Cryptography is fundamental to many information security and privacy mechanisms. Today, a variety of cryptographic algorithms are used in many different applications.
This article explains cryptography: how it works, key principles or operations of cryptography, types of cryptography, use cases and more!
What is cryptography?
Cryptography can refer to any approach that hides real information, using codes, to prevent reading by unauthorized parties. Cryptography can protect:
- Information at rest, such as data on hard drives
- Electronic communication between multiple parties
- Information in use
Cryptography increasing relies on mathematical concepts — a set of encryption algorithms and hashing algorithms — to transform information in a way that is difficult to interpret or “crack”.
For example, suppose communication between two parties is secured using cryptographic principles. The sender’s message is typically known as the “Plaintext.” It is transformed into an unreadable format called Ciphertext using the encryption key. When the receiver gets the messages, the Ciphertext is transformed into plaintext using the decryption key.
Key principles of cryptography
Let’s now turn to the principles that underpin cryptography.
Confidentiality agreements have rules and guidelines to keep the information secure and private. Confidentiality must be protected using techniques like encryption. It ensures that only authorized people can access the information at certain places — and it restricts access to other unauthorized parties.
(Confidentiality is one component of the CIA security triad.)
The process of confirming that the person who sent a specific message is the sender of that message. This principle ensures the receiver receives the message from a sender who is permitted to do so. Two common authentication mechanisms are:
- Access tokens
- Auth signatures
Encryption is the process of transforming information into an unreadable format using an encryption algorithm to protect the privacy of the information. Only the receiver can read them using the decryption key.
(Read our end-to-end encryption explainer.)
The data should be consistent and accurate without any alterations while in transit from the sender to the receiver. Data integrity ensures that no manipulation has been done to the data during its lifecycle using techniques like cryptographic hashing.
The non-repudiation principle ensures that the message sender cannot repudiate the authenticity of his signature using techniques like digital signatures.
Key management is the process of maintaining cryptographic keys. It includes tasks like key distribution, generation, rotation, etc. Key management is vital to ensuring the maximum security of a cryptography system as its security heavily relies on cryptographic keys.
The three major cryptography types
There are three major types of cryptography. Let’s get to know them in this section.
Symmetric-key cryptography involves encrypting and decrypting using the same cryptographic keys. Here, the sender and all receivers share a common secret key. The plaintext messages are transformed into cipher text using a particular encryption key. The receiver can use the same encryption key to decrypt the message using the shared secret key.
Examples of symmetric-key encryption algorithms include:
- Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
- Triple Data Encryption Standard (Triple DES)
- International Data Encryption Algorithm (IDEA)
- TLS/SSL protocol
The major drawback of this symmetric-key encryption is sharing the secret key. The shared secret must be encrypted to prevent unauthorized access. It can be an additional overhead for cryptographic applications.
This type of cryptography, known as "public-key cryptography," uses different cryptographic keys for the encryption and decryption processes. The sender and the receiver have a private key and a public key:
- The public key is shared with all the parties that must communicate with the sender.
- The private key is kept secret from each party.
Though there is a mathematical connection between these private key and public key pairs, the public key cannot generate the private key.
Public key cryptography is commonly used in digital signatures for message authentication. Senders use their private keys to digitally sign their messages to prove their authenticity. Thus, the receiver knows exactly that the sender is a trusted third party.
Of the variety of asymmetric (or public key) cryptography algorithms, here are some examples:
- Elliptical Curve Cryptography (ECC)
- Rivest Shamir Adleman (RSA)
- The Diffie-Hellman exchange method
- TLS/SSL protocol
Hash functions compute a fixed-length hash value or a “fingerprint” on the plain text message. These hashes are unique to each plaintext. Therefore, this type of cryptography does not use a cryptographic key. Hash functions help ensure data integrity between communicating parties. If the hash produces the same output, it indicates that the information has not been altered, compromised or damaged.
Hash functions are used in many cryptographic algorithms and protocols, including MAC algorithms, digital signature algorithms, and authentication protocols. Some of the most common hashing algorithms include:
- Blake 2
- Blake 3
In addition to the three major cryptography types, hybrid encryption is another type used to secure data and communications.
