What is cryptography
The word Cryptography comes from the Greek “kryptos” which means hidden, and “graphia”, which means writing, and its definition according to the dictionary is “Art of writing with a secret key or in an enigmatic way”. Cryptography is a technique, or rather a set of techniques, that originally deal with the protection or concealment of information from unauthorized observers. Among the disciplines that include the Theory of Information, the Algorithmic Complexity and the Theory of Numbers or Discrete Mathematics, which as we know already studies the properties of whole numbers.
Through cryptography the information can be protected against unauthorized access, its interception, its modification and the insertion of extra information. It can also be used to prevent unauthorized access and use of the resources of a network or computer system and to prevent users from denying the services to which they are allowed. Modernly, cryptography is the methodology to provide the security of telematic networks, including the identification of entities and authentication, the control of access to resources, the confidentiality of the transmitted messages, the integrity of the messages and their non-repudiation.
Brief history of cryptography
Between Ancient Egypt and the Internet, cryptograms (the encrypted messages) have starred in much of the great historical episodes and endless anecdotes. There are encrypted messages between the articles of the Kamasutra, they were used by rulers and military already in the first states such as Egypt, Babylon, Rome … Abundant diplomatic texts of all times, essential for military orders and modern armies in times of war and, of course, essential in the activity of spies. Nowadays, with the new technologies the use of cryptography has extended beyond its traditional state or political sphere, and is also vital for the daily activity of companies and private citizens.
The first cryptographic methods
The Spartans used, around 400 B.C., the Scitala, which can be considered the first system of cryptography by transposition, that is, characterized by hiding the real meaning of a text by altering the order of the signs that make it up. The soldiers of the Greek city-state wrote their messages on a cloth that wrapped a stick. The message could only be read when the cloth was rolled on a cane of the same thickness, which the lawful recipient of the message possessed (the origin of the “baton”?).
The Scitala method was extremely simple, as was the one used by Julio César, based on the substitution of each letter for the one placed three places later in the Latin alphabet. This simple replacement encryption is known as César encryption.
Cryptography resurfaced in the Europe of the Middle Ages and the Renaissance, driven by the intrigues of the papacy and Italian city-states. He was a servant of Pope Clement VII, Grabiele de Lavinde, who wrote the first manual on the subject in the old continent. In 1466, León Battista Alberti, musician, painter, writer and architect, conceived the polyalphabetic substitution system that employs several alphabeticals, jumping from one to another every three or four words. The sender and the recipient must agree to fix the relative position of two concentric circles, which will determine the correspondence of the signs.
A century later, Giovan Battista Belaso de Brescia instituted a new technique. The code, consisting of a word or phrase, must be transcribed letter by letter over the original text. Each letter of the text is changed to the corresponding one in the alphabet that begins in the key letter. This cipher has reached the present day as “Vigenère Encryption”, since its invention was incorrectly attributed to the French diplomat Blaise de Vigenère, contemporary of Belaso and author of famous treatises on cryptography in the S. XVI.
But the classic mono and polyalphabetic methods are far from being completely safe. In some cases, a simple statistical calculation is enough to unravel the hidden messages. If the usual frequency of the letters in the common language is compared with that of the cryptogram signs, it can be relatively easy to decipher. Factors such as the length of the text, the use or not of more than one key or the extension of it play a very important role, as well as intuition, an essential weapon for every cryptanalyst (encryption breaker). In the 19th century Friederich Kasiski, a Prussian military, published an attack based on statistical methods that broke the ciphers by polyalphabetic substitution.
Cryptography and its functions in information security
The cryptography attempts to guarantee the following desirable properties in the communication of information in a secure way (these properties are known as security functions or services):
- Confidentiality: Only authorized users have access to the information.
- Information Integrity: guarantee offered to users that the original information will not be altered, intentionally or accidentally.
- User authentication:It is a process that allows the system to verify if the user who intends to access or make use of the system is who he claims to be.
- Sender Authentication: It is the process that allows a user to certify that the message received was in fact sent by the sender and not by a impersonator.
- Recipient Authentication:
It is the process that guarantees the identity of the recipient user.
- No repudiation at source:
that when a message is received, the sender cannot deny having sent that message.
- Do not repudiate at destination:
that when a message is sent, the recipient cannot deny receiving it when it arrives.
- Current authentication (no replay):
It is to prove that the message is current, and that it is not an old message forwarded.
Cryptology: cryptography and cryptanalysis
It should be noted that the word Cryptography only refers to the use of codes, so it does not include the techniques used to break those codes, known as Cryptanalysis as a whole. In any case, both disciplines are closely linked; Let us not forget that when designing a system to encrypt information, we must bear in mind its possible cryptanalysis, since otherwise we could have unpleasant surprises.
Finally, the term Cryptology, although not yet included in the Dictionary, is commonly used to group both Cryptography and Cryptanalysis.
Public and private key cryptosystems
Cryptosystems (encryption systems)
A cryptosystem can be formally defined as a quintuple (M, C, K, E, D), where:
- M represents the set of all unencrypted messages (what is called clear text, or plaintext) that can be sent.
- C represents the set of all possible encrypted messages, or cryptograms.
- K represents the set of keys that can be used in the cryptosystem.
- E is the set of encryption transformations or family of functions that is applied to each element of
- M to obtain an element of C. There is a different transformation Ek for each possible value of the key k.
- D is the set of decryption transformations, analogous to E.
Every cryptosystem must meet the following condition:
Dk (Ek (m)) = m
that is, if we have a message m, we encrypt it using the key k and then decrypt it using the same key, we get the original message m again.
Types of cryptosystems
There are two fundamental types of cryptosystems or encryption systems:
Symmetric or private key cryptosystems.
They are those that use the same key k both to encrypt and decrypt. They have the disadvantage that to be used in communications, the key k must be in possession of both the sender and the receiver, which leads us to ask how to transmit to the participants in the communication that key safely.
Asymmetric or public key cryptosystems
Which employ a double key (kp, kP). kp is known as the private key and kP is known as the public key. One of them serves for the transformation or encryption function E and the other for the decryption transformation D.
In many cases they are interchangeable, that is, if we use one to encrypt the other it is used to decipher and vice versa. These cryptosystems must also comply with the fact that knowledge of the public key kP does not allow the calculation of the private key kp. They offer a greater range of possibilities, being able to be used to establish secure communications through insecure channels since only the public key travels through the channel, which only serves to encrypt, or to carry out authentication. Without the private key (which is not deductible from the public key) an unauthorized observer of the communication channel will be unable to decrypt the encrypted message.
In practice, a combination of these two types of cryptosystems is used, since asymmetric cryptosystems have the disadvantage of being computationally much more expensive than the former. In the real world, asymmetric cryptography is used to encode symmetric keys so that they can be sent to communication participants even through insecure channels. The messages (longer) exchanged in the communication will then be coded using symmetric algorithms, which are usually more efficient.