explain cryptosystems, various
traditional and modern ciphers, public key encryption, data integration, message
authentication, and digital signatures.

Audience
This tutorial is meant for students of computer science who aspire to learn the basics of
cryptography. It will be useful for networking professionals as well who would like to
incorporate various cryptographic algorithms to ensure secure data communication over
their networks.

Prerequisites
This tutorial has been prepared with the view to make it useful for almost anyone who is
curious about cryptography. A basic knowledge of computer science and a secondary level
of mathematics knowledge is sufficient to make the most of this tutorial.
Human being from ages had two inherent needs − (a) to communicate and share
information and (b) to communicate selectively. These two needs gave rise to the art of
coding the messages in such a way that only the intended people could have access to the
information. Unauthorized people could not extract any information, even if the scrambled
messages fell in their hand.
The art and science of concealing the messages to introduce secrecy in information security
is recognized as cryptography.
The word ‘cryptography’ was coined by combining two Greek words, ‘Krypto’ meaning
hidden and ‘graphene’ meaning writing.

History of Cryptography
The art of cryptography is considered to be born along with the art of writing. As civilizations
evolved, human beings got organized in tribes, groups, and kingdoms. This led to the
emergence of ideas such as power, battles, supremacy, and politics. These ideas further
fueled the natural need of people to communicate secretly with selective recipient which in
turn ensured the continuous evolution of cryptography as well.
The roots of cryptography are found in Roman and Egyptian civilizations.

Hieroglyph − The Oldest Cryptographic Technique

The first known evidence of cryptography can be traced to the use of ‘hieroglyph’. Some
4000 years ago, the Egyptians used to communicate by messages written in hieroglyph.
This code was the secret known only to the scribes who used to transmit messages on
behalf of the kings. One such hieroglyph is shown below.
Later, the scholars moved on to using simple mono-alphabetic substitution ciphers during
500 to 600 BC. This involved replacing alphabets of message with other alphabets with
some secret rule. This rule became a key to retrieve the message back from the garbled
message.
The earlier Roman method of cryptography, popularly known as the Caesar Shift
Cipher, relies on shifting the letters of a message by an agreed number (three was a
common choice), the recipient of this message would then shift the letters back by the same
number and obtain the original message.

Steganography

Steganography is similar but adds another dimension to Cryptography. In this method,

people not only want to protect the secrecy of an information by concealing it, but they also
want to make sure any unauthorized person gets no evidence that the information even
exists. For example, invisible watermarking.
In steganography, an unintended recipient or an intruder is unaware of the fact that
observed data contains hidden information. In cryptography, an intruder is normally aware
that data is being communicated, because they can see the coded/scrambled message.
Evolution of Cryptography
It is during and after the European Renaissance, various Italian and Papal states led the
rapid proliferation of cryptographic techniques. Various analysis and attack techniques
were researched in this era to break the secret codes.
• Improved coding techniques such as Vigenere Coding came into existence in the 15 th century,
which offered moving letters in the message with a number of variable places instead of moving
them the same number of places.
• Only after the 19th century, cryptography evolved from the ad hoc approaches to encryption to
the more sophisticated art and science of information security.
• In the early 20th century, the invention of mechanical and electromechanical machines, such as
the Enigma rotor machine, provided more advanced and efficient means of coding the
information.
• During the period of World War II, both cryptography and cryptanalysis became excessively
mathematical.
With the advances taking place in this field, government organizations, military units, and
some corporate houses started adopting the applications of cryptography. They used
cryptography to guard their secrets from others. Now, the arrival of computers and the
Internet has brought effective cryptography within the reach of common people.

Modern Cryptography
Modern cryptography is the cornerstone of computer and communications security. Its
foundation is based on various concepts of mathematics such as number theory,
computational-complexity theory, and probability theory.

Characteristics of Modern Cryptography

There are three major characteristics that separate modern cryptography from the classical
approach.
 Classic Cryptography Modern
Cryptography

It manipulates traditional characters, i.e., letters and digits directly. It operates on

binary bit
sequences.

