4.

1
Cryptograp
hy
 What is Cryptography?
 Cryptography, or cryptology, is the study and practice of
techniques for secure communication in the presence of
adversaries. It involves constructing and analyzing
protocols to protect private messages from unauthorized
access, ensuring data confidentiality, integrity,
authentication, and non-repudiation. Modern cryptography
is rooted in mathematics, computer science, and electrical
engineering, with applications in ATM cards, computer
passwords, and electronic commerce.
 What is Cryptography?
Historically, cryptography was synonymous with
encryption, where information was transformed
into unreadable text, only decipherable by intended
recipients. Today, cryptographic algorithms rely on
computational hardness assumptions, making them
difficult to break in practice. While some schemes,
like the one-time pad, are theoretically
unbreakable, they are less practical compared to
computationally secure methods, which must
constantly evolve to counter advancements in
 What is Cryptography?
The widespread use of cryptography has led to legal
and ethical challenges, as it can be used for
espionage and sedition. Some governments classify
cryptography as a weapon and impose restrictions
on its use and export. In certain jurisdictions,
investigators have the legal authority to compel the
disclosure of encryption keys. Cryptography is also
crucial in digital rights management, helping to
protect copyrighted digital content from
infringement. As technology continues to advance,
cryptography remains essential in securing digital
 Some
Terminologies: Alphabet Shift
Ciphers

A simple encryption technique believed to have been used

by Julius Caesar over 2000 years ago. It involves shifting
letters in the alphabet by a fixed number (e.g., k=3) to
encrypt a message and shifting back by the same number to
decrypt it. Encryption &
Decryption
Encryption is the process of converting plaintext
(ordinary information) into unintelligible text called
ciphertext to prevent unauthorized access. Decryption
is the reverse process, converting ciphertext back into
 Some
Terminologies:
Cipher

A cipher (or cypher) is a set of algorithms that facilitate

encryption and decryption. The effectiveness of a cipher
depends on both the algorithm and the secret key used to
control the process.

Key
A secret value used to encrypt and decrypt data. Ideally, the
key should be known only to the sender and recipient.
Without a variable key, a cipher can be easily broken and
rendered ineffective.
 Some
Terminologies:
Cryptosystem

A structured system that consists of a defined set of

plaintexts, ciphertexts, possible keys, and encryption and
decryption algorithms. It ensures secure communication by
systematically applyingSymmetric
cryptographic techniques.
Cryptosystem
A type of cryptosystem where the same secret key is used
for both encryption and decryption. It is generally faster due
to shorter key lengths and is commonly used in secure data
transmission. Example: Advanced Encryption Standard
(AES), which replaced the older Data Encryption Standard
(DES).
 Some
Terminologies: Asymmetric
Cryptosystem

A more secure cryptosystem that uses two different keys: a

public key for encryption and a private key for decryption.
This enhances security and is commonly used in secure
communication. Examples include Rivest-Shamir-Adleman
(RSA) and Elliptic Curve Cryptography (ECC).
Code
Often confused with ciphers, a code in cryptography refers
specifically to replacing meaningful words or phrases with
designated code words rather than applying mathematical
encryption methods.
 Some
Terminologies:
Cryptanalysis

The study of methods used to break encryption and

decipher messages without access to the decryption key. It
involves analyzing encryption algorithms and identifying
vulnerabilities that could be exploited.

Cryptography
The practice and application of cryptographic techniques to
secure communication, ensuring confidentiality, integrity,
and authentication of data.
Some
Terminologies:
Cryptology

The broader study that combines cryptography

(securing data) and cryptanalysis (breaking encryption)
to understand and improve secure communication
methods.
Crypto-linguistics
A specialized field that examines the characteristics of
languages and their applications in cryptography or
cryptology, often used in codebreaking and language-
based encryption methods.
 History of
Cryptography
and
Cryptanalysis
 Early Cryptography
Before the modern era, cryptography was primarily
concerned with ensuring message confidentiality. This
was achieved by converting comprehensible messages
into incomprehensible ones, rendering them unreadable
to unauthorized parties without secret knowledge.
Encryption played a crucial role in maintaining secrecy
in communications for spies, military leaders, and
diplomats. Over time, cryptography has expanded
beyond confidentiality to include techniques for
message integrity verification, sender/receiver
authentication, digital signatures, interactive proofs,
 Classical Cryptography

One of the earliest forms of cryptography was simple secret

writing, which required no more than basic literacy. As
literacy increased, more sophisticated cryptographic
techniques emerged. The two primary classical cipher types
were:
• Transposition Ciphers These rearrange the letters of a
message (e.g., "hello world" becomes "ehlol owrdl").

