Cryptography – History ”; Previous Next Cryptography allows us to engage safely in the digital world by encrypting and transmitting “messages” to the appropriate recipient with the help of algorithms and keys. This encryption is used for digital signatures, data privacy, online transactions, and other purposes. It helps us to authenticate individuals and devices by maintaining digital trust. How Did This All Begin? The word cryptography is derived from the Greek words kryptos, meaning hidden, and graphien, meaning to write. This “hidden writing” has been evolving over thousands of years. What propels cryptography forward is the same thing that takes it down. The more adept individuals grow at reading encrypted messages, the more critical it is for cryptography to progress in response. So in this chapter we will divide the cryptography into different sections like − Early Cryptography 20th century cryptography Cryptanalysis The future of cryptography So let us see each section one by one in the below section − Early Cryptography Cryptography has been around for a really long time, even back in ancient civilizations like Ancient Egypt and the Byzantine Empire. People used simple methods like hiding messages in symbols or using some special codes to keep information safe. This was important for rulers, religious leaders, and military generals who needed to send some really secret messages. As time went on, especially during the Classical Era and the Middle Ages, cryptography became even more advanced. The Byzantine Empire used fancy techniques like homophonic ciphers, while scholars in the Islamic Golden Age came up with some really clever ways to analyze encrypted messages. In medieval Europe, encryption played a big role in diplomacy and politics. Rulers and powerful figures relied on secret codes to protect important information. They used tools like Scytale, a special cylinder-shaped device, to send messages securely. Throughout history, cryptography kept evolving. People like Johannes Trithemius wrote books that helped improve some really cool cryptographic methods. In the Middle Ages, cryptographers became skilled at breaking codes, which was important for gathering intelligence during times of conflict and political interest. Overall, cryptography has always been about keeping information safe, whether it was in ancient times or during the Middle Ages. It helped rulers and diplomats communicate secretly and securely in a world that was full of some uncertainty and danger. 20th century cryptography At the time of World War-Second cryptography has been played a crucial role for keeping data secure and gaining strategic benefits. And at the time of World War-First both sides used some tricky codes to hide their communications. For example, the British cracked a German code called ADFGVX cipher and intercepted important messages, like the Zimmerman telegrams, which helped the United States decide to join the war. The use of cryptographic techniques increased during World War-Second. The Germans used an encryption device called the Enigma, and the Allies, especially the British at Bletchley Park, made great efforts to decipher these clues Enigma encryption proved crucial to Allied victories of importance, and brought the war to a swift end. After World War-second, in the field of cryptography we have seen significant growth. Throughout the Cold War era, thinkers like Whitfield Diffie and Martin Hellman created innovative techniques like public-key cryptography to enable secure communications without requiring a shared private key. In today”s technologically advanced world, cryptography has gained even more significance, particularly on the Internet. It is playing an important role in securing our online transactions, securing private information, and upholding digital privacy standards. Cryptanalysis Cryptanalysis is the process of splitting codes and ciphers. Throughout history, cryptanalysis has played an important part in fighting and espionage. During World War II, the Allied troops were able to break the German Enigma machine, which played an important part in the fight. Today, cryptanalysis is mostly used for security testing and investigation. Historical Perspectives (3000 BCE−present) Cryptanalysis, the art of breaking code and deciphering encrypted messages, has a long and storied history dating back to ancient civilizations. Throughout history, crypto analysts have used various techniques to decipher hidden codes and uncover hidden messages. One of the earliest cases of cryptanalysis dates back to ancient Egypt, where scribes used frequency analysis to decipher hieroglyphic text In the middle ages, cryptanalysts played an important role in the processing of secret messages in diplomacy and military negotiations by definition. Notable figures in cryptanalysis included Al-Kindi during the Islamic Golden Age, codebreakers in Britain”s Bletchley Park during WWII, who was able to decrypt German Enigma machine messages These developments in cryptanalysis had a historical context a greatly influenced events and military outcomes. Techniques and Methods (3000 BCE−present) Cryptanalysis includes several methods and techniques for