It is mainly based on ‘security through obscurity’. The techniques employed for coding It relies on
were kept secret and only the parties involved in communication knew about them. publicly known
mathematical
algorithms for
coding the
information.
Secrecy is
obtained
through a
secrete key
which is used
as the seed for
the algorithms.
The
computational
difficulty of
algorithms,
absence of
secret key,
etc., make it
impossible for
an attacker to
obtain the
original
information
even if he
knows the
algorithm used
for coding.

It requires the entire cryptosystem for communicating confidentially. Modern

cryptography
requires
parties
interested in
secure
communication
to possess the
secret key
only.
Context of Cryptography
Cryptology, the study of cryptosystems, can be subdivided into two branches −

• Cryptography
• Cryptanalysis

What is Cryptography?

Cryptography is the art and science of making a cryptosystem that is capable of providing
information security.
Cryptography deals with the actual securing of digital data. It refers to the design of
mechanisms based on mathematical algorithms that provide fundamental information
security services. You can think of cryptography as the establishment of a large toolkit
containing different techniques in security applications.

What is Cryptanalysis?

The art and science of breaking the cipher text is known as cryptanalysis.
Cryptanalysis is the sister branch of cryptography and they both co-exist. The cryptographic
process results in the cipher text for transmission or storage. It involves the study of
cryptographic mechanism with the intention to break them. Cryptanalysis is also used
during the design of the new cryptographic techniques to test their security strengths.
Note − Cryptography concerns with the design of cryptosystems, while cryptanalysis
studies the breaking of cryptosystems.

Security Services of Cryptography

The primary objective of using cryptography is to provide the following four fundamental
information security services. Let us now see the possible goals intended to be fulfilled by
cryptography.

Confidentiality
Confidentiality is the fundamental security service provided by cryptography. It is a security
service that keeps the information from an unauthorized person. It is sometimes referred to
as privacy or secrecy.
Confidentiality can be achieved through numerous means starting from physical securing
to the use of mathematical algorithms for data encryption.

Data Integrity

It is security service that deals with identifying any alteration to the data. The data may get
modified by an unauthorized entity intentionally or accidently. Integrity service confirms that
whether data is intact or not since it was last created, transmitted, or stored by an authorized
user.
Data integrity cannot prevent the alteration of data, but provides a means for detecting
whether data has been manipulated in an unauthorized manner.

Authentication

Authentication provides the identification of the originator. It confirms to the receiver that
the data received has been sent only by an identified and verified sender.
Authentication service has two variants −
• Message authentication identifies the originator of the message without any regard router or
system that has sent the message.
• Entity authentication is assurance that data has been received from a specific entity, say a
particular website.
Apart from the originator, authentication may also provide assurance about other
parameters related to data such as the date and time of creation/transmission.

Non-repudiation

It is a security service that ensures that an entity cannot refuse the ownership of a previous
commitment or an action. It is an assurance that the original creator of the data cannot deny
the creation or transmission of the said data to a recipient or third party.
Non-repudiation is a property that is most desirable in situations where there are chances
of a dispute over the exchange of data. For example, once an order is placed electronically,
a purchaser cannot deny the purchase order, if non-repudiation service was enabled in this
transaction.

Cryptography Primitives
Cryptography primitives are nothing but the tools and techniques in Cryptography that can
be selectively used to provide a set of desired security services −

• Encryption
• Hash functions
• Message Authentication codes (MAC)
• Digital Signatures
The following table shows the primitives that can achieve a particular security service on
their own.

Note − Cryptographic primitives are intricately related and they are often combined to
achieve a set of desired security services from a cryptosystem.

Cryptosystems
A cryptosystem is an implementation of cryptographic techniques and their accompanying
infrastructure to provide information security services. A cryptosystem is also referred to as
a cipher system.
Let us discuss a simple model of a cryptosystem that provides confidentiality to the
information being transmitted. This basic model is depicted in the illustration below −

The illustration shows a sender who wants to transfer some sensitive data to a receiver in
such a way that any party intercepting or eavesdropping on the communication channel
cannot extract the data.
The objective of this simple cryptosystem is that at the end of the process, only the sender
and the receiver will know the plaintext.

