CodingLad
cryptography

Cryptography Basics: A Practical Guide to Secure Communication

Cryptography Basics: A Practical Guide to Secure Communication
0 views
10 min read
#cryptography
Table Of Content

Cryptography Basics: A Practical Guide to Secure Communication

Modern digital systems rely heavily on cryptography to protect data and verify identity over untrusted networks. From encrypting messages and securing web traffic to authenticating users and preventing cyberattacks, cryptographic principles form the backbone of secure communication.

This article provides a practical overview of cryptography fundamentals, encryption models, cryptanalytic attacks, and core security concepts that underpin modern authentication and encryption systems.

Objectives of Cryptography

Cryptography is designed to achieve four fundamental security goals:

1. Confidentiality

Confidentiality ensures that information is accessible only to authorized users. Encryption protects sensitive data from unauthorized disclosure by transforming readable data into an unreadable form.

2. Integrity

Integrity guarantees that data has not been altered or tampered with during storage or transmission. Cryptographic checks ensure that any modification can be detected.

3. Authentication

Authentication confirms the identity of users, devices, or systems involved in communication. It ensures that parties are who they claim to be.

4. Non-Repudiation

Non-Repudiation prevents a sender from denying that they sent a message and a receiver from denying that they received it. This is commonly achieved using digital signatures.

How It Works:

  • Sender signs message with private key
  • Receiver can verify signature with public key
  • Provides legal proof of origin and delivery

Cryptography Process Overview

cryptography process

At a high level, cryptography transforms readable data into an unreadable form and back again:

Encryption Process:

Plaintext → [Encryption Algorithm + Key] → Ciphertext

Decryption Process:

Ciphertext → [Decryption Algorithm + Key] → Plaintext

Key Components:

  • Plaintext: Original readable data
  • Encryption Algorithm + Key → produces Ciphertext
  • Ciphertext: Encrypted, unreadable data
  • Decryption Algorithm + Key → recovers Plaintext

Kerckhoffs's Principle

A key principle in cryptography is Kerckhoffs's Principle, which states:

The security of a cryptographic system must rely only on the secrecy of the key—not on the secrecy of the algorithm.

In other words:

  • Algorithms are assumed to be public knowledge
  • Only the key must remain secret
  • Security through obscurity is not reliable

Why This Matters:

  • Algorithms can be analyzed, tested, and improved by the security community
  • Public algorithms are more trustworthy (many eyes find more bugs)
  • Key management becomes the critical security concern
  • Systems remain secure even if algorithms are known

Modern Example:

  • AES (Advanced Encryption Standard) algorithm is completely public
  • Security depends entirely on keeping the encryption key secret
  • Even knowing AES doesn't help attackers without the key

Types of Encryption

Symmetric Key Encryption

Symmetric encryption uses the same secret key for both encryption and decryption.

Symmetric Key Encryption

Characteristics:

  • Fast and efficient — Optimized for speed
  • Suitable for encrypting large amounts of data — High throughput
  • ⚠️ Requires a secure method to share the key — Key distribution challenge

Examples:

  • AES (Advanced Encryption Standard) — Most widely used
  • DES (Data Encryption Standard) — Deprecated, insecure
  • 3DES (Triple DES) — Legacy, being phased out

Challenge: Secure key distribution between communicating parties. How do two parties agree on a secret key without an attacker intercepting it?

Key Management:

Alice and Bob need to share a secret key
Problem: How to exchange the key securely?
Solution: Use asymmetric encryption to exchange symmetric keys

Asymmetric Key Encryption

Asymmetric encryption uses two different but mathematically related keys:

  • Public key: Used for encryption or signature verification
  • Private key: Used for decryption or digital signing

Characteristics:

  • ⚠️ Slower than symmetric encryption — More computationally intensive
  • More scalable and secure for key exchange — No prior key sharing needed
  • Enables secure communication without prior key sharing — Solves key distribution problem

Examples:

  • RSA (Rivest-Shamir-Adleman) — Most common asymmetric algorithm
  • ECC (Elliptic Curve Cryptography) — More efficient, smaller keys
  • Diffie-Hellman — Key exchange protocol

Key Pair Relationship:

Public Key (known to everyone)
    ↕ (mathematically related)
Private Key (kept secret)

Hybrid Approach: Asymmetric cryptography is often used to exchange symmetric keys securely, then symmetric encryption is used for the actual data transfer (combining the benefits of both).

Example Flow:

  1. Alice generates symmetric key
  2. Alice encrypts symmetric key with Bob's public key
  3. Bob receives encrypted key and decrypts with his private key
  4. Both parties now share a symmetric key
  5. Use fast symmetric encryption for actual data

Types of Cryptanalytic Attacks

Goal: Recover the plaintext or the secret key
Metric: How difficult it is for the attacker (cryptanalyst)

The attack model defines what information the attacker has access to, which determines the difficulty of breaking the cipher.

