Cryptography is a field with a long and storied history, dating back thousands of years. Cryptography has always played a importantl role in protecting information and ensuring secure communication, from ancient Egypt, where hieroglyphs were used to secure secret messages, to modern-day digital encryption methods that safeguard sensitive information on the internet.
As a field, cryptography is constantly evolving, providing new challenges and opportunities. It is expected that cryptography will become even more important as technology advances and the amount of sensitive information being transmitted and stored online increases.
Cryptography is the process of converting recognizable data into an encrypted code for transmitting it over a network (either trusted or entrusted).
Data is encrypted at the source, i.e. sender’s end and decrypted at the destination, i.e. receiver’s end.
In all cases, the initial unencrypted data is referred to as plain text. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.
Plaintext =>Ciphertext=> Plaintext=>Encryption=> Decryption
Some Cryptography tools are as follow:
- PassKeys – Apple New Generation Password Authentication
- Microsoft Open Source Application Inspector
- PWGen: Generator Of Cryptographically-Strong Passwords
- BeeCrypt: Cryptography Library Toolkit
- Retter That Can Easily Promote And Develop Cryptography
- Combination of VPN, Tor And ProxyChain For More Anonymity
The Purpose :-
Authentication : The process of proving one’s identity.
> Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
> Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
> Non-repudiation : A mechanism to prove that the sender really sent this message.
The general practices and required minimum key length depending on the scenario listed below.
- Key exchange: Diffie–Hellman key exchange with minimum 2048 bits
- Message Integrity: HMAC-SHA2
- Message Hash: SHA2 256 bits
- Asymmetric encryption: RSA 2048 bits
- Symmetric encryption: AES 128 bits
- Password Hashing: Argon2, PBKDF2, Scrypt, Bcrypt
What are Types of Cryptography?
In general, cryptographic algorithms are classified into three categories as follows:
1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3) Hash Functions : Uses a mathematical transformation to irreversibly “encrypt” information.
Also read – i2P Network – To Encrypt The Connection
Secret Key Cryptography :-
With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
Secret key cryptography algorithms that are in use today include :
1) Data Encryption Standard (DES): DES is a block cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to “brute force” attacks. Triple-DES (3DES) and DESX are the two important variants that strengthen DES.
2) Advanced Encryption Standard (AES ): The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.
3) International Data Encryption Algorithm (IDEA): Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.
4) Rivest Ciphers : Named for Ron Rivest, a series of SKC algorithms.
- RC1 : Designed on paper but never implemented.
- RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It’s code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
- RC3 : Found to be breakable during development.
- RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
- RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
- RC6 : An improvement over RC5, RC6 was one of the AES Round 2 algorithms.
5) Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimised for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.
Public-Key Cryptography :-
Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. No matter which key is applied first, but both the keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party.
Public-key cryptography algorithms that are in use today for key exchange or digital signatures include :
RSA : One of the most popular encryption algorithm, invented in 1977 by three MIT scientists (Ronald Rivest, Adi Shamir, and Leonard Adleman).
The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.
Hash Functions :-
Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered.
Hash algorithms are typically used to provide a digital fingerprint of a file’s contents, often used to ensure that the file has not been altered by an intruder or virus. It is also commonly employed by many operating systems to encrypt passwords and then, provide a measure of the integrity of a file.
Hash algorithms that are in common use include:
1) Message Digest (MD) algorithms: A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.
MD2 : Designed for systems with limited memory, such as smart cards.
MD4 : Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.
MD5 : Also developed by Rivest in 1991 after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data.It accepts variable length message from the user and converts it into a fixed 128-bit message digest value.
One interesting and important aspect of the MD5 hash function is that it is a one-way algorithm. This means you can produce the 128-bit fingerprint if the data chunk is available to you. You cannot, however, generate the entire data if only the fingerprint of the data is known.
2) Secure Hash Algorithm (SHA): Algorithm for NIST’s Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.
3) RIPEMD: A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimised for 32-bit processors to replace the then-current 128-bit hash functions. Other versions include RIPEMD-256, RIPEMD-320, and RIPEMD-128.
4) HAVAL (Hash of Variable Length): Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with many levels of security. HAVAL can create hash values that are 128, 160, 192, 224, or 256 bits in length.
