LECTURE 2: INTRODUCTION TO CRYPTOGRAPHY

1. INTRODUCTION
Cryptography is the science of keeping secrets secret using mathematical functions. Before we
proceed, it is worth noting that cryptography is a subcategory of a general term called
cryptology. Cryptology is subdivided into two classes: cryptography and cryptanalysis as shown
in Figure 1.

In this lecture, we are going to define cryptography and discuss the goals of cryptography,
cryptography attacks, and branches of cryptography.
2. Definition of Cryptography
Cryptography is the science of secret writing with the goal of hiding the meaning of a message.
Cryptanalysis is the science and sometimes art of breaking cryptosystems. You might think that
code-breaking is for the intelligence community or perhaps organized crime, and should not be
included in a serious classification of a scientific discipline. However, most cryptanalysis is done
by respectable researchers in academia nowadays. Cryptanalysis is of central importance for
modern cryptosystems: without people who try to break our crypto methods, we will never know
whether they are really secure or not.
3. Objectives of Cryptography
Providing confidentiality is not the only objective of cryptography. Cryptography is also used to
provide solutions for other problems:
Data integrity. The receiver of a message should be able to check whether the message was
modified during transmission, either accidentally or deliberately. No one should be able to
substitute a false message for the original message, or for parts of it.
Authentication. The receiver of a message should be able to verify its origin. No one should be
able to send a message to Bob and pretend to be Alice (data origin authentication). When
initiating a communication, Alice and Bob should be able to identify each other (entity
authentication).
Non-repudiation. The sender should not be able to later deny that she sent a message.
4. Cryptographic Attacks
The primary goal of cryptography is to keep the plaintext secret from eavesdroppers trying to get
some information about the plaintext. As discussed before, adversaries may also be active and try
to modify the message. Then, cryptography is expected to guarantee the integrity of the
messages. Adversaries are assumed to have complete access to the communication channel.
Cryptanalysis is the science of studying attacks against cryptographic schemes. Successful
attacks may, for example, recover the plaintext (or parts of the plaintext) from the ciphertext,
substitute parts of the original message, or forge digital signatures. Cryptography and
cryptanalysis are often subsumed by the more general term cryptology.
A fundamental assumption in cryptanalysis was first stated by Auguste Kerckhoff in the
nineteenth century. It is usually referred to as Kerckhoff ’s Principle. “It states that the
adversary knows all the details of the cryptosystem, including algorithms and their
implementations”. According to this principle, the security of a cryptosystem must be entirely
based on the secret keys.
The possible attacks depend on the actual resources of the adversary Eve. They are usually
classified as follows:
a) Ciphertext-only attack. Eve has the ability to obtain ciphertexts. This is likely to be
the case in any encryption situation. Even if Eve cannot perform the more
sophisticated attacks described below, one must assume that she can get access to
encrypted messages. An encryption method that cannot resist a ciphertext-only attack
is completely insecure.
b) Known-plaintext attack. Eve has the ability to obtain plaintext-ciphertext pairs.
Using the information from these pairs, she attempts to decrypt a ciphertext for which
she does not have the plaintext. At first glance, it might appear that such information
would not ordinarily be available to an attacker. However, it very often is available.
Messages may be sent in standard formats which Eve knows.
c) Chosen-plaintext attack. Eve has the ability to obtain ciphertexts for plaintexts of
her choosing. Then she attempts to decrypt a ciphertext for which she does not have
the plaintext. While again this may seem unlikely, there are many cases in which Eve
can do just this. For example, she sends some interesting information to her intended
victim which she is confident he will encrypt and send out. This type of attack
assumes that Eve must first obtain whatever plaintext-ciphertext pairs she wants and
then do her analysis, without any further interaction. This means that she only needs
access to the encrypting device once.
d) Adaptively-chosen-plaintext attack. This is the same as the previous attack, except
now Eve may do some analysis on the plaintext-ciphertext pairs, and subsequently get
 more pairs. She may switch between gathering pairs and performing the analysis as
often as she likes. This means that she has either lengthy access to the encrypting
device or can somehow make repeated use of it.
e) Chosen- and adaptively-chosen-ciphertext attack. These two attacks are similar to
the above plaintext attacks. Eve can choose ciphertexts and gets the corresponding
plaintexts. She has access to the decryption device.
5. Branches of Cryptography
Cryptography itself splits into three main branches:
Symmetric Algorithms are what many people assume cryptography is about two parties having
an encryption and decryption method for which they share a secret key. All cryptography from
ancient times until 1976 was exclusively based on symmetric methods. Symmetric ciphers are
still in widespread use, especially for data encryption and integrity check of messages.
Asymmetric (or Public-Key) Algorithms. In 1976 an entirely different type of cipher was
introduced by Whitfield Diffie, Martin Hellman, and Ralph Merkle. In public-key cryptography,
a user possesses a secret key as in symmetric cryptography but also a public key. Asymmetric
algorithms can be used for applications such as digital signatures and key establishment, and also
for classical data encryption.
Cryptographic Protocols. Roughly speaking, crypto protocols deal with the application of
cryptographic algorithms. Symmetric and asymmetric algorithms can be viewed as building
blocks with which applications such as secure Internet communication can be realized. The
Transport Layer Security (TLS) scheme, which is used in every Web browser, is an example of a
cryptographic protocol.
These branches will be expounded in subsequent lectures.

Summary
Cryptography is a field of computer science that deals with keeping secrets secret by applying
mathematical functions. It is a sub-brunch of cryptology among another concept called
cryptanalysis.