Components of a Cryptosystem
The various components of a basic cryptosystem are as follows −
• Plaintext. It is the data to be protected during transmission.
• Encryption Algorithm. It is a mathematical process that produces a ciphertext for any given
plaintext and encryption key. It is a cryptographic algorithm that takes plaintext and an encryption
key as input and produces a ciphertext.
• Ciphertext. It is the scrambled version of the plaintext produced by the encryption algorithm
using a specific the encryption key. The ciphertext is not guarded. It flows on public channel. It
can be intercepted or compromised by anyone who has access to the communication channel.
• Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for any
given ciphertext and decryption key. It is a cryptographic algorithm that takes a ciphertext and a
decryption key as input, and outputs a plaintext. The decryption algorithm essentially reverses
the encryption algorithm and is thus closely related to it.
• Encryption Key. It is a value that is known to the sender. The sender inputs the encryption key
into the encryption algorithm along with the plaintext in order to compute the ciphertext.
• Decryption Key. It is a value that is known to the receiver. The decryption key is related to the
encryption key, but is not always identical to it. The receiver inputs the decryption key into the
decryption algorithm along with the ciphertext in order to compute the plaintext.
For a given cryptosystem, a collection of all possible decryption keys is called a key space.
An interceptor (an attacker) is an unauthorized entity who attempts to determine the
plaintext. He can see the ciphertext and may know the decryption algorithm. He, however,
must never know the decryption key.

Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which
encryption-decryption is carried out in the system −

• Symmetric Key Encryption

• Asymmetric Key Encryption
The main difference between these cryptosystems is the relationship between the
encryption and the decryption key. Logically, in any cryptosystem, both the keys are closely
associated. It is practically impossible to decrypt the ciphertext with the key that is unrelated
to the encryption key.

Symmetric Key Encryption

The encryption process where same keys are used for encrypting and decrypting the
information is known as Symmetric Key Encryption.
The study of symmetric cryptosystems is referred to as symmetric cryptography.
Symmetric cryptosystems are also sometimes referred to as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are − Digital Encryption
Standard (DES), Triple-DES (3DES), IDEA, and BLOWFISH.
Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its
relevance is very high and it is being used extensively in many cryptosystems. It is very
unlikely that this encryption will fade away, as it has certain advantages over asymmetric
key encryption.
The salient features of cryptosystem based on symmetric key encryption are −
• Persons using symmetric key encryption must share a common key prior to exchange of
information.
• Keys are recommended to be changed regularly to prevent any attack on the system.
• A robust mechanism needs to exist to exchange the key between the communicating parties. As
keys are required to be changed regularly, this mechanism becomes expensive and
cumbersome.
• In a group of n people, to enable two-party communication between any two persons, the number
of keys required for group is n × (n – 1)/2.
• Length of Key (number of bits) in this encryption is smaller and hence, process of encryption-
decryption is faster than asymmetric key encryption.
• Processing power of computer system required to run symmetric algorithm is less.

Challenge of Symmetric Key Cryptosystem

There are two restrictive challenges of employing symmetric key cryptography.

• Key establishment − Before any communication, both the sender and the receiver need to
agree on a secret symmetric key. It requires a secure key establishment mechanism in place.
• Trust Issue − Since the sender and the receiver use the same symmetric key, there is an implicit
requirement that the sender and the receiver ‘trust’ each other. For example, it may happen that
the receiver has lost the key to an attacker and the sender is not informed.
These two challenges are highly restraining for modern day communication. Today, people
need to exchange information with non-familiar and non-trusted parties. For example, a
communication between online seller and customer. These limitations of symmetric key
encryption gave rise to asymmetric key encryption schemes.