decrypting encrypted messages. A basic technique is frequency analysis, which involves analyzing the frequency of characters or symbols in encrypted messages to identify patterns and assess underlying clarity Some other techniques and brute force attacks, where all possible keys are systematically checked until exactly CipherText Pairs Enter is found CipherText Pairs Enter Cryptanalysts throughout history have developed and refined these techniques, often using improvements on mathematics, computing and cryptography are used to break increasingly complex codes and ciphers. Role in Modern Cryptography (1945−present) Cryptoanalysis continues to play an important role in modern cryptography by uncovering vulnerabilities in cryptographic systems and protocols. As cryptographic techniques evolve and become more sophisticated, cryptographers work tirelessly to identify vulnerabilities and develop attacks that exploit them This game of cat and mouse between cryptography and cryptanalysis innovates and informs cryptographic algorithms its protocols improve, Eventually leading to stronger and more secure systems In the post -during World War II, cryptanalysis helped develop encryption systems such as DES and RSA, and went on to shape modern cryptography standards and best practices development. The future of Cryptography Quantum Cryptography (2000−present) Quantum cryptography uses principles of quantum mechanics to make their communication theoretically impossible to achieve. The potential impact of quantum computers on cryptography lies in their ability to successfully solve some of the mathematical problems underlying many traditional cryptographic algorithms, such
Category: cryptography
Cryptosystems – Components
Cryptosystems – Components ”; Previous Next A cryptosystem consists of numerous parts that work together to encrypt and protect data. The following are the different parts of a simple cryptosystem − Plaintext Encryption Algorithm Ciphertext Key Symmetric Key Asymmetric Key Decryption Algorithm The collection of all possible decryption keys for a given cryptosystem is called the keyspace. An interceptor (attacker) is an unauthorized entity that tries to decipher plaintext. He has access to the ciphertext and might be familiar with the decryption formula. But he must never be aware of the decryption key. Process of Cryptosystem Components So we will discuss all these components one by one in the below sections − Plaintext The original message or data that needs to be kept private while being sent or stored is known as the plaintext. It can be any kind of information, including text, numbers, and multimedia files. The plaintext is readable to anyone with access to it prior to encryption, when it is in its original form. In other words, It is the data to be protected during transmission. Example: “HELLO, HOW ARE YOU?” This is the original message that needs to be encrypted. Encryption Algorithm It is a mathematical procedure that takes any given plaintext and encryption key and outputs a ciphertext. It is a cryptographic technique that generates ciphertext from plaintext and an encryption key as input. It works with blocks of data or character sets, according to the algorithm. The encryption algorithm guarantees the final ciphertext is secure and seems random to unauthorized parties. Data Encryption Standard (DES), Rivest-Shamir-Adleman (RSA), and Advanced Encryption Standard (AES) are examples of common encryption methods. Example: Caesar Cipher In this example, we will use an encryption algorithm called Caesar Cipher. It will shift each character in the given plaintext by a fixed number of positions down the alphabet. Encryption Algorithm − Shift each letter in the plaintext by 3 positions. So, “H” will become “K”, “E” will become “H”, and so on. So the Encrypted Message is: “KHOOR, KRZ DUH BRX?” Ciphertext It is the form of the plaintext that has been encoded by the encryption process with a particular encryption key. The ciphertext is not guarded. It flows on public channels. Anyone who has access to the communication channel has the ability to intercept or compromise the message. It looks as random, unreadable data and cannot be decoded without the proper decryption key. Ciphertext is sent or kept securely since it has no information about the underlying plaintext. Example: “KHOOR, KRZ DUH BRX?” This is the encrypted form of the given plaintext created by the Caesar Cipher algorithm. Key A key is a piece of data used by the encryption algorithm to control the encryption and decryption operation. Keys can be divided into two types: symmetric and asymmetric. Symmetric Key − Symmetric encryption uses the same key for encryption and decryption. The sender and receiver must have the same private key for encryption and decryption. Symmetric key algorithms are usually fast and efficient, but require a secure key exchange protocol. It”s just like having a key to lock and unlock a door. Asymmetric Key − Asymmetric encryption uses two keys: a public key and a private key. Encryption uses the public key, while decryption uses the private key. It is the same as having a padlock: anyone can lock (encrypt) a message using the public