Cryptology and Cryptography

Summary

Cryptography, also known as cryptology, is the use of a cipher to hide a message by replacing it with letters, numbers, or characters or by other means. Traditionally, cryptography has been a tool for hiding communications from the enemy during times of war. Although it is still used for this purpose, it is more often used for computer security to encrypt confidential data, messages, passwords, and digital signatures. Although computer ciphers are based on manually applied ciphers, they are programmed into the computer using complex algorithms that include algebraic equations and other methods to encrypt the information.

Definition and Basic Principles

Cryptography is the use of a cipher to represent hidden letters, words, or messages. Cryptology is the study of ciphers. Ciphers are not codes. Codes are used to represent a word or concept, and they do not have a hidden meaning. One example of a code is the international maritime signal flags, part of the International Code of Signals, known by all sailors and available to anyone else. Ciphers, on the other hand, are schemes for changing the letters and numbers of a message with the intention of hiding the message from others. One example is a substitution cipher, in which the letters of the alphabet are rearranged and then used to represent other letters of the alphabet. Cryptography has been used since ancient times for communicating military plans or information about the enemy. In modern times, it is most commonly thought of in regard to computer security. Cryptography is critical to storing and sharing computer data files and using passwords to access information either on a computer or on the internet.

89250413-78400.jpg

Background and History

The most common type of cipher in ancient times was the substitution cipher. This was the type of cipher employed by Julius Caesar during the Gallic Wars; by the Italian Leon Battista Alberti in a device called the Alberti cipher disk, described in a treatise in 1467; and by Sir Francis Bacon of Great Britain. In the 1400s, the Egyptians discovered a way to decrypt substitution ciphers by analyzing the frequency of the letters of the alphabet. Knowing the frequency of a letter made it easy to decipher a message.

German abbot Johannes Trithemius devised polyalphabetic ciphers in 1499, and French diplomat Blaise de Vigenère did the same in 1586. Both used the tabula recta, or cryptographic tableau, a table in which the alphabet is repeated on each line, with all the letters from the previous line shifted one position to the left. De Vigenère added a key to his tableau. The key was used to determine the order in which the alphabets were used. This type of cipher was later called the Vigenère cipher.

The Greeks developed the first encryption device, the scytale, which consisted of a wooden staff and a strip of parchment or leather. The strip was wrapped around the staff and the message was written with one letter on each wrap. When wrapped around another staff of the same size, the message appeared. This form of cipher is called a transposition cipher. In the 1780s, Thomas Jefferson invented a wheel cipher that used wooden disks with the alphabet printed around the outside. They were arranged side by side on a spindle and were turned to create a huge number of ciphers. In 1922, Jefferson's wheel cipher was adopted by the US Army. It used metal disks and was named the M-94.

In the latter years of World War I and immediately after, four inventors—Edward H. Hebern, American, 1917; Arthur Scherbius, German, 1918; Hugo Alexander Koch, Dutch, 1919; and Arvid Gerhard Damm, Swedish, 1919—independently developed cipher machines that scrambled letters using a rotor or a wired code wheel. Scherbius, an electrical engineer, called his machine the Enigma. The device, which looked like a small, narrow typewriter, changed the ciphertext with each letter that was input. The German navy and other armed forces tried the machine, and the German army redesigned it, developing the Enigma I in 1930 and using various models during World War II. The Japanese also developed an Enigma-like device for use during the war. The Allies were unable to decrypt Enigma ciphers until the Polish built an Enigma and sold it to the British. The German military became careless about key choice and the order of words in sentences, enabling the Allies to crack the cipher. This was a major factor in the defeat of Germany in World War II.

In the 1940s, British intelligence created the first computer, Colossus. After World War II, the British destroyed Colossus. Two Americans at the University of Pennsylvania are credited with creating the first American computer in 1945. It was named the Electronic Numerical Integrator and Computer, or ENIAC, and was able to easily decrypt manual and Enigma ciphers.

How It Works

In modern digital cryptography, the data, message, or password typically starts as cleartext or plaintext. Once it is input into the computer, a computer algebra system (CAS) performs the actual encryption, using the key and selected algebraic equations based on the cryptographic algorithm. It stores the data, message, or password as ciphertext.

Most encryption systems require a key. The length of the key increases the complexity of the cryptographic algorithm and decreases the likelihood that the cipher will be cracked. Modern key lengths typically range from 128 to 2048 bits. There are two key types. The first is a symmetric or secret key that is used to encrypt and decrypt the data. A different key generates different ciphertext. It is critical to keep the key secret and to use a sufficiently complex cryptographic algorithm. The algebraic equations used with a symmetric key are two-way equations.

