Cryptography or the art of sharing secret codes
Crypto here, crypto there, and crypto here again! Those 6 letters, usually the short referring to cryptography, are now everywhere in our daily life. But what is cryptography? The word itself seems a bit barbaric. Coming from the greek kryptós = hidden secrets and graphein = to write; it is the art of writing (and solving) secret codes. It is often thought very complicated for the non-tech savvy, and yet it is based on very easily understandable principles. That’s what we’re trying to cover here with an overview of the basic principles of cryptography.
Classic Cryptography
Classic Cryptography refers to the cryptography used before our modern era; understand before the widespread use of computers. For that period of time, cryptography is pretty much a synonym of encryption.
Encryption is the process of transforming a readable content to seemingly nonsense information, and vice versa. It was then used mainly by the military to make sure that confidentiality was met when sending messages. Only when secret knowledge was acquired by the recipient then the message could be deciphered. Secret knowledge here is what we refer to as a key, in practice absolutely necessary to decrypt the message. Note the difference with encoding, where secrecy is not needed. For example, Morse code isn’t an encryption method.
Example of a well-known encryption technique: Caesar’s cipher
The method was reportedly used by Julius Caesar in his private correspondence and hence was named after him. It’s arguably one of the very first encryption technique used and is a type of polyalphabetic substitution cipher. In its very basic and original version, each letter in the text is replaced by a letter some fixed number of positions down (or up) the alphabet.
Would you be able to crack the following secret message? Tell us in the comments!
Of course, this technique is very easily breakable nowadays with our modern means and knowledge, and cannot be practically used for serious encryption purpose.
Indeed, a brute-force of this technique is very easy as there are only 25 possible keys (only 26 letters in the alphabet!), it can also be broken by other methods such as frequency analysis.
Some variation of Caesar’s cipher in particular, the running key variant of the Vigenere cipher, give much better security and is potentially unbreakable unless very strong cryptanalysis is used. In this case, the key is another text. The key is used to provide a keystream used with interwoven Caesar’s ciphers.
Another well-known technique: the book cipher
In this method, the key is a book. Both correspondents have the exact same book, with the same edition. A code (numbers), refer to page numbers, line numbers and word positions on the line. Using the book, the recipient is able to decipher the message by looking at the words indicated by the code.
This technique is often depicted in the movies or in the literature. It is also a very strong means to encrypt messages and has been extensively used in the past. However, it requires that the key used (the book) is rich enough to be able to depict the topics both correspondents intend to cover. For example, in the context of espionage, a spy will have difficulties to find the fitting words in a cookbook or in a novel for children.
Note that some very well-known cipher has yet to be deciphered to this day. For further exciting reads, check the Beale ciphers, a famous use of a book cipher and a mystery of the 19th Century; or the Cicada 3301 mystery, called the “most elaborate and mysterious puzzle of the internet age” that has been using the book cipher method in pieces of its puzzles.
Modern Cryptography
Cryptography evolved and became more sophisticated, to be what we have now with advanced features that simple encryption could not offer, like integrity check, sender and receiver authentication, etc.
One of the foundations of modern cryptography is known as Kerckhoffs’ principle, and was stated at the end of the 19th century:
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Remember Caesar’s cipher, in its most basic declination, described above? Well, if the attackers know the algorithm, even if they don’t have the key, they’ll be able to decipher the message in no time! Hell, I’m sure you would too now!
So, modern crypto largely embraces the fact that “the enemy knows the system” and most of the systems should be designed assuming that only the key should be enough to keep secrecy.
Symmetric-key cryptography
This refers to encryption methods in which encryption and deciphering are done with the same key. Hence, the key needs to be shared between the sender and the receiver.
Several standards for encryption algorithm have been developed, such as DES, AES or RC4, and are still widely being used.
One of the particularities of this method, and since a key is shared between the sender and the receiver, is that you would need as many keys as the number of entities you communicate with to keep your conversations private.
This is particularly fitting when communication is done between users and a centralized server: each user keeps a unique key for communication and the central body keeps as many keys as it counts users. This is the case of users accessing an email server for example.
However, it could be troublesome when all users from the ecosystem interact with each other, they would need to keep each as many keys as there are other users they want to interact with.
Asymmetric-key (also called public-key) cryptography
This method only appeared in the late seventies and is the one mainly used for cryptocurrencies and blockchain projects. It basically works with a pair of keys: a public key, and a private key.
The public key is generated from the private key with a highly mathematical derivation. Nonetheless, there is no possibility to find back the private key using the public key.
Such systems give anyone the possibility to encrypt using the recipient’s public key. However, only the recipient can decrypt using his own private key, corresponding to the public key used for encryption.
