Click here to return to TACC home page
Introduction to Cryptography

Table of Contents

  1. Terminology
  2. Symmetric Cryptography
  3. ASymmetric Cryptography
  4. Hash Functions and Digital Signatures
  5. References

Terminology

    What follows is a list of frequently encountered terms in cryptography:

    Encryption

      The process of obscuring or scrambling data to render it incomprehensible to unauthorized viewers.

    Ciphertext

      The encrypted data. Commonly known as the "code".

    Plaintext

      The original, readable data, prior to encryption.

    Cipher

      A particular method for encrypting or scrambling data. Also known as an encryption algorithm.

    Key

      A small amount of data required by the encryption algorithm to process the plaintext and convert it to ciphertext.

    Decryption

      The process of converting ciphertext back into plaintext. Requires a key and a decryption algorithm.

    Cryptanalysis

      Decryption without the use of a key. It is synonymous with "breaking the code". The strength of an encryption algorithm is determined by the infeasibility of cryptanalysis as applied to the resulting code or ciphertext.

Symmetric Cryptography

    Symmetric key cryptography performs encryption and decryption with a single key. The security of this system is thus determined by protecting the "secret key" from disclosure. As such, this is applicable only in situations where the distribution of the key can occur in a secure manner. Real-life applications often preclude the "safe" distribution of the key, and so symmetric-key cryptography is often used in tandem with asymmetric cryptography.

    Symmetric key algorithms can be classified according to the number of bits encrypted at a time. Stream ciphers can encrypt each individual bits, in contrast to a block cipher that encrypts blocks of data of a given size (DES for example, uses 64-bit chunks). Data portions shorter than the block size are padded, whereby insignificat bits are added to complete the block.

    Examples of symmetric cryptography algorithms include 3DES, Blowfish, IDEA, CAST128, and Arcfour. More detailed information on the different symmetric ciphers can be found on www.ssh.fi/tech/crypto/algorithms.html.

ASymmetric Cryptography

    In public-key or asymmetric cryptography, separate keys are used for encryption and decryption. A public-key is used for encryption, and as the name implies, is not secret and is available for widespread dissemination. Decryption is performed with a key private to the individual who owns it. The public and private keys are related to each other, but obtaining the private key from its public counterpart is an NP-complete problem and is thus infeasible to undertake.

    To illustrate how public-key cryptography works, consider the hypothetical example of two people named Alice and Bob who would like to communicate with each other in private. Assuming Bob already has Alice's public key, he encrypts his message to Alice with her public key. Alice receives the message and decrypts it using her private key. If an eavesdropper, say Eve, were to capture Bob's message in transit and re-send it to conceal her presence, she will be unable to decrypt it just by owning a copy of Alice's public key. She can certainly try to obtain the private key from the public key but it will take her a prohibitively long time to do so.

    RSA and DSA are examples of public key cryptographic algorithms.

Hash Functions and Digital Signatures

    Oftentimes, it is not sufficient to ensure the secrecy of transmitted data. In the example of Bob and Alice discussed previously, Eve could very well have intercepted Bob's message and inserted some of her own, encrypted with Alice's public key. How is Alice to know that the message did come from Bob? And whether the data have been tampered with or not?

    The use of digital signatures and hash functions provide a means for validating the data source and performing integrity checks to verify that the data is free from deliberate or unintentional changes. Hashing is the process of obtaining a smaller dataset from the original data using a transformation prescribed by the hash function. There is however, a many-to-one mapping of the domain (original data) to the range (computed hash value). This implies that hashing is a one-way operation: a given set of data corresponds to a unique hash value, but extraction of the plaintext from the hash value is impossible.

    For hashing to work, the type of data changes that are likely to result from deliberate tampering or network glitches must result in a different value. In formulating a hashing function, one must be careful to tailor it to detect particular types of errors. A hash procedure that detects network noise for example, will have different requirements than those that catch intentional tampering of data.

    The use of digital signatures and hashing is best illustrated by again considering Bob and Alice's situation:

    1. To sign a document D, Bob first computes its hash value H(D).
    2. Next, Bob encrypts the hash value with his private key. The result is Bob's signature. Note the difference with "ordinary" asymmetric cryptography, where the public key is used for encryption. In generating the signature, the private key is used in order to "bind" Bob to it, since only Bob has access to his private key.
    3. Bob affixes the signature to his document and sends it to Alice.
    4. When Alice receives the document along with Bob's signature, she independently calculates the document's hash value, call this H'(D). She then decrypts Bob's signature with his public key (again, note the difference).
    5. Alice's successful decryption of the signature provides proof that Bob is the sender. She then compares her hash value H'(D) to the decrypted signature, H(D). If she gets a match, then she can be fairly confident that the document has not been altered in transit.

    Even this scenario is not foolproof. Suppose Eve fraudulently generates a public and private keypair while impersonating Bob. There is no mechanism in the procedure outlined above for detecting impostors like Eve, if she prepares the document as outlined and sends what Alice thinks to be Bob's public key. This raises the important question of how to "bind" a public key to a particular person.

    The certificate authority's main function is as a trusted, third-party "signer" of signatures, that makes the important association between signature and owner.

    To prevent problems with stolen identities, as in the scenario with Eve mentioned above, the certificate authority "signs" Bob's signature and creates what is known as a digital signature. A digital signature is created when the certificate authority encrypts Bob's public key along with some personal information.

    This time Bob sends his message to Alice with a digital certificate created for him by a trusted certificate authority. Alice receives the message and decrypts the certificate with the authority's public key. Successful decryption implies that the digital certificate is vouched for by the certificate authority, and yields some of Bob's personal information as well as a public key that Alice can confidently assume truly belongs to Bob.

References
    Online cryptography materials and logs:
    1. The ssh.com webpage has a very good cryptography page. Check out www.ssh.com/tech/crypto/intro.cfm and their extensive list of online references.
    2. Consult the Cryptography FAQ for some of the more commonly discussed issues in this area.
    3. This page contains a very easy-to-follow description of digital signatures and hash functions.
    4. As its name implies, Cryptography Resources is a repository of reference materials on cryptography, including online resources, software, and journal articles.
    Books
    1. Applied Cryptography by Bruce Schneier
    2. Cryptography Decrypted by Doris Baker
    3. Cryptography: Theory and Practice by Douglas Stinson
May 16, 2008
Office of the Vice President for Research
© Copyright 2002 The University of Texas at Austin