Cryptography is an art as well as a science that involves the process of transforming plain text into scrambled text and vice versa. The purpose of cryptography is to conceal confidential information from unauthorized entities and ensure immediate detection of any alteration made to the concealed information. Concealing the original information that is in human or machine-readable format is achieved by a method called encryption.
A plain text in the cryptographic context is information that is in a human or machine-readable format that needs protection. For example, the password that you are typing is in plain text. Similarly, documents such as business agreements, MOU, and so on are in plain text.
Scrambled text in the cryptographic context is called a cipher text. A cipher text is the scrambled version of the plain text. Cipher text is not in a human or machine-readable format.
The functions of cryptography are to keep the plain text secret by way of scrambling and detecting unauthorized changes to such information. These functions are for the purposes of confidentiality and integrity.
The process of converting plain text into scrambled (cipher) text is called encryption. The process of encryption is also called enciphering. Hence, cipher text can be called encrypted text.
The process of converting scrambled (cipher) text into plain text is called decryption. The process of decryption is also called deciphering. The output of decryption is plain text or decrypted text.
Encryption as well as decryption is based on algorithms. An algorithm, in cryptography, is a series of well-defined steps that provide the procedure for encryption/decryption. For example, if we use a scrambling method that substitutes the alphabets with the next alphabet, then we're using a type of substitution algorithm. In this type of algorithm A=B, B=C....Z=A. Hence, in this algorithm, a word such as WELCOME
will be represented as XFMDPNF
. As you can see, this example uses only one step, but complex algorithms use multiple steps with different mathematical formulae.
A cryptographic key is also called a Crypto variable, and it is used on the operation for encryption and decryption of a text. This is analogous to the keys that we use in household padlocks. If you observe the physical key, you can find varying slots. These are called tumblers or levers. By adjusting the levers, different types of key combinations are obtained. Similarly, in cryptography, we use an electronic key (cryptographic key) to lock or unlock a plain text, document, or any electronic data.
A cryptographic method is a way of doing encryption and decryption in a systematic way. The following diagram illustrates a cryptographic method:
In the preceding process, message (M) from the sender is encrypted and results in the cipher text (C). A cryptographic key (K) is used in the encryption process. When cipher text is decrypted, it results in the original message. The same key (K) that was used for encrypting is required for decrypting (D) the cipher text. This process is represented as EK(M)=C
and DK (C)=M
, where E
is encryption, K
is for key, M
is for message, C
is for a cipher text, and D
is for decryption.
Cryptography is based on algorithms and the keys that operate on them. Types of encryption or decryption are based on the combination of these two factors (algorithms and keys). There are two types of encryption predominantly used in government agencies as well as corporations. Either there is a single key or there are two keys:
In symmetric key encryption, only one key is used. The name symmetric implies that the key used for encryption as well as for decryption is the same. This type of encryption is also called Secret Key Cryptography (SKC).
Based on the algorithm used, this symmetric key encryption can be categorized into two types:
WELCOME
, then each of the alphabets in the word will be encrypted using the algorithm. The Caesar shift3 algorithm is a stream cipher.The following are some of the examples of algorithms that are commonly used in the industry.
The examples of stream cipher is given here:
The examples of block cipher are given here:
The following are the different operational modes of block ciphers:
In this type, there are two keys. The name asymmetric implies that the keys are not the same. This type of encryption is also called Public Key Cryptography (PKC):
The two keys that are used in this type are called the private key and the public key. They are used in combination to encrypt and decrypt the message or text.
The following are important concepts in public key cryptography:
Digital signature is a type of public key cryptography where the message is digitally signed using the sender's private key. Digitally signing means encrypting the hash value. This can be verified using sender's public key. This is to verify the authenticity of the sender. For example, Bob will digitally sign the message that he is sending to Alice using his private key. Alice can verify the authenticity using Bob's public key.
One of the most important applications of public key cryptography is to ensure non-repudiation. Non-repudiation is a method by which the sender of the message can deny their actions.
The following are examples of algorithms that are commonly used in the industry:
Hashing or hash functions are a type of encryption where a key is not used. Instead, a hash value is computed based on the contents of the message. The computed value is called a checksum. The purpose of hashing is to provide integrity checking to the plain or encrypted text.
The following are some of examples of algorithms that are commonly used in the industry:
In cryptography, the length of keys is not the only factor that indicates its strength or security. While short key means less secure, the same is not true for the reverse; that is, longer keys do not automatically translate into stronger security. The security of an encryption lies in the quality of the encryption algorithm and the entropy of the key.
The entropy of a key in cryptography means the uncertain portions of key combinations. In other words, entropy is related to the randomness of the key combinations. Hence, a 128-bit key may not have 128-bits of entropy. The more the entropy, the stronger the key and it requires more time and computing power to try the combinations.
The following table summarizes the cryptographic algorithms, their key lengths, and other important details pertaining to the encryption types:
Encryption type |
Algorithm |
Key length |
Application(s) |
Symmetric key encryption |
RC4 |
40 to 256 bits |
Secure Sockets Layer (SSL) Wireless Encryption Privacy (WEP) |
Data Encryption Standard (DES) |
Uses up to 56-bit keys and operates on 64 bit blocks |
Secure Electronic Transaction (SET) Secure Sockets Layer (SSL) Transport Layer Security (TLS) | |
Triple-DES (3DES) |
Three 56-bit keys |
Secure Electronic Transaction (SET) Secure Sockets Layer (SSL) Transport Layer Security (TLS) | |
Advanced Encryption Standard (AES) |
128, 192 or 256 bit keys |
Secure Electronic Transaction (SET) Secure Sockets Layer (SSL) Transport Layer Security (TLS) | |
Blowfish |
32 to 448 bits that work on 64 bit blocks |
Communication links Embedded file encryption | |
Twofish |
128, 192 or 256-bit keys on 128-bit blocks |
Communication links Embedded file encryption | |
International Data Encryption Algorithm (IDEA |
128-bit keys on 64-bit blocks |
Pretty Good Privacy (PGP) | |
Asymmetric key encryption |
Rivest, Shamir, Adleman (RSA) |
Variable key length |
Communication links Embedded file encryption |
Diffie-Hellman |
Variable key length |
Communication links Embedded file encryption | |
ElGamel |
Variable key length |
Secure Sockets layer (SSL) | |
Elliptic Curve Cryptography (ECC) |
Variable key length |
Public Key Cryptography Smart cards | |
Digital signature Algorithm (DSA) |
Variable key length |
Digital Signatures | |
Hashing |
Message Digest Algorithm (MD) |
Key not used. 128-bit hash value |
For checking integrity of files such as MD5 hash SSL, TLS, IPSec |
Secure hash Algorithm (SHA) |
Key not used. 224, 256, 384 or 512 bit hash value |
SSL, TLS, IPSec |