# Cyptography for Beginners

## Glossary

Cryptography - the practice and study of techniques for secure communication in the presence of third parties. Also known as crypto and cryptology.

Cipher - an algorithm for performing encryption or decryption.

Plaintext - unencrypted message or information. Also known as cleartext.

Ciphertext - encrypted message or information.

Encryption - a process of encoding messages or information in a form that only authorized parties can read it.

Decryption - a process of converting messages or information from ciphertext to plaintext.

Random Number Generator (RNG) - a device designed to generate a sequence of numbers that lacks any pattern.

Key - a parameter that determines the functional output of the cryptographic cipher.

Hash Function - a one-way cryptographic function considered practically impossible to invert.

Digest - the output of the hash function.

Symmetric Algorithm - an algorithm the uses the same cryptographic key for both encryption and decryption.

Asymmetric Algorithm - an algorithm the uses different cryptographic key for both encryption and decryption. Also known as public-key algorithms.

## Symmetric Ciphers

There are two types of symmetric encryption algorithms:

Block Cipher - operates on fixed-length groups of bits, called blocks.

Stream Cipher - operates on stream of bits.

## Common Block Ciphers

### Data Encryption Standard (DES)

In modern cryptography, DES was the first standardized cipher for securing electronic communications. Due to the processing power of modern computers, DES is not used anymore as it is considered weak. It can be used in variations as 2-key or 3-key 3DES.

This is the standard set by the US National Institute of Standards and Technology in 2001 for the encryption of electronic data. It supersedes DES which had been in use since 1977. AES has various forms, depending on the key length. They are abbreviated as AES-128, AES-192 and AES-256 where the last number is the key length in bits.

## Common Stream Ciphers

### Rivest Cipher 4 (RC4)

RC4 stream chipher has been used in various protocols including Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) as well as in Transport Layer Security (TLS). However, due to some vulnerabilities discovered in 2015, it usage started to decline. RFC 7465 prohibits the use of RC4 in all versions of TLS.

## Asymmetric Ciphers

Stream and block terms are not usually used with asymmetric ciphers. That said, public-key encryption also encrypts blocks of data. For example, RSA where block sizes are based on the key size.

## Common Asymmetric Ciphers

One of the oldest and most widely used asymmetric algorithms. It is based on the fact that if you multiply two giant prime numbers it is almost impossible to derive the original primes from the result. In fact, there is a published research claiming that it would take around 1500 years of computing time to crack 768 bit RSA key!

### Elliptic Curve Cryptography (ECC)

Like RSA, ECC works on the principle of irreversibility. In ECC, a number symbolizing a point on the curve is multiplied by another number and gives another point on the curve. Now, to crack this puzzle, you must figure out the new point on the curve. The mathematics of ECC is built in such a way that it’s virtually impossible to find out the new point, even if you know the original point.

## Symmetric vs. Asymmetric Ciphers

In short, this comparison is more about the cost of an elementary operation (encryption and decryption) than anything else. It would be prohibitively expensive to do asymmetric encryption for large amounts of data. Symmetric keys give you cheap computation but the problem of a shared secret. Public keys give you expensive computation but easily shared information needed to communicate securely.

The effect usage of these algorithms come from creating another layer of abstraction. In other words, a researcher will have to build a system using these ciphers as primitives.

For example, the following hybrid approach makes sense:

Key encryption - use public key cryptography to encrypt a symmetric key generated on the fly. It is expensive operation, but you only do it once.

Data encryption - use the symmetric key to encrypt and decrypt the actual data. It is a much cheaper operation.

## Hash Algorithms

These algorithms are commonly used to verify information integrity or store some types of sensitive data, like passwords. Why passwords? Because the same hash function will always yield the same hash for the same input. Therefore any attempted password can be hashed and the result compared against the saved hash to verify an authentication attempt.

Another memorable concept involving cryptographic hash functions is hash-based message authentication code (HMAC). It is a type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. HMACs are used to simultaneously verify both the data integrity and the authenticity of a message.

## Common Hash Algorithms

### MD5 Message-Digest Algorithm (MD5)

MD5 was released in 1992 and was also built as a successor to MD4, which was successor to MD2. MD5 isn't as fast as MD4 but it is considered to be more secure than the previous MDx implementations. Although it is true, MD5 usage should be avoided in any capacity, as previous research has demonstrated, it should be considered cryptographically broken and unsuitable for further use. It can still be used as non-cryptographic hashing algorithm.

### Secure Hash Algorithms (SHA)

It is a a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a US Federal Information Processing Standard (FIPS), and includes the following algorithms:

SHA-1 - developed in 1993, and widely used in security applications and protocols, including SSL/TLS, PGP, SSH, IPsec, and S/MIME. SHA-1 produces a 160-bit digest and has a block size of 512 bits. Although SHA-1 is still widely used, cryptanalysts in 2005 were able to find vulnerabilities on the algorithm that detrimentally compromised its security. These vulnerabilities came in the form of an algorithm that speedily finds collisions with different inputs, meaning that two distinct inputs map to the same digest.

SHA-2 - published in 2001, it consists of two hash functions known as SHA-256 and SHA-512, using 32- and 64-bit words, respectively. There are additional truncated versions of these hash functions, known as SHA-224, SHA-384, SHA-512/224, and SHA-512/256. SHA-2 produces 224 or 256-sized digests and has block sizes that contain 1024 bits, or 512 bits.

SHA-3 - the latest member of the SHA family of standards, released in 2015. SHA-3 is a subset of the broader cryptographic primitive family Keccak and internally varies greatly from SHA-1 and SHA-2. Although SHA-3 is a better algorithm, NIST does not currently plan to withdraw SHA-2 or remove it from the revised Secure Hash Standard.

## Discussion

Lane Wagner

Love to see more crypto content. If anyone wants practice checkout qvault.io/practical-cryptography-c...

Artem

That's very cool! Thank you for sharing.