key, but only the owner with the matching key (private key) can decode it. Example: 3 (for Caesar Cipher algorithm) The key in our example is the number of positions each letter is shifted in the Caesar Cipher algorithm. In our case, the key is 3. Both the sender and receiver need to know the key (3) to encrypt and decrypt messages with the help of Caesar Cipher algorithm. Decryption Algorithm It is a mathematical procedure that creates a unique plaintext for any given ciphertext and decryption key. It is a cryptographic algorithm that take ciphertext and a decryption key as input and returns plaintext. The decryption algorithm is simply the inverse of the encryption method, and so is closely linked. It works with the decryption key which is equal to the encryption key used to encrypt the data. The decryption technique ensures that only authorized people having the correct key can recover the original plaintext. The decryption algorithm must be secure and efficient in reversing the process of encryption while maintaining data integrity. Example: Caesar Cipher (with a reverse shift). To recover the original plaintext from the Caesar Cipher, the decryption algorithm shifts each letter in the ciphertext by the reverse number of positions. Decryption algorithm: Shift each letter in the ciphertext 3 places in the reverse direction. So, “K” becomes “H”, “H” becomes “E”, and so on. Decrypted Message: “Hello, How Are You?” Summary Plaintext basic message is “Hello, How Are You?”. The Caesar Cipher encryption algorithm converts the plaintext into the ciphertext as “Khoor, Krz Duh Brx?” use the key (shift of 3) as help. So above ciphertext is the encrypted form of the given plaintext. For both encryption and decryption, utilise key (3). The decryption algorithm (reverse Caesar Cipher) decrypts the ciphertext back into the original plaintext “Hello, How Are You?” using the same key (3). Print Page Previous Next Advertisements ”;
Attacks On Cryptosystem
Cryptosystem – Attacks ”; Previous Next Cryptography is just like a secret code used to secure the information. Occasionally, some people try to break such codes in order to access private information. These attempts are what we refer to as attacks. Cryptosystems may suffer several forms of attacks which we are going to discuss here. In the current scenario, not only commerce but almost all aspects of human life are driven by information. so, Protecting sensitive information from attacks and other malicious activities has become important. Let”s think about it Information is often a type of attack. Usually, attacks are classified according to the action taken by the attacker. Attacks may of two forms: passive or active. Let us see what are these attacks − Passive Attacks Passive cryptography attacks try to gain unauthorized access to sensitive data or information by monitoring or recording on broad communication. In this case, the data and communication remain unaltered and untampered with. Everything that is accessible to the attacker is the data. These actions are passive, as they do not influence information or interfere with communication channels. Passive attacks are often considered information theft. The only difference between product theft and information theft is that data theft still leaves that data in the possession of the owner. Passive information attacks are thus more dangerous than merchandise theft, as information theft can occur without the owner”s knowledge. Active Attacks An active attack consists of performing a process on the information to alter it in some way. For example, Modifying the information in an unauthorized manner. Initiating unintended or unauthorized transmission of information. Modification of authentication data, including the identity of the originator or the information”s related timestamp. unauthorised data deletion.. Denying authorised users access to information (denial of service). Numerous tools and methods are available in cryptography to create cryptosystems that can defeat most of the attacks mentioned above. How Attackers Think Let”s look at the current environment for cryptosystems and the attacks used to break them. Environment around Cryptosystem Understanding the environment of the cryptosystem is important when thinking about potential attacks. The attacker”s capabilities are determined by attacker”s assumptions and environmental information. Three assumptions are made about the security environment and the skills of the attackers in cryptography. Encryption Scheme Details The following two cryptography algorithms act as the foundation for cryptosystem design − Public Algorithms − In this case, the algorithm”s entire specification is available to the general public domain which is well-known to everyone. Proprietary Algorithms − These algorithms are those that are only known to the people who designed the system and its users. When it comes to proprietery algorithms, security is ensured through obscurity. Since private algorithms are created internally and may not be thoroughly examined for flaws, they might not be the strongest algorithms. Secondly, they allow communication among closed groups only. As a result, they are inefficient for the