5) Whirlpool: A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2256 bits in length, and produces a message digest of 512 bits. The design of this hash function is very different than that of MD5 and SHA-1, making it immune to the same attacks as on those hashes.
6) Tiger: Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first 128 and 160 bits, respectively, to provide compatibility with the other hash functions.
Secure Cryptographic Storage Design
- All protocols and algorithms for authentication and secure communication should be well vetted by the cryptographic community.
- Ensure certificates are properly validated against the hostnames/users ie whom they are meant for.
- Avoid using wildcard certificates unless there is a business need for it
- Maintain a cryptographic standard to ensure that the developer community knows about the approved ciphersuits for network security protocols, algorithms, permitted use, cryptoperiods and Key Management
In summary, Cryptography is a field that plays a critical role in protecting information and ensuring secure communication. The field is evolving with new challenges and opportunities arising all the time, one of the most exciting areas of cryptography today is the field of post-quantum cryptography and homomorphic encryption.
One of the most exciting areas of cryptography today is the field of post-quantum cryptography. With the advent of quantum computers, traditional encryption methods such as RSA and Elliptic Curve Cryptography (ECC) may no longer be secure. This is because quantum computers have the ability to break these encryption methods by using Shor’s algorithm. Post-quantum cryptography aims to develop new encryption methods that are secure against quantum computers.
Another exciting area of cryptography is homomorphic encryption. Homomorphic encryption allows computations to be performed on ciphertext, without the need to decrypt the data first. This can be used for various applications such as privacy-preserving computations, cloud computing, and secure multiparty computation.
What are post-quantum cryptography?
Post-quantum cryptography refers to the development of encryption methods that are secure against potential attacks from quantum computers. As quantum computers become more powerful, they may be able to break traditional encryption methods, such as RSA and Elliptic Curve Cryptography (ECC), by using algorithms such as Shor’s algorithm. Post-quantum cryptography aims to develop new encryption methods that are resistant to these types of attacks.
One example of post-quantum cryptography is lattice-based cryptography. Lattice-based cryptography is based on the mathematical properties of lattices and it is considered to be one of the most promising post-quantum cryptographic methods. One of the most well-known lattice-based encryption methods is the Learning with Errors (LWE) problem, which is based on the difficulty of solving a particular type of linear equation. Another example of post-quantum cryptography is the McEliece’s Cryptosystem it relies on the hardness of decoding a random linear code.
What is homomorphic encryption?
Homomorphic encryption, is a type of encryption that allows computations to be performed on ciphertext, without the need to decrypt the data first. This can be used for various applications such as privacy-preserving computations, cloud computing, and secure multiparty computation.
An example of homomorphic encryption is Fully Homomorphic Encryption (FHE) which allows to perform any computation on ciphertext, without the need to decrypt it, this could be useful in cloud computing, where the data owner wants to outsource the computation but keep the data private. Another example is the Paillier cryptosystem, which allows for the homomorphic addition of plaintexts and the encryption of plaintexts.
It’s worth noting that these examples are not yet widely adopted in practice and still considered experimental, and also that the field of post-quantum cryptography and homomorphic encryption are still evolving and new developments are arising regularly.
What are the new developments in post-quantum cryptography and homographic encryption?
The field of post-quantum cryptography and homomorphic encryption is still evolving, and new developments are arising regularly.
In post-quantum cryptography, new lattice-based, code-based and multivariate-based cryptographic systems are being proposed and researched. The NIST (National Institute of Standards and Technology) announced a competition to select the new standard post-quantum cryptography algorithms, several candidates have been proposed and are currently under evaluation.
In homomorphic encryption, research is ongoing to improve the efficiency of existing systems and to develop new systems that can handle more complex computations. One of the recent development in homomorphic encryption is the development of somewhat homomorphic encryption (SHE) which allows to perform a limited number of computations on ciphertext. Another development is the development of fully homomorphic encryption (FHE) over the integers, which allows to perform any computation on the integers without the need to decrypt the data.
Research is also ongoing in the area of privacy-preserving machine learning, where homomorphic encryption can be used to protect the privacy of data used to train machine learning models, and in the area of secure multiparty computation, where homomorphic encryption can be used to securely compute on data that is distributed across multiple parties.