• Table Of Contents

Introduction

Cryptology, Cryptography and Cryptanalysis

<aside> 👉 Cryptology

</aside>

An umbrella term consisting of both Cryptography and Cryptanalysis

<aside> 👉 Cryptography (Crypto)

</aside>

• It's the building, designing and deploying the algorithms used to protect our information from prying eyes, and is done by Cryptographers.
• Analogical to the Software Development Team at an organisation

<aside> 👉 Cryptanalysis

</aside>

• It's the testing and verifying the strength of algorithms and finding potential security holes, and is done by Crytanalysts
• Analogical to the Quality Assurance& Testing Team of an organisation

Core components of cryptography

<aside> 👉 Plaintext

</aside>

Data that can be read and understood w/o any special meaning

<aside> 👉 Ciphertext (Cryptogram)

</aside>

• After the message has been transformed, the resulting gibberish is known as a Ciphertext
• It's completely random in nature, and has no meaning at all, viz. 0% compression ratio. If we run through a compression program, and we see anything above 0% compression, it means our algorithm is bad, because if it can be compressed, it shows that there are patterns in the ciphertext which can be exploited.
• Due to the above property, compression is done before encryption, because encrypting it beforehand won't make any sense since the ciphertext has 0% compression ratio anyways.

<aside> 👉 Encryption

</aside>

• It's the coding of messages so that its real meaning is concealed
• How the obfuscation is going to take place, depends on the Cryptographic Cipher used
• A message is not just text, it can be anything; be it an executable, image, video etc. Because deep down, everything is in the form of binary. Whilst referring to a message, we connote to that binary form.

<aside> 👉 Decryption

</aside>

The process of transforming an encrypted message into its original form.

Core components of encryption

<aside> 👉 Cipher (The Algorithm)

</aside>

• A mathematical transformation operating on the characters at the binary level and decide how a message is going to be transformed.
• They usually work in conjunction with a key, which is used in the encryption/ decryption process.
• It can be Cryptographic in nature (RSA) or Non-Cryptographic too (ROT-n), but in case of encryption, we refer to its Cryptographic counterpart only
• A good cipher is always publicly documented and tested against, for years, if not decades before being put to practice

<aside> 👉 The Key

</aside>

• A string of binary data used to initialise encryption/ decryption algorithms and its size is measured in bits.
• The strength of a Key depends upon its size, and the algorithm used to generate the key. It's extremely important to have key-management and protection practices
• Key-length is a good indicator of protection provided by that key, because of larger keyspace, making it harder to bruteforce (increase in total possibilities)

Miscellaneous terminology

<aside> 👉 Clustering

</aside>

A situation when a plaintext message generate identical ciphertext when we're using the same algorithm each time, but a different key.

<aside> 👉 Cryptosystem

</aside>

• Consists of: Key Generation Cipher, Decryption Cipher, and Encryption Cipher and all the possible keys and protocols
• Three types of Cryptosystems: Symmetric, Asymmetric and Hashing

Goals& challenges in cryptography

<aside> 👉 The challenges

</aside>

• Making sure our information is protected during transit
• Making sure our keys are properly protected and managed
• Making sure our information is protected at rest

<aside> 👉 The goals

</aside>

• Confidentiality: Our information shouldn't be read by anyone else other than whom I'm sending it to.
• Integrity: Our information mustn't be altered by a third party
• Authentication: The receiver must properly authenticate themselves before receiving our data
• Non-Repudiation: It must be absolutely clear who sent the message, so that one can't deny it later on.

Symmetric cryptosystems

Basics

• Uses a same and single key for both encryption and decryption, which is why it's known as Symmetric Cryptosystems, aka Single Key Cryptography, One Key Encryption, and Secret Key Encryption
• The key is known as Secret Key which must be protected
• Its primary purpose is ensuring Confidentiality, and has nothing to do with Non-Repudiation

• Symmetric Cryptosystems are very fast in nature, because of their mathematical simplicity, and the lack of key management techniques
• Example: AES, DES, 3DES, RC4, Blowfish etc.

Categories of symmetric key algorithms

<aside> 👉 Stream Cipher

</aside>

• One byte of data is encrypted at a time with a different key, and thus, each byte is decrypted with its own different key
• Key re-use must never be there, otherwise the whole Cryptosystem would break

<aside> 👉 Block Cipher

</aside>

• The plaintext is segreagated into blocks of n-characters (bits) and the mathematical functions are applied on that whole block at the same time, and the same key is used for all the blocks
• If our plaintext is smaller than the block size specified, the missing bits get padded to fill up the gap.

Key exchange

The internal mathematics

Some common symmetric ciphers

<aside> 💡 Some cryptographic ciphers are a group, it means that iterating a message multiple time across a cipher will not increase the security. $E(K_2, E(K, M)) = E(K_3, M)$

Example: Rotation cipher

2DES didn't come into the picture because of a security flaw known as Meet-In-The-Middle, which would have lead to only a key length of 57 bits.

</aside>