# Cryptography Basics

**The objective of Cryptography?**

The domain Cryptography addresses the main information security concepts which are Confidentiality, Integrity, Authenticity (CIA concepts) as well as the non-repudiation. Means that Cryptography is one of the information security components which helps to achieve basic expectation of the Information Security.

*Confidentiality*: To ensure that unauthorized parties cannot access the data, message or information.

*Authenticity*: To ensure that the source/sender of the data, message or information is identifiable.

*Integrity:* To ensure that the data/message or information was not modified during transmission.

*Nonrepudiation:* To ensure that either party cannot deny sending or receiving the data, message or information.

# Key acronyms of the domain Cryptography

*Cryptography*

– Art or science of secret writing.

*Cryptanalysis**:*

– art/science relating to converting ciphertext to plaintext without the

(secret) key

– descrambling without a secret key; the art of breaking ciphers

– The practice of defeating such attempts to hide info

*Cryptology*

– Includes both cryptography and cryptanalysis.

*Encipher*

– an Act of scrambling the information with or without a secret key to hide actual information Which helps protect stored information and protect information in the transmission.

Simply it is the process by which plaintext is converted to ciphertext using a key

*Decipher*

– Descrambling with the secret key and retrieve valid information from the scrambled sequence of data.

Simply it is the process by which ciphertext is converted to plaintext (with or without the appropriate key)

*Key*

– The secret sequence of data that is governing en/deciphering

**Why Cryptography**

– Protects sensitive information from public disclosure.

– Storing and transmitting information in a form that allows it to be revealed

only to those who are intended.

– Identifies the corruption or unauthorized change (Integrity)of information.

– Designed to make compromise too expensive or too time-consuming.

# Let’s look into some Ciphers from the history

**The Caesar Cipher**

Plain Text: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Cipher Text : D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

`Ci = E(Pi)= Pi+3 ( Shifting some number of characters)`

Resource: http://practicalcryptography.com/ciphers/caesar-cipher/

**Kama-sutra**

The Kama-sutra generate a list of 26 alphabets with no duplicate. Then divide by 2 rows. Find for each letter of message text in the table and choose the opposite of the letter.

Example:

Key = G H A J R I O B E S Q C L F V Z T Y K M X W N U D P

Divide by 2 rows:

G H A J R I O B E S Q C L

F V Z T Y K M X W N U D P

Given String = KAMASUTRA

K is at 2nd row and 5th column. Get the opposite of K that

is I. Do each letter until the end of the plain text characters.

Cipher: IZOZNQJYZ

you can try it here: https://www.cryptool.org/en/cto-ciphers/kamasutra

resource: https://programmingcode4life.blogspot.com/2015/10/kamasutra-cipher.html

# One Time Pad / Vernam Cipher

— Invented in 1917 by Gilbert Vernam and Joseph Mauborgne. Usually implemented as a stream cipher using the XOR function.

— Key is used once and discarded by both sender and receiver. Length of the Key character stream is equal to the message length.

— Not practical for large amounts of data (MB / GB).

— Pad is theoretically unbreakable by exhaustive brute force.

— The implementation uses a Key that consists of a set of random non-repeating characters.

— Each Key letter and Plaintext is added modulo 26 to each

other and then converted back into a letter.

— Two identical pads (keys), one with the sender, one with the recipient

— The random pads (keys) are the same length as the message unbreakable by exhaustive search.

— Relies on the physical security of the pads.

— Pads can only be used once.

resource: https://en.wikipedia.org/wiki/Gilbert_Vernam

Example:

# Encipherment Modes

**Stream Ciphers** — Message is broken into characters or bits and enciphered with a key or keystream(should be random and generated independently of the message stream).

**keystream** that is as long as the plaintext bitstream. If the keystream is random, this scheme would be unbreakable unless the keystream was acquired, making it unconditionally secure. The keystream must be provided to both parties in a secure way to prevent its release.

**Block ciphers** — process messages in blocks, each of which is then encrypted or decrypted.

A **block cipher** is a symmetric cipher in which blocks of plaintext are treated as a whole and used to produce ciphertext blocks. The block cipher takes blocks that are *b *bits long and encrypts them to blocks that are also *b *bits long. Block sizes are typically 64 or 128 bits long. Below is a general substitution cipher with a 4-bit input.

**Block cipher vs Stream cipher**

This section I might not need to explain more, here are some few things found from the internet. please check the image source information, it will give you more understanding.

# Secrecy Requirements of the Ciphers

— If ciphertext and plaintext are known, it should be computationally infeasible to determine the deciphering algorithm.

— It should be computationally infeasible to systematically determine plaintext from intercepted ciphertext (Even if you decrypt ciphertext once, it should require the same amount of work to do it again.).**Note**: “systematically” allows for a lucky guess.**Note**: “Computationally infeasible” means great effort doesn’t account for advances in computing, mathematics.

# Characteristics of a good cipher

These characteristics are called **Shannon Characteristics — 1949**

— *The amount of secrecy needed should determine the amount of labor appropriate for encryption and decryption.*

*•Always possible to simply try every key.•Most basic attack, proportional to the key size.•Assume either know/recognize plaintext.*

Some computational times according to the key size:

**Unconditional security: **No matter how much computer power is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext.

**Computational security: **Given limited computing resources (e.g. time

needed for calculations is greater than the age of the universe), the cipher cannot be broken.

— *The set of keys and the encryption algorithm should be free from complexity.*

*Example: Kerckhoff’s Principle:*

*The security of the encryption scheme must depend only on the secrecy of the key and not on the secrecy of the algorithms.*

— *The implementation of the process should be as simple as possible.*

*Confusion: The interceptor should not be able to predict what changing one character in the plaintext will do to the ciphertext.*

*Diffusion: The characteristics of distributing the information from a single plaintext letter over the entire ciphertext.*

— *Errors in the ciphering should not propagate and cause corruption offurther information in the message.*

— *The size of the enciphered text should be no larger than the text of the original message.*

Hope you have gained some basic idea of the Cryptography and what are the key components, terms, and usage of Cryptography.

From the next article, I will explain to you how symmetric key/Asymmetric key cryptography works and functionality of them. Cheers!!