Cryptography, a fundamental aspect of cybersecurity, involves the study and practice of securing information by converting it into an unreadable format, known as ciphertext, using mathematical algorithms. This field has evolved over centuries, resulting in various cryptographic techniques. One way to categorize these techniques is based on their purpose. There are three main categories of cryptography: confidentiality, integrity, and authentication.
Confidentiality is the primary purpose of cryptography, aiming to ensure that only authorized individuals can access and understand the information. This category includes techniques such as symmetric key cryptography, where the same key is used for both encryption and decryption. In symmetric key cryptography, the sender and receiver share a secret key, which is used to transform plaintext into ciphertext and vice versa. The Advanced Encryption Standard (AES) is a widely used symmetric key algorithm, adopted by the U.S. government.
Another technique within the confidentiality category is asymmetric key cryptography, also known as public key cryptography. Unlike symmetric key cryptography, asymmetric key cryptography uses two separate keys: a public key for encryption and a private key for decryption. The public key can be freely distributed, while the private key must remain secret. Examples of asymmetric key algorithms include the Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC).
Integrity is another crucial aspect of cryptography, ensuring that the information remains unaltered during transmission or storage. Cryptographic techniques used for integrity include hash functions and message authentication codes (MACs). A hash function takes an input, such as a message, and produces a fixed-size output, known as a hash value or digest. This hash value is unique to the input data and any changes to the input will result in a different hash value. Examples of hash functions include the Secure Hash Algorithm (SHA) family, such as SHA-256 and SHA-3.
Message authentication codes, on the other hand, use a secret key to generate a tag or signature for a message. This tag is appended to the message and can be used to verify the integrity of the message. HMAC (Hash-based Message Authentication Code) is a widely used MAC algorithm that combines a hash function with a secret key.
Authentication is the third category of cryptography, which focuses on verifying the identity of communicating parties. This category includes techniques such as digital signatures and certificates. Digital signatures use asymmetric key cryptography to provide authentication and integrity. The sender uses their private key to generate a unique signature for a message, which can be verified using the corresponding public key. This ensures that the message originated from the claimed sender and has not been tampered with.
Certificates, commonly used in public key infrastructure (PKI), are another authentication technique. A certificate binds a public key to an entity, such as an individual or organization, and is digitally signed by a trusted third party, known as a certificate authority (CA). The CA's signature on the certificate ensures the authenticity of the public key and the associated entity.
The three main categories of cryptography based on purpose are confidentiality, integrity, and authentication. Confidentiality techniques focus on protecting information from unauthorized access, integrity techniques ensure the data remains unaltered, and authentication techniques verify the identity of communicating parties. Understanding these categories is essential for designing secure cryptographic systems.
Other recent questions and answers regarding EITC/IS/CCF Classical Cryptography Fundamentals:
- Does the GSM system implement its stream cipher using Linear Feedback Shift Registers?
- Did Rijndael cipher win a competition call by NIST to become the AES cryptosystem?
- What is the public-key cryptography (asymmetric cryptography)?
- What is a brute force attack?
- Can we tell how many irreducible polynomial exist for GF(2^m) ?
- Can two different inputs x1, x2 produce the same output y in Data Encryption Standard (DES)?
- Why in FF GF(8) irreducible polynomial itself does not belong to the same field?
- At the stage of S-boxes in DES since we are reducing fragment of a message by 50% is there a guarantee we don’t loose data and message stays recoverable / decryptable?
- With an attack on a single LFSR is it possible to encounter combination of encrypted and decrypted part of the transmission of length 2m from which it is not possible to build solvable linear equations system?
- In case of an attack on a single LFSR, if attackers capture 2m bits from the middle of transmission (message) can they still calculate configuration of the LSFR (values of p) and can they decrypt in backwards direction?
View more questions and answers in EITC/IS/CCF Classical Cryptography Fundamentals