Symmetric-key cryptography uses a polyalphabetic encryption algorithm, such as a block cipher, a stream cipher, or a hash function, to convert the data into binary code. A block cipher applies the same key to each block of data. Stream ciphers encrypt the data bit by bit. They can operate in several ways, but two common methods are self-synchronizing and synchronous. The self-synchronizing cipher encrypts the data using an algebraic function applied to the previous bit, while synchronous ciphers apply a succession of functions independent of the data.

Asymmetric or public-key cryptography uses two keysa public key and a private key. The public key can be distributed to all users, whereas the private key is unknown. The private key cannot be calculated from the public key, although there is a relationship between the two numbers. The public key is used for encryption, and the private key is used for decryption. The algebraic equations used in public-key cryptography can be calculated only one way, and different equations are used to encrypt and decrypt. The calculations are complex and often involve factorization of a large number or determining the specific logarithm of a large number. Public-key algorithms use block ciphers, and the blocks may be variable in size.

Digital signatures can be linked to the public key. A digital signature provides a way to identify the creator of the data and to authenticate the source. A digital signature is difficult to replicate. The typical components of a digital signature are the public key, the user's name and email address, the expiration date of the public key, the name of the company that owns the signature, the serial number of the digital identification number (a random number), and the digital signature of the certification authority.

A hash function, or message digest, is an encryption algorithm that uses no key. A hash function takes a variable-length record and uses a one-way function to calculate a shorter, fixed-length record. Hash functions are difficult to reverse, so they are used to verify a digital signature or password. If the new hash is the same as the encrypted version, then the password, or digital signature, is accepted. There are a number of hash algorithms. Typically, they break the file into even-sized blocks and apply either a random number or a prime number to each block. Some hash functions act on all the values in the block, and others work on selected values. Sometimes they generate duplicate hashes, which are called collisions. If there is any change in the data, the hash changes.

There are specific security standards that cryptographic data must meet. They are authentication, privacy/confidentiality, integrity, and nonrepudiation. These standards not only protect the security of the data but also verify the identity of the user, the validity of the data, and that the sender provided the data.

Applications and Products

Cryptographic software is created so that it can interact with a variety of computer systems. Some of this software is integrated into other computer programs, and some interfaces with other computer systems. Most cryptographic programs are written in the computer languages of Java, JavaScript, C, C+, or C++. The types of software used for cryptography include computer algebra systems, symmetric-key algorithms, public-key algorithms, hash function algorithms, and digital signature algorithms.

CAS Software. A computer algebra system (CAS) is a software package that performs mathematical functions. Basic CAS software supports functions such as linear algebra, algebra of polynomials, calculus, nonlinear equations, functions, and graphics. More complex CAS software also supports command lines, animation, statistics, number theory, differential equations, networking, geometric functions, graphing, mathematical maximization, and a programming language. Some examples of CAS software used for encryption of data include Axiom, FriCAS, Magma, Maple, Mathematica, Maxima, and Sage.

Symmetric-Key Algorithms. Symmetric-key algorithms work best for storing data that will not be shared with others. This is because of the need to communicate the secret key to the receiver, which can compromise its secrecy. There are two types of symmetric-key encryption algorithmsstream ciphers and block ciphers. The standard for symmetric-key encryption is the Advanced Encryption Standard (AES), established by the National Institute of Standards and Technology (NIST) in 2001 to replace the Data Encryption Standard (DES). Other symmetric-key encryption algorithms include Blowfish, Twofish, IDEA (International Data Encryption Algorithm), Camellia, RC4, and Serpent. These are all block ciphers except for RC4, which is a stream cipher.

Public-Key Algorithms. Asymmetric or public-key algorithms support the review of digital signatures and variable-length keys. They are used for data sent to other businesses or accessed by users because there is no need to keep the public key secure. Some examples of public-key algorithms are DSA (Digital Signature Algorithm), RSA, Rabin, ElGamal, Cramer-Shoup, and Paillier.

Hash Function Algorithms. Hash function algorithms are not considered actual encryption, although they are often used with encryption algorithms. Hash functions are used to verify passwords or digital signatures, look up a file or a table of data, store data, verify email users, verify data integrity, and verify the parties in an electronic funds transfer (EFT). Some examples of cryptographic hash function algorithms are the SHA (Secure Hash Algorithm) family (SHA, SHA-1, SHA-2, SHA-3), the RIPEMD (RACE Integrity Primitives Evaluation Message Digest) family (RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320), MD2, MD4, MD5, MD6, HAVAL (Hash of Variable Length), Whirlpool, and Tiger.