Asymmetric Key Encryption

The encryption process where different keys are used for encrypting and decrypting
the information is known as Asymmetric Key Encryption. Though the keys are different,
they are mathematically related and hence, retrieving the plaintext by decrypting ciphertext
is feasible. The process is depicted in the following illustration −

Asymmetric Key Encryption was invented in the 20 th century to come over the necessity of
pre-shared secret key between communicating persons. The salient features of this
encryption scheme are as follows −
• Every user in this system needs to have a pair of dissimilar keys, private key and public key.
These keys are mathematically related − when one key is used for encryption, the other can
decrypt the ciphertext back to the original plaintext.
• It requires to put the public key in public repository and the private key as a well-guarded secret.
Hence, this scheme of encryption is also called Public Key Encryption.
• Though public and private keys of the user are related, it is computationally not feasible to find
one from another. This is a strength of this scheme.
• When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository,
encrypts the data, and transmits.
• Host2 uses his private key to extract the plaintext.
• Length of Keys (number of bits) in this encryption is large and hence, the process of encryption-
decryption is slower than symmetric key encryption.
• Processing power of computer system required to run asymmetric algorithm is higher.
Symmetric cryptosystems are a natural concept. In contrast, public-key cryptosystems are
quite difficult to comprehend.
You may think, how can the encryption key and the decryption key are ‘related’, and yet it
is impossible to determine the decryption key from the encryption key? The answer lies in
the mathematical concepts. It is possible to design a cryptosystem whose keys have this
property. The concept of public-key cryptography is relatively new. There are fewer public-
key algorithms known than symmetric algorithms.

Challenge of Public Key Cryptosystem

Public-key cryptosystems have one significant challenge − the user needs to trust that the
public key that he is using in communications with a person really is the public key of that
person and has not been spoofed by a malicious third party.
This is usually accomplished through a Public Key Infrastructure (PKI) consisting a trusted
third party. The third party securely manages and attests to the authenticity of public keys.
When the third party is requested to provide the public key for any communicating person
X, they are trusted to provide the correct public key.
The third party satisfies itself about user identity by the process of attestation, notarization,
or some other process − that X is the one and only, or globally unique, X. The most common
method of making the verified public keys available is to embed them in a certificate which
is digitally signed by the trusted third party.

Relation between Encryption Schemes

A summary of basic key properties of two types of cryptosystems is given below −

Symmetric Cryptosystems Public Key Cryptosystems

Relation between Keys Same Different, but mathematically related

Encryption Key Symmetric Public

Decryption Key Symmetric Private

Due to the advantages and disadvantage of both the systems, symmetric key and public-
key cryptosystems are often used together in the practical information security systems.

Kerckhoff’s Principle for Cryptosystem

In the 19th century, a Dutch cryptographer A. Kerckhoff furnished the requirements of a good
cryptosystem. Kerckhoff stated that a cryptographic system should be secure even if
everything about the system, except the key, is public knowledge. The six design principles
defined by Kerckhoff for cryptosystem are −
• The cryptosystem should be unbreakable practically, if not mathematically.
• Falling of the cryptosystem in the hands of an intruder should not lead to any compromise of the
system, preventing any inconvenience to the user.
• The key should be easily communicable, memorable, and changeable.
• The ciphertext should be transmissible by telegraph, an unsecure channel.
• The encryption apparatus and documents should be portable and operable by a single person.
 • Finally, it is necessary that the system be easy to use, requiring neither mental strain nor the
knowledge of a long series of rules to observe.
The second rule is currently known as Kerckhoff principle. It is applied in virtually all the
contemporary encryption algorithms such as DES, AES, etc. These public algorithms are
considered to be thoroughly secure. The security of the encrypted message depends solely
on the security of the secret encryption key.
Keeping the algorithms secret may act as a significant barrier to cryptanalysis. However,
keeping the algorithms secret is possible only when they are used in a strictly limited circle.
In modern era, cryptography needs to cater to users who are connected to the Internet. In
such cases, using a secret algorithm is not feasible, hence Kerckhoff principles became
essential guidelines for designing algorithms in modern cryptography.