What is Cryptography?

CR0009 1 What is Cryptography?.jpg

This is both a video and a text post, walking through the fundamentals of cryptography and how they apply to blockchain technology and cryptocurrencies.

I am going to mull over some of the ideas and information I learned while doing research on cryptography. Cryptography arose out of the need for people communicating to ensure that the message is received by the correct person and also received accurately, meaning not having been tampered with. It’s a way to secure communication.

Cryptography is the term most commonly used but it’s actually just one half of the equation, the other being cryptanalysis, and both coming under the term cryptology which is the study of both cryptography and cryptanalysis. Cryptography does not only involve the encryption of data but means a way of scrambling information, or protecting information from unwanted third parties, or sometimes all parties but while maintaining data integrity. I speak more about this at the end of this article.

So cryptography specifically is the process of applying a formula or algorithm to a message so that it is indecipherable to everyone except the intended recipients. Cryptography, in the form of encryption, uses an encryption algorithm, an algorithm being a set of rules that define a process applied to a given input to get a given output. Cipher is the term used to describe the encryption algorithm and the cipher-text is the resulting information that is produced after applying the formula or algorithm to the original message or plain text.  Cryptanalysis is the method of deciphering the encrypted data by figuring out the pattern in the cipher-text that gives a clue as to what the original message was so you could work backwards to figure out the original method. This decryption or pattern analysis happens both at the recipient’s end when intended, but can also occur if an unwanted third party or eavesdropper is able to figure out the plain text by analyzing the cipher, or somehow getting the key. I’ll explain what a key is in a second.

Encryption algorithms used to involve letter substitution, and these evolved over time. But more modern methods involve multiple alphabets and converting between letters and numbers as well. In the past, people would come up with encryption algorithms that they kept secret as they assumed keeping the method of encryption secret led the to channel being very secure. But, counterintuitively, making the encryption algorithm public is the best way to ensure it is secure. Through elimination, cryptographers could find the most secure algorithms if they had not been broken as others kept trying over time. Thinking that a code was secure just because the people working on it thought it was secure resulted in even wars being lost (the enigma machine). Nowadays, there are standardized algorithms that have not yet been broken.

But because the encryption formulas are standardized so they are less likely to be broken, there has to be a way to make sure that not anyone who knows the formula can get the message. The way this is solved is through the use of keys. Even though there is an encryption formula, there are different keys that define what the cipher-text is when applied to the plain text or what the plain text is when applied to the cipher-text, that is encryption and decryption keys, respectively. So the encryption algorithm works with keys. Keys are the “key” to deciphering the text and the crux of the security. So the key has to be sent over a secure channel, say in person. There is symmetric cryptography where the same key is used to encrypt and decrypt the message and there is asymmetric or public-key encryption, where there is both a public and private key. 

In asymmetric cryptography, public and private keys work as a pair where someone could publish their public key so anyone can send a message to them specifically, but only that person with the private key is able to decrypt and read the message. Using a public and private key pair, the private key need not be shared with anyone. Multiple public keys can be generated from a private key, which adds another layer of security. A private key can also be used for authentication purposes as a digital signature, because a message can be encrypted with a private key as it is sent, and then the receiver can verify that it is sent from the right person using that person’s public key. 

It’s important to note the use of hash functions in cryptography, where a string of data can be output to a specified character length ‘hash’. When signing with the private key by generating an encrypted message using that key, it’s not the whole message that is verified but a hash of the message. The hash or short version of the message will change with a slight change in the original message and is different if signed by the sender who does not have the right private key. So, the receiver can use the public key also to verify that the right private key signed the message by looking at the hash of that message.

I hope this is not too confusing when I talk about signing a message with a private key and the person with the public key being able to verify that the message is from the right person. Remember that the key is what is used to encrypt or decrypt. So a message, though it may use the same encryption algorithm as another’s, will not produce the same cipher-text and so plaintext if it uses another person’s key. As a side note, each encryption algorithm has a set number of keys and the security of the encryption algorithm is dependent on this, as a hacker could attempt to decipher a message by going through all possible keys. But the encryption algorithms used by blockchain technologies such as bitcoin have such a large amount of possible keys that it would take a really really really long time, basically infinite in human terms, to go through them all with current day computer processing power. 

Bitcoin and cryptocurrencies as you will figure out once you begin to use them, use public-key encryption, where a wallet which is simply a storage of data is created having both a public key and a private key. The individual with the correct private key has the right to send and receive ‘messages’ or ‘funds’ from their wallet. But anyone with their public key can send funds to them. Each party can verify who is sending and receiving and whether or not the transaction information can be recorded to the blockchain. If this is all too confusing, you basically have to keep your private key very safe, only using it to access your wallet, but you can share your public key in order to send and receive funds.

I really like to think of cryptography as the solution to a problem. If I wanted to send a message to a specific person using the video format on YouTube, I would be aware that everyone watching, and also the people on YouTube who are not the intended recipients of the message, are able to listen. So, I am communicating across an open channel. Just thinking of the top of my head, maybe I could somehow scramble my message, maybe by speaking in reverse. What I do can’t be random, because it has to have a formula so that the original message can be heard accurately. But it also has to be a bit more secure then being played in reverse, so it would change slightly depending on who the recipient is, and they would be the only one able to actually play the original message, even if the basic algorithm is that it is played in reverse. Other real world applications of securing an open channel include uploading or download packets of data over the internet or when using cell phone networks.  We can encrypt data on our hard drives or phones using software. There are also messaging apps like WhatsApp and Signal that focus on encrypted communication. But data security goes beyond this to preventing social engineering attacks such as phishing emails to collect the necessary information like passwords to unlock or un-encrypt data. So the whole system has to be looked at and not solely rely on cryptography. Cryptography solves the problem of communication over an insecure channel.

EDIT: After writing and sharing this video, a reddit user clearly clarified for me that  encryption is only one of the branches of cryptography. This can be compared to examples such as signing, commitment schemes, private information retrieval, offline digital cash, etc., which also fall under cryptography.

Learn more:  https://media.ccc.de/v/SHA2017-494-cryptography_beyond_encryption_and_signatures