Summary Table

Type of AttackWhat the Attacker KnowsGoal of the AttackerDifficulty Meaning
Ciphertext-Only AttackOnly ciphertext and the encryption algorithmGuess the plaintext or the secret keyVery hard — almost no extra information
Known-Plaintext AttackCiphertext + some known plaintextUse plaintext–ciphertext pairs to recover the keyModerate — some helpful clues
Chosen-Plaintext AttackCan choose plaintext and obtain corresponding ciphertextStudy how the encryption algorithm reacts to controlled inputsEasier — attacker controls input
Chosen-Ciphertext AttackCan choose ciphertext and obtain corresponding plaintextStudy how the decryption algorithm reactsEasier — attacker can probe decryption
Chosen-Text AttackCan choose both plaintext and ciphertextFull control of both sides of the systemEasiest / most powerful attack model

These attack models define how much power an attacker has when analyzing a cryptographic system.

In a Known-Plaintext Attack (KPA), the attacker knows some plaintext (P) and the corresponding ciphertext (C), and uses these ((P, C)) pairs to try to recover the secret key or to decrypt other messages.

A Chosen-Plaintext Attack (CPA) is an attack model in which the attacker can choose arbitrary plaintexts and obtain their corresponding ciphertexts, without the secret key.

A Chosen-Ciphertext Attack (CCA) is an attack model in which the attacker can choose arbitrary ciphertexts and obtain their corresponding plaintexts, without the secret key.

A Chosen-Text Attack is an attack model in which the attacker can choose both plaintexts and ciphertexts and obtain their corresponding encryptions and decryptions.

Cryptographic Algorithm Basics

A cryptographic algorithm is a mathematical function that transforms data using a key.

Encryption:

Plaintext + Key → Ciphertext

Decryption:

Ciphertext + Key → Plaintext

Key Insight

If an attacker knows the algorithm, they know the exact mathematics and steps—but not the secret key.

This is why Kerckhoffs's Principle works:

  • Algorithm can be public
  • Security depends on key secrecy
  • Public algorithms are more trustworthy

Key Models

Symmetric Cryptography

Same secret key used for encryption and decryption:

Encryption: E(Plaintext, Key) → Ciphertext
Decryption: D(Ciphertext, Key) → Plaintext

Key Properties:

  • Single shared secret
  • Must be kept confidential
  • Key distribution is the challenge

Asymmetric Cryptography

Two inverse operations using different keys:

Public Encrypt / Private Decrypt:

Encryption: E(Plaintext, PublicKey) → Ciphertext
Decryption: D(Ciphertext, PrivateKey) → Plaintext

Key Properties:

  • Mathematically related key pair
  • Public key can be shared openly
  • Private key must remain secret
  • Operations are one-way (can't derive private from public)

Brute-Force Attack

Definition

A brute-force attack tries every possible key until the ciphertext decrypts into recognizable plaintext.

Process:

  1. Attacker has ciphertext
  2. Tries key = 0, 1, 2, 3, ... up to maximum key value
  3. For each key, attempts decryption
  4. Checks if result looks like valid plaintext
  5. Stops when valid plaintext is found

Properties

Always Theoretically Possible:

  • Given enough time and computing power, any key can be found
  • No algorithm can prevent brute-force attacks completely

Difficulty Grows Exponentially with Key Size:

  • Key size determines number of possible keys
  • Each additional bit doubles the key space
  • Exponential growth makes large keys impractical to brute-force

Requires the Ability to Recognize Valid Plaintext:

  • Attacker must be able to distinguish valid decryption from gibberish
  • May use statistical analysis, language patterns, or file format checks

Examples

56-bit key:

  • 2^56 = 72,057,594,037,927,936 possibilities
  • Feasible with modern computing power
  • DES (56-bit) can be brute-forced in hours/days

128-bit key:

  • 2^128 = 340,282,366,920,938,463,463,374,607,431,768,211,456 possibilities
  • Infeasible with current technology
  • Would take billions of years even with fastest supercomputers

256-bit key:

  • 2^256 possibilities
  • Completely infeasible
  • Even with quantum computers (in current state), impractical

Visualization:

Key Size    Possible Keys          Feasibility
56-bit      72 quadrillion         ⚠️ Feasible (hours/days)
128-bit     340 undecillion        ✅ Infeasible (billions of years)
256-bit     2^256                  ✅ Completely infeasible

Strong Key Sizes Make Brute-Force Attacks Impractical

Modern Recommendations:

  • Symmetric encryption: At least 128 bits (AES-128), preferably 256 bits (AES-256)
  • RSA: At least 2048 bits, preferably 3072 or 4096 bits
  • ECC: 256 bits provides equivalent security to 3072-bit RSA

Why This Matters:

  • Attackers cannot try all possible keys in reasonable time
  • Security through computational infeasibility
  • Even with future technology advances, large keys remain secure

Security Definitions

Unconditional (Information-Theoretic) Security

Definition: Ciphertext provides no information about plaintext, even with infinite computing power.