• Substitution Ciphers: These systematically replace

letters or groups of letters with others (e.g., "fly at once"
becomes "gmz bu podf" by shifting each letter forward in
the alphabet).
 One of the earliest substitution ciphers was the
Caesar cipher in which each letter in the plaintext was
replaced by a letter some fixed number of positions
further down the alphabet, used by Julius Caesar with
a shift of three to communicate with his generals. The
Atbash cipher was an early Hebrew example. The
oldest known cryptographic use dates back to Egypt
(circa 1900 BCE) with carved ciphertext on stone,
possibly for amusement rather than secrecy.
 The Greeks used the scytale transposition cipher, a
tool employed by the Spartan military. Steganography,
the practice of concealing the existence of a message,
was also used by the Greeks. For example, Herodotus
recorded an example where a message was tattooed
on a slave’s shaved head and concealed under
regrown hair. More modern steganographic methods
include invisible ink, microdots, and digital
watermarks.
0
1 In India, the Kamasutra of Vātsyāyana
(circa 2000 years ago) described two
cipher types:
0
2
 01  Kautiliyam: Cipher letter
substitutions based on
phonetic relations (e.g.,
0 vowels becoming
2
consonants).
 • Mulavediya: Pairing
02
letters and using their
reciprocal ones.
 The Rise of Cryptanalysis
Classical ciphers were vulnerable to frequency analysis, a
method pioneered by the Arab mathematician Al-Kindi in the
9th century. His book Risalah fi Istikhraj al-Muamma detailed
frequency analysis techniques, enabling cryptographers to
break many ciphers.

To counter frequency analysis, homophonic ciphers were

developed, distributing character frequencies more evenly.
The polyalphabetic cipher, credited to Leon Battista Alberti
(1467), was a significant advancement. Alberti’s method
used multiple substitution alphabets, changing the cipher at
intervals. His cipher disk was an early cryptographic device.
 The Rise of Cryptanalysis

The Vigenère cipher extended Alberti’s idea by

employing a keyword to dictate letter substitution.
However, it was vulnerable to Kasiski examination,
discovered by Charles Babbage and published by
Friedrich Kasiski in the mid-19th century.
Kerckhoffs’s Principle and Modern Developments

In 1883, Auguste Kerckhoffs proposed that a cipher

should remain secure even if the encryption
method is known, relying solely on the secrecy of
the key. Claude Shannon, the father of information
theory, reinforced this principle as Shannon’s
Maxim: "The enemy knows the system."
us mechanical aids have been used in cryptograp
The scytale (Spartan transposition cipher tool).
The cipher grille (a medieval steganographic aid).
The cipher disk (Alberti’s device for polyalphabetic encr
The tabula recta (Trithemius' polyalphabetic table).
Thomas Jefferson’s multi-cylinder cipher
(precursor to modern encryption devices).
The Enigma machine, used by Germany during
World War II (WWII), significantly increased
cryptanalytic difficulty.
 Modern Cryptography
The modern field of cryptography can be divided into several areas
of study.
 Modern Cryptography

1. Symmetric-key cryptography – Uses the same key

for both encryption and decryption. It includes:
Block ciphers – Encrypts data in fixed-size blocks.
Examples include:
 Data Encryption Standard (DES) – Once a
widely used encryption standard, now
considered insecure.
 Advanced Encryption Standard (AES) – The
current encryption standard, used in various
applications.

 Modern Cryptography

2. Cryptographic hash functions – Converts data into a fixed-

length hash, which is useful for digital signatures and integrity
checks. Examples include:
o MD4 and MD5 – Early hash functions, now considered
insecure due to vulnerabilities.
o SHA-1 – An improvement over MD5 but still susceptible to
attacks.
o SHA-2 – A more secure family of hash functions, but
adoption has been slow.
o SHA-3 (Keccak) – Selected as the new US national standard
 Modern Cryptography

2. Cryptographic hash functions – Converts data into a fixed-

length hash, which is useful for digital signatures and integrity
checks. Examples include:
o MD4 and MD5 – Early hash functions, now considered
insecure due to vulnerabilities.
o SHA-1 – An improvement over MD5 but still susceptible to
attacks.
o SHA-2 – A more secure family of hash functions, but
adoption has been slow.
o SHA-3 (Keccak) – Selected as the new US national standard
 Message Authentication Codes (MACs)