high volume of known and unknown items that people communicate with in modern communication. Additionally, the method should be made public with the key containing the encryption strength, according to the Kerckhoff”s principle. Therefore, the attacker”s knowledge of the encryption algorithm is the initial assumption concerning the security environment. Availability of Ciphertext We are aware that after being converted from plaintext to ciphertext, the data is transmitted over an unsecured public channel, like email. It follows that the attacker can presume to have access to the ciphertext generated by the cryptosystem. Availability of Plaintext and Ciphertext This assumption is not as obvious as others. However, there might be scenarios in which an attacker has access to both the plaintext and the related ciphertext. Some such possible circumstances are − The attacker obtains the ciphertext by convincing the sender to convert the chosen plaintext. Unintentionally, the recipient might provide the attacker access to the plaintext. The attacker has access to corresponding ciphertext gathered from the open channel. Any possible attacker can know the encryption key in a public-key cryptosystem since it is in the open domain. He can create matching pairs of plaintexts and ciphertexts with this key. Cryptographic Attacks An attacker”s primary goal is to crack a cryptosystem and extract the plaintext from the ciphertext. Since the technique is now public knowledge, the attacker just needs to discover the secret decryption key to retrieve the plaintext. He then puts in all of his effort to discover the cryptosystem”s secret key. The attacked system has been declared compromised or broken after the attacker has managed to find the key. As per the methodology used, attacks on cryptosystems are divided as follows − Ciphertext Only Attacks (COA) − The attacker has access to a collection of ciphertext(s) while using this method. He is not in control of the relevant plaintext. When a given set of ciphertext can be used to determine the corresponding plaintext, COA is considered to be successful. In some cases, this approach can be used to figure out the encryption key. Current cryptosystems are protected from attacks that target just the ciphertext. Known Plaintext Attack (KPA) − With this technique, certain portions of the ciphertext are known to the attacker of plaintext. Using this knowledge, the challenge is to decrypt the remaining ciphertext. This could be done via finding the key or in another way. Block ciphers are most effectively attacked using linear cryptanalysis. Chosen Plaintext Attack (CPA) − The attacker uses this method with an encrypted version of the text of his choice. He can therefore choose the pair of ciphertext and plaintext. This makes it easier for him to figure out the encryption key. Differential cryptanalysis used against hash functions and block ciphers is an example of this type of attack. RSA, a well-known public key cryptosystem, is vulnerable to chosen-plaintext attacks. Dictionary Attack − There are numerous versions of this approach, all of which involve creating a “dictionary.” The attacker creates a dictionary of ciphertexts and matching plaintexts that he has learned over time in the most basic version
Public Key Encryption
Cryptography – Public Key Encryption ”; Previous Next Transmitting confidential messages via the internet is possible using public key encryption. A public key and a private key are the two keys that the user of this technique applies. While the public key is shared, the private key is kept secret. For encrypted messages intended to be sent to another client, the client”s public key is used for encryption. If the communication is encrypted and can only be decrypted with the receiver”s private key, only that person can access it. This option is important for secure communication when sending sensitive data such as passwords, credit card numbers, or private contacts. Protecting our data from attackers and hackers helps. It is also called as Asymmetric Key Cryptography. The History of Public Key Encryption Whitfield Diffie, Ralph Merkle, and Martin Hellman released a paper titled “New Directions in Cryptography” in 1976. They established the first known functional distributed cryptography protocol and presented the concept of public key cryptography in this study. Since then, two mathematically related keys have been used for the public key encryption technique, which is used in finance, e-business, and e-commerce to protect data. The below figure shows the encryption and decryption procedure − Components of Public key encrytpion The following are the Components explained below − Sr.No. Component & Description 1 Plain Text It is the viewable or readable message and works as input for Encryption algorithm. 2 Cipher Text It is the result of the encryption algorithm. It is not readable or understandable. 