Hybrid encryption combines public-key cryptography with symmetric encryption for data encryption. This cryptographic type generates a private key and encrypts it using the public key. Then the complete message with the encrypted private key will be encrypted with the original symmetric key. The encoded message can be decrypted only if the recipient knows the original private key.
Hybrid encryption performs randomization for the encryption so that no two messages will have the same ciphertext. It makes the encryption more secure.
Applications & uses cases of cryptography
With the concepts explained, let’s turn to the most common use cases of cryptography — what are people actually using cryptography for?
Computer password security
Storing passwords like database passwords in plain text is risky — anyone who can access the password storage can read them. Instead, such passwords are encrypted or hashed using a hashing algorithm as a security best practice. Whenever the system refers to it, it will be hashed and compared to the hashed value.
Cryptocurrencies like Bitcoin and Ethereum use cryptographic algorithms such as elliptic-curve cryptography, hash functions and many more to maintain the security and privacy of transactions. Blockchain nodes are secured with cryptography to let users securely trade with other users.
(What’s the state of blockchain today?)
Digital signatures are one of the applications of public key cryptography that provide authenticity and data integrity. The sender generates a unique signature using the private key and attaches it to the document, which needs to be verified using the public key.
Secure data and backup storage
Organizations generate significant volumes of data (upwards of 2.5 quintillion bites per day). Storing that can be a risk. Encrypting data in storage makes it more secure and prevents data leakage. Most cloud solutions nowadays provide encryption options along with storage options, including backup drives.
Additionally, automatic encryption can be enabled when data is in transit to the storage and while at rest.
Cryptography has enabled secure communications over the internet by encrypting communication protocols. For example, using HTTPS in the URL indicates connecting to a secure website that encrypts the data. It is particularly useful for payment gateways, where a secure communication channel needs to be created to avoid the leakage of sensitive information.
Another example is the SSH protocol that most people use for tunneling and remote login.
Most organizations use file encryption to protect email communications, including sensitive conversations and attachments. For example, S/MIME encryption and Microsoft 365 message encryption are used to secure Microsoft 365 email messages. Additionally, PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extensions) is another popular type of email encryption supported by Yahoo, AOL and Android devices.
Key cryptographic algorithms
We’ve already named these in this article, so let’s take a brief look at how some common cryptographic algorithms work.
The Advanced Encryption Standard (AES) is a symmetric encryption algorithm used by many governments worldwide. It was established by the National Institute of Standards and Technology (NIST) in the U.S.
The key sizes of the AES block cipher can be 128, 192, and 256 bits, and encryption happens in blocks of 128 bits each. Considered a strong cryptographic algorithm, more secure than DES and Triple DES, AES is unbreakable by many attacks.
The RSA (Rivest-Shamir-Adleman) algorithm is an asymmetric encryption algorithm invented by Ron Rivest, Adi Shamir and Leonard Adleman in 1978. It is used to encrypt data and communications over the internet and for email encryption.
However, there are still several exploitable vulnerabilities in the RSA. For example, researchers were able to crack a key 768-bit RSA algorithm. It is recommended to use 2048 bits as the key length.
The Triple Data Encryption Standard (DES) provides more security than the standard DES algorithm by using three passes of the DES rather than one. The security of standard DES was found to be less secure than AES. It uses 56-bit length keys.
Elliptical Curve Cryptography (ECC)
ECC is a public-key encryption technique that uses the algebraic architecture of elliptic curves with finite fields and uses encryption, signatures, and key exchange. ECC is used in applications like online banking, email encryption, and secure payments.
(Check out our elliptcal curve cryptography explainer.)
The future of cryptography
Cryptography is the heart of security and privacy mechanisms worldwide. It transforms plain-text data into ciphertext in an unreadable format using encryption algorithms. As technology advances, we’ll see growth in more kinds of cryptography. For example, homomorphic encryption is a fledging technology. And then — consider what quantum computing might mean for encryption.
What is Splunk?
This posting does not necessarily represent Splunk's position, strategies or opinion.