Similar to hash functions but with a secret key,

providing authentication and data integrity. MACs help
prevent attackers from tampering with messages by
ensuring the recipient can verify their authenticity.
 Public-Key Cryptography
Symmetric-key cryptosystems use the same key for encryption and
decryption, requiring complex key management. To solve this, Diffie
and Hellman introduced public-key cryptography in 1976, where a
public key encrypts data while a private key decrypts it. The RSA
algorithm, developed in 1978, became widely used alongside Diffie-
Hellman and elliptic curve techniques. British intelligence (GCHQ)
later revealed they had discovered similar concepts earlier. Public-
key cryptography is also used for digital signatures, ensuring
message authenticity and integrity.

Public-key algorithms rely on complex mathematical problems, such

as integer factorization (RSA) and discrete logarithms (Diffie-
Hellman). Due to their computational expense, hybrid cryptosystems
 Cryptanalysis

Cryptanalysis aims to find vulnerabilities in cryptographic

scheme. While the one-time pad is theoretically
unbreakable, most ciphers can be cracked with enough
computational effort. Attacks vary in complexity, including
ciphertext-only, known-plaintext, chosen-plaintext, and
chosen-ciphertext attacks. Side-channel attacks exploit
weaknesses in real-world implementations, such as timing
analysis and traffic analysis. Poor key management and
social engineering remain significant threats.
 Cryptographic Primitives and Cryptosystems
Cryptographic primitives are basic algorithms like
pseudorandom functions and one-way functions, forming
the foundation of more complex cryptosystems.
Cryptosystems like RSA and El-Gamal ensure security for
communication and transactions. More advanced systems
include electronic cash and zero-knowledge proofs. The
field of provable security seeks to formally prove the
difficulty of breaking cryptographic systems, enhancing
reliability.

The implementation of cryptographic techniques in

software is a separate field, focusing on secure and
 Legal Issues
Prohibitions

• Cryptography has been a subject of legal controversy

due to its role in intelligence, law enforcement, and
privacy protection. While it enables secure
communication, governments often regulate its use to
prevent criminal activities.

• Some countries, like China and Iran, require licenses

for cryptography, while others, including Belarus,
Kazakhstan, and Vietnam, impose strict restrictions.
France once had similar limitations but relaxed them
 Legal Issues
Prohibitio
ns
• In the U.S., cryptography is legal domestically but has
faced legal conflicts, particularly regarding its export.
After World War II, encryption was classified as
military equipment and placed on the U.S. Munitions
List, making its sale or distribution overseas illegal.
However, as personal computers, the internet, and
public key encryption advanced, high-quality
cryptography became widely accessible, reducing the
effectiveness of these restrictions.
 Legal Issues

Digital Rights
Management (DRM)
• Cryptography plays a key role in Digital Rights
Management (DRM), which controls the use of
copyrighted content. In 1998, the Digital Millennium
Copyright Act (DMCA) was signed into law in the
U.S., criminalizing cryptanalytic techniques that
could bypass DRM. Similar laws exist globally,
including the EU Copyright Directive and treaties
under the World Intellectual Property Organization
(WIPO).
 Legal Issues

Digital Rights
Management (DRM)
• While enforcement of the DMCA has not been as
strict as initially feared, it remains controversial.
Researchers like Niels Ferguson avoided publishing
security research due to legal risks. Others, such as
Alan Cox and Edward Felten, faced DMCA-related
issues, while Dmitry Sklyarov was arrested for
developing DRM-circumventing software legal in his
home country. In 2007, leaked cryptographic keys for
Blu-ray and HD DVD led to widespread backlash,
 Legal Issues
Forced Disclosure of
Encryption Keys
• In some countries, laws mandate individuals to hand
over encryption keys or passwords during criminal
investigations. The UK's Regulation of Investigatory
Powers Act allows police to compel suspects to
decrypt files, with non-compliance leading to
imprisonment (up to five years for national security
cases). Similar laws exist in Australia, Finland,
France, and India.
 Legal Issues
Forced Disclosure of
Encryption Keys
• In the U.S. case United States v. Fricosu (2012), a
court ruled that a defendant must provide an
unencrypted hard drive, despite arguments from the
Electronic Frontier Foundation (EFF) that this violated
the Fifth Amendment.
• To counter forced disclosure, some cryptographic
software enables plausible deniability, making
encrypted data appear as random, unused data