3 Encryption Algorithm This method is used to transform plain text into cypher text. 4 Decryption Algorithm It generates the original plain text after receiving the ciphertext and the matching key. 5 Public and Private Key One key is used for encryption and another is used for decryption; these keys can be either private (secret) keys or public (known to all). Properties of Public key Encryption The important properties of a public key encryption scheme are − For encryption and decryption, separate keys are used. This characteristic differentiates this system from symmetric encryption schemes. Each recipient has a distinct decryption key, also called his private key. The recipient must make his public key-an encryption key-public. Under order to prevent someone else from acting as the recipient under this method, some assurance of the legitimacy of a public key is required. Typically, this kind of cryptosystem involves a reliable third party verifying that a certain public key is unique to a particular individual or organisation. Because of the complexity of the encryption technique, an attacker cannot decrypt the plaintext from the ciphertext and the encryption (public) key. The secret key cannot be determined from the public key, even with the mathematical link between the public and private keys. In reality, creating a relationship between two keys is the excellent feature of any public-key cryptosystem. Example of Public key Encryption Here is a basic example of public key encryption − Let us say Alice and Bob are two friends. They want to share some private information via the internet. A set of two keys-a public key and a private key-belongs to each of them. Key Generation − Bob and Alice create their own key pairs. They exchange public keys but keep their private keys confidential. Sending a secret Message − Alice want to communicate with Bob in private. She uses Bob”s public key to encrypt the information. Even if someone intercepts the message, they will not be able to read it without Bob”s private key because only Bob”s private key can decode that message. Getting the Message and Decrypting It − Bob gets the message in encrypted form. He reads Alice”s original message after decrypting it using his private key. Even though the communication was sent over the internet, it is still secure because only Bob has access to the private key. In this way, Alice and Bob can have secure communication without having to worry about message hackers. Email encryption, secure chat apps, online banking, and other secure communication channels all make use of public key encryption. How is public key cryptography used by TLS/SSL? When it comes to creating secure conversations over the Internet (via HTTPS), public key cryptography can be very helpful. The public key of a website is found in its publicly shared SSL/TLS certificate, whereas the private key is installed on the origin server and is “owned” by the website itself. Public key cryptography is used during TLS handshakes to exchange data that is needed to generate session keys and to verify the origin server”s authenticity. The public-private key pair is used by a key exchange technique, like RSA or Diffie-Hellman, to agree upon session keys, which are then used for symmetric encryption when the handshake is finished. Every communication session can have a fresh session key agreed upon by clients and servers, preventing attackers from decrypting messages even if they figure out or steal one of the session keys from an earlier session. Public Key Cryptography Algorithms Here are some common used public key encryption algorithms − RSA (Rivest-Shamir-Adleman) ElGamal DSA (Digital Signature Algorithm) ECC (Elliptic Curve Cryptography) Diffie-Hellman Key Exchange These algorithms are used in many encryption protocols and systems to create secure communication and data transmission over the web. Benefits/Advantages No need to share keys − As asymmetric key cryptography is free from the exchange of any keys for decrypting data. Proof of ownership − As it links the private and public keys, so the message is decrypted using a private key. It is used as evidence that the message was received from the authorized person, who knows the private key. Extended key lengths − Asymmetric encryption methods use up to 4096-bit keys, which significantly enhance the security of ciphertext and ciphers. Tamper-proof − If hackers try to change the data while it is being sent, the receiver”s private key will not work, letting them know that the message has been modified. Disadvantages/Vulnerabilities Let
Cryptography – Principles
Cryptography – Principles ”; Previous Next In the field of cryptography, there are some important concepts and principles that we should use when working with cryptographic systems. These fundamental principles play a crucial role in ensuring secure communication and securing data. The key principles include confidentiality, integrity, authenticity, non-repudiation, and key management. So there are some fundamental principles that are very crucial in the area of cryptography − Confidentiality The main idea of Confidentiality is to keep data safe so that information stays private and secure. Cryptography techniques like encryption, help us with this by making data unreadable to people who are not authorized to see it. Example Here is an example with WhatsApp − Let us imagine an example of two people, Person A and Person B. They are chatting on WhatsApp. When Person A sends