# Notes on Cryptography

## 1. **Introduction to Cryptography**
Cryptography is the practice of securing information by transforming it into an
unreadable format, which can only be reverted to its original form by those who
possess the correct key. It is a fundamental component of cybersecurity and is used
to protect the confidentiality, integrity, and authenticity of data during storage
and transmission.

### **Key Objectives of Cryptography:**

- **Confidentiality**: Ensuring that only authorized individuals or systems can
access the data.
- **Integrity**: Ensuring the data has not been altered or tampered with.
- **Authentication**: Verifying the identity of users, systems, or messages.
- **Non-repudiation**: Ensuring that a sender cannot deny having sent a message.

---

## 2. **Basic Concepts in Cryptography**

### a. **Plaintext** and **Ciphertext**

- **Plaintext**: The original, readable message or data before encryption.
- **Ciphertext**: The encrypted, unreadable version of the plaintext after applying
a cryptographic algorithm.

### b. **Key**
A **key** is a piece of information used by cryptographic algorithms to encrypt and
decrypt data. Keys must be kept secret to maintain the security of the encrypted
data.

---

## 3. **Types of Cryptography**

### a. **Symmetric Encryption (Secret-Key Encryption)**

- **Definition**: Symmetric encryption uses the same key for both encryption and
decryption.
- **Process**: The sender encrypts the message using a secret key, and the receiver
decrypts it using the same key.
- **Common Algorithms**:
- **AES (Advanced Encryption Standard)**: Widely used symmetric encryption
algorithm, known for its speed and security.
- **DES (Data Encryption Standard)**: An older algorithm, now considered insecure
due to its short key length.
- **3DES (Triple DES)**: A stronger variant of DES, using three encryption
passes.

**Advantages**:
- Faster than asymmetric encryption.
- Less computational overhead.

**Disadvantages**:
- Key distribution: Both the sender and receiver must securely share the same
key.

### b. **Asymmetric Encryption (Public-Key Encryption)**

- **Definition**: Asymmetric encryption uses two keys: a **public key** for
encryption and a **private key** for decryption. The public key is shared openly,
while the private key is kept secret.
- **Process**:
- The sender encrypts data using the recipient's public key.
- The recipient decrypts the data using their private key.

**Common Algorithms**:
- **RSA (Rivest-Shamir-Adleman)**: A widely used asymmetric algorithm for secure
data transmission and digital signatures.
- **ECC (Elliptic Curve Cryptography)**: Provides similar security to RSA but
with shorter key lengths, making it faster and more efficient.
- **DSA (Digital Signature Algorithm)**: Used for digital signatures.

**Advantages**:
- Solves the key distribution problem.
- Supports digital signatures and authentication.

**Disadvantages**:
- Slower than symmetric encryption due to complex mathematical operations.

### c. **Hybrid Cryptosystem**

- **Definition**: A hybrid cryptosystem combines both symmetric and asymmetric
encryption techniques. Asymmetric encryption is used to securely exchange a
symmetric key, which is then used for data encryption.
- **Example**: In SSL/TLS protocols, asymmetric encryption is used to exchange a
symmetric session key, and the session key is then used for encrypting the actual
data.

---

## 4. **Cryptographic Algorithms and Hashing**

### a. **Hashing**
- **Definition**: A hash function takes an input (or "message") and returns a
fixed-size string of characters, which is typically a digest that represents the
original data.
- **Purpose**: Hashing is used for data integrity checks, ensuring that data has
not been altered.
- **Properties of Hash Functions**:
- **Deterministic**: The same input always produces the same hash.
- **Pre-image resistance**: It is computationally infeasible to reverse the hash
to retrieve the original input.
- **Collision resistance**: It is hard to find two different inputs that produce
the same hash.

**Common Hash Functions**:

- **MD5 (Message Digest Algorithm 5)**: An older, widely used hash algorithm, but
now considered insecure.
- **SHA-1 (Secure Hash Algorithm 1)**: Previously popular but now considered
weak.
- **SHA-256 (part of the SHA-2 family)**: A secure, widely used hash function in
modern cryptography.

**Use Cases of Hashing**:

- Password storage.
- File integrity checks.
- Digital signatures.

---

## 5. **Digital Signatures and Authentication**

### a. **Digital Signature**
- **Definition**: A digital signature is a cryptographic technique used to verify
the authenticity and integrity of a message or document.
- **Process**:
1. The sender creates a hash of the message.
2. The hash is encrypted with the sender's private key, creating the signature.
3. The receiver decrypts the signature with the sender's public key to verify the
message's integrity and authenticity.

**Use Cases**:
- **Email signing**: Verifying the sender’s identity and message integrity.
- **Software distribution**: Ensuring the authenticity of downloaded software.

### b. **Authentication**
- **Definition**: Authentication is the process of verifying the identity of a
user, system, or entity.
- **Common Techniques**:
- **Passwords**: The most basic form of authentication, but weak without
additional security mechanisms.
- **Multi-factor Authentication (MFA)**: Combining something you know (password),
something you have (token or phone), and something you are (biometrics) for
stronger security.
- **Public Key Infrastructure (PKI)**: A framework using public and private keys
to authenticate users, systems, and services.

---

## 6. **Public Key Infrastructure (PKI)**

- **Definition**: PKI is a framework that manages digital keys and certificates to
support secure communication and authentication.
- **Components**:
- **Certificate Authority (CA)**: Issues and manages digital certificates, which
validate public keys.
- **Digital Certificates**: Bind public keys to the identity of the entity that
holds the corresponding private key.
- **Registration Authority (RA)**: Acts as an intermediary to verify the identity
of users requesting certificates.
- **Private Key**: Kept secret by the owner.
- **Public Key**: Distributed openly to the public for secure communication.

---

## 7. **Cryptography in Practice**

### a. **SSL/TLS (Secure Sockets Layer / Transport Layer Security)**

- **Purpose**: SSL/TLS protocols use both asymmetric and symmetric encryption to
secure data transmitted over the internet, such as during HTTPS connections.
- **Process**:
- **Handshake**: The client and server exchange public keys and establish a
symmetric session key.
- **Data Transfer**: Encrypted data is exchanged between the client and server
using the session key.

### b. **VPN (Virtual Private Network)**

- **Purpose**: VPNs use cryptographic protocols (like IPsec or SSL) to secure
internet traffic, ensuring that data transmitted over insecure networks (like the
internet) remains confidential.
---

## 8. **Modern Cryptographic Challenges**

- **Quantum Computing**: Quantum computers could potentially break current

cryptographic systems, such as RSA and ECC, by quickly solving problems that are
currently infeasible for classical computers.
- **Side-Channel Attacks**: Attacks that exploit physical implementations of
cryptographic algorithms, such as timing attacks or power analysis, to extract
keys.
- **Cryptanalysis**: The study of methods to break cryptographic algorithms and
find weaknesses.

---

## 9. **Conclusion**
Cryptography plays a crucial role in protecting the confidentiality, integrity, and
authenticity of data in today's digital world. It encompasses a wide range of
techniques and algorithms, including symmetric and asymmetric encryption, hashing,
digital signatures, and public key infrastructure. Understanding and implementing
cryptography correctly is essential for securing sensitive information and
communications across networks and systems.