Key Idea: Breaking the cipher is mathematically impossible, not just computationally difficult.

Example: One-Time Pad (OTP)

Requirements:

  • Key length equals plaintext length
  • Key used only once (never reused)
  • Key is truly random (cryptographically secure random number generator)
  • Provides perfect secrecy

How It Works:

Plaintext:  "HELLO"
Key:        "XMCKL"
Ciphertext: XOR(HELLO, XMCKL) = "EQNVZ"

Properties:

  • ✅ Mathematically proven secure
  • ✅ No amount of computing power can break it
  • ✅ Ciphertext reveals nothing about plaintext

1. Why Key Length Matters :

The OTP's perfect secrecy relies on the key being at least as long as the plaintext and never reused.

If the key is shorter than the plaintext, then:

  • The key must repeat or have structure
  • Not all plaintexts are possible for a given ciphertext
  • Some plaintexts become more likely than others

This destroys information-theoretic security and opens the door for brute-force and statistical attacks.

2. Why Brute Force Works for Non-OTP Ciphers :

For most practical ciphers (where keys are much shorter than messages):

  • Most keys produce implausible plaintext
  • Only a small subset produce meaningful text

Brute force works because the attacker can filter out nonsense outputs and keep only candidates that “look right”.
This filtering step is exactly what the OTP prevents.

Brute force normally answers the question:

“Which key works?”

OTP changes the problem to:

“All keys work.”

Therefore, brute force becomes meaningless for a properly used OTP.

3. OTP View: Every Plaintext Has a Key :

Recall the XOR-based OTP encryption:

C = P ⊕ K

Given a ciphertext (C):

For every possible plaintext (P'):

K' = P' ⊕ C

The derived key (K'):

  • Has the correct length
  • Can be uniformly random
  • Is just as likely as the real key (from the attacker's perspective)

This is the crucial guarantee:

  • Even “nonsense-looking” plaintexts are just as likely as “meaningful” ones
  • Each (P_i) is equally likely
  • There is no statistical test that can tell which plaintext is the real one

That is why the One-Time Pad achieves unconditional (information-theoretic) security.

Computational Security

Definition: Breaking the cipher is possible in theory but impractical in reality.

Conditions:

  • Cost of attack exceeds the value of the data
  • Time required to break exceeds the data's useful lifetime
  • Attack requires more resources than available

Example: AES-256

Properties:

  • 2^256 possible keys
  • Even with the fastest supercomputers, brute-forcing would take longer than the age of the universe
  • Computationally secure for all practical purposes

Real-World Security:

  • Used in banking, government, and critical systems
  • Provides sufficient security for virtually all applications
  • Balance between security and practicality

Comparison:

Security TypeBreakabilityPracticalityUse Cases
UnconditionalMathematically impossibleImpracticalHighly sensitive, short messages
ComputationalTheoretically possible, practically infeasiblePracticalMost real-world applications

XOR Encryption Principle

Formula

Encryption:

C = P ⊕ K

Where:

  • C = Ciphertext
  • P = Plaintext
  • K = Key
  • = XOR operation (exclusive OR)

Decryption:

P = C ⊕ K

XOR Property

Key Mathematical Property:

(A ⊕ B) ⊕ B = A

What This Means: If you know any two of P, C, K you can compute the third.

Proof:

Encryption: C = P ⊕ K
Decryption: P = C ⊕ K

Substitute: P = (P ⊕ K) ⊕ K
Property:   P = P ⊕ (K ⊕ K)
Identity:   P = P ⊕ 0
Result:     P = P ✅

Critical Implication

If an attacker knows both plaintext and ciphertext:

K = P ⊕ C

Key Takeaways

In Short

  • Unconditional security = impossible to break (theoretical)
  • Computational security = impractical to break (real-world)

Fundamental Principles

  1. Kerckhoffs's Principle: Security through key secrecy, not algorithm secrecy
  2. Key Size Matters: Larger keys exponentially increase security
  3. Attack Models: Different attack scenarios require different defenses
  4. Hybrid Approach: Combine symmetric and asymmetric encryption

Conclusion

Cryptography is the foundation of modern digital security. Understanding these fundamental concepts—from encryption types and attack models to security definitions and key management—is essential for anyone working with secure systems.

Remember:

  • Security doesn't come from hiding algorithms
  • Strong keys and proper implementation are critical
  • Different attack models require different defenses
  • Computational security is sufficient for most real-world applications
  • Cryptography is a tool that must be used correctly to be effective

As you design or evaluate cryptographic systems, keep these principles in mind. The security of your data, communications, and systems depends on getting the fundamentals right.

Next Steps:

  • Learn about specific algorithms (AES, RSA, ECC)
  • Understand key exchange protocols (Diffie-Hellman, ECDH)
  • Study digital signatures and certificates
  • Explore modern cryptographic protocols (TLS, SSH, PGP)
  • Practice secure key management

Cryptography is both an art and a science—mastering the basics is the first step toward building truly secure systems.