a message to Person B over WhatsApp chat. WhatsApp encodes it in some unreadable format. So that some third person cannot understand it. So the chat will remain private between those two people who are communicating with each other. Other people like hackers and WhatsApp developers cannot read the messages because they are encrypted. We can trust WhatsApp to keep our personal information or data like our phone number, chat history, safe and private. WhatsApp has some strict rules and security measures to stop this kind of unauthorized access of your data. Messaging apps like WhatsApp use one to end encryption which means that only Person A and Person B can only read and understand the messages they have sent to each other. Not even the creators of that particular app have rights to see or read the messages. So, confidentiality means keeping our data safe, like our private messages and ensuring only the right people can see them. Integrity Integrity means ensuring that our data in transit or after receiving is intact or not. Or we can say that, it is the ability to make sure that data or information has not been changed or modified with. So for this purpose we use Cryptographic techniques like hash functions. Has Functions are basically used to check the integrity of the data by finding out the changes to the data. Example Let us say two people are collaborating on a project and Person A needs to share important documents and files with each other. So they have to ensure the integrity of these files to maintain the accuracy and reliability of the information exchanged. So they need to use checksums to create digital fingerprints of those files before sending it to each other. If in between the changes have been made then the checksum will get altered. And use encrypted methods like password protected platforms or they can use email attachments to prevent unauthorised access at the time of file transmission. After receiving the file at the recipient the integrity will be verified by calculating checksums. If both the checksums are matching then it is confirmed that the file is not modified or altered. And if both the checksums are not the same then we can say that file has been modified. They can also use version control systems or platforms with revision history to track file changes and save previous versions. This thing can prevent accidental data loss. Authentication Authentication is the process of validating the identity of a user or device. Cryptographic methods, like digital signatures, can be used to securely verify the identification of a person or device. Example Let us take an example of online banking account for understanding the concept of authentication − So if an account holder is logging into his online banking account which needs his username and password. Some banks use two factor authentication for security like sending a one time password to the phone number of the user to confirm his identity. And also some banks use advanced security methods like fingerprint or facial recognition which can also be used to authenticate the particular user. These steps add one extra layer of security to keep authenticity intact. These methods make sure that only the right person who is authorised, can access their accounts, protecting sensitive financial information from unauthorized access. In the above example, authentication ensures that the only correct person has access rights to access their online banking accounts. By providing multiple security layers of verification, like passwords, OTPs, biometric data, or security questions, the bank confirms the identity of the user and protects sensitive financial information from unauthorized access. Non-repudiation Non repudiation is a method of stopping a person from denying that he or she has committed a particular act or crime. So if somebody denies that this data is not sent by him we can identify this kind of activity by using non-repudiation. Cryptographic techniques like digital signatures can be used that allow the sender to verify that the message was sent and the sender to verify the receiver. Example Let us imagine that one employee is sending an email with an important document to his colleague. Not rejecting it ensures that once you send an email, you cannot later say you did not send it. This is because the email system records and timestamps your actions which provides proof of your activity. Just like this, when your colleague receives an email, he or she refuses to receive it because their email system also records the transaction and displays the timeout. A disclaimer helps parties establish responsibility and trust in digital communication and communication without denying involvement. Key management Key management is the process of creating, distributing, and managing cryptographic keys. By managing cryptographic keys we can secure our cryptographic system, as the keys are a very important part of the cryptography system. So the security of the system depends on the secrecy of the key. Cryptographic keys are used in the encryption and decryption process. Example Let us say you have encrypted the data that you want to share with the friend. And you need a key