Digital Signatures. A digital signature scheme is used with a public-key system and may be verified by a hash. It can be incorporated into the algorithms or just interface with them. A digital signature algorithm requires the user to know the public and private keys. For hash functions, there may be no key. The digital key verifies that the message or data was not altered during transmission. Digital signature schemes are used for several verification purposes, including verifying a student's identity to access academic records, the identity of a credit card user or bank account owner, the identity of an email user, the company identities in EFTs, the source of data being transferred, and the identity of a user storing data. The federal standard for digital signatures is the Digital Signature Algorithm (DSA). Other digital signature algorithms include the Edwards-curve Digital Signature Algorithm (EdDSA), NTRUSign, the Rabin signature scheme, RSASSA-PSS, and the ElGamal signature scheme.

Careers and Course Work

Most cryptographers have a bachelor's degree in computer science, mathematics, or engineering. Often, they have either a master's degree or a doctorate. Several universities and information technology institutes offer non-degree programs in cryptography. Cryptographers are knowledgeable in encryption programming, computer security software, data compression, and number theory, as well as firewalls and Windows and internet security. People with this background may be employed in computer software firms, criminology, universities, or information technology.

There is a voluntary accreditation examination for cryptographers administered by the International Information Systems Security Certification Consortium (ISC2), called the Certified Information Systems Security Professional (CISSP) examination. To be certified, a cryptographer must have five years of relevant job experience and pass the CISSP examination. Recertification must be done every three years, either by retaking the examination or earning 120 continuing professional education credits.

Position titles include cryptoanalysts, cryptosystem designers, cryptographic engineers, and digital rights professionals. A cryptoanalyst is involved in the examination and testing of cryptographic security systems. Cryptosystem designers develop complex cryptographic algorithms. Cryptographic engineers work with the hardware of cryptographic computer systems. Digital rights professionals are responsible for securing encrypted data, passwords, and digital signatures. They may be certificate administrators responsible for accepting new users and approving their digital signatures.

Social Context and Future Prospects

Computer technology is an important part of contemporary life. Encryption of data, messages, passwords, and digital signatures makes this possible. Without data and password security, personal and professional users would find that anything they loaded onto their computers would be available to hackers and spies, and they would be vulnerable to computer viruses that could damage their computers and corrupt their files. Using a computer under these circumstances would be difficult because the data and computer system lack dependability. Many workers perform their jobs on a computer, and many work from home. Wireless systems are increasingly used and require adequate security.

Despite the complexity of modern cryptography, there still are risks of attacks on computer data, messages, and passwords. The likelihood of breaking a cryptographic algorithm is assessed by how long it would take to break the cipher with a high-speed computer. A common attack on key cryptography is brute force. This involves trying all the possible number combinations to crack the key. The longer the key is, the longer this will take. The only way to create an unbreakable cipher is to use a one-time pad, in which the secret key is encrypted using an input number used only once. Each time the data are accessed, another random number of the same length is used as the secret key.

All cryptosystems have vulnerabilities. As computer technology and cryptography knowledge advances, any particular encryption algorithm is increasingly likely to be broken. As cyberattacks rise at alarming rates, the demand for cryptography professionals to help prevent these threats is greatly increasing, especially in finance, healthcare and among governmental agencies. Cryptoanalysts must constantly evaluate and modify or abandon encryption algorithms as needed.

The development of a quantum computer based on quantum theory posed an unprecedented risk to cryptographic systems. Knowing the potential of a quantum computer to crack cryptographic ciphers, post-quantum cryptography (PQC) emerged. Apple's iMessage was the first platform to adopt the encryption technology called PQC3 in February 2024, and it was quickly followed by Zoom.

Bibliography

Alexandrou, Alex. Cybercrime and Information Technology: Theory and Practice—The Computer Network Infrastructure and Computer Security, Cybersecurity Laws, Internet of Things (IoT), and Mobile Devices. CRC Press, 2022.

Aumasson, Jean-Philippe. Serious Cryptography: A Practical Introduction to Modern Encryption. 2nd ed., O'Reilly Media, 2024.

Blackwood, Gary. Mysterious Messages: A History of Codes and Ciphers. Penguin, 2009.

"Information Security Analysts." US Bureau of Labor Statistics, 17 Apr. 2024, www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm. Accessed 20 June. 2024.

Stallings, William. Cryptography and Network Security. 8th ed., Pearson Education, Limited, 2022,

Katz, Jonathan, and Yehuda Lindell. Introduction to Modern Cryptography. 3rd ed., CRC, 2021.

Lunde, Paul, ed., The Book of Codes: Understanding the World of Hidden Messages. U of California P, 2009.

Seife, Charles. Decoding the Universe: How the New Science of Information Is Explaining Everything in the Cosmos, from Our Brains to Black Holes. Penguin, 2006.

Stallings, William. Cryptography and Network Security: Principles and Practice. 8th ed., Prentice, 2023.