Home / Blog

Understanding the concept of Cryptography

William Tsu
Data Analyst
Experienced data analyst working with data visualization, cloud computing and ETL solutions.
December 15, 2021

Cryptography expands more and more emphasis in our everyday lives. Each one of us uses this technique, whether consciously or not. Whenever you log into an application or got to send an email, you are depending on an innovative cryptographic substratum that is alighted principally from advances in the 1970s.

More than just professional software developers, beyond just coders, even the common people can take advantage by grasping how working principle of cryptography, remarkably in the period of crypto investment and crypto currency.


The disciplines of cryptography

Cryptography is the method of safeguarding communications. This is gained through some techniques that add up to executing formalities that restrict third parties from hacking or converting confidential data.

The discipline of cryptography can be viewed as comprising four countenances:

• Confidentiality: Data is protected from unwelcome groups.

• Credibility: Data is not altered or ruined.

• Authentication: Consumers are allowed to accurately substantiate each other’s identity.

• Non-rejection: Communication can be assured, and not later nullified by

Cryptography with Symmetric ciphers

Before the accession of computers, Cryptography depended on the utilization of ciphers. A cipher is a diagramming from readable content to gibberish and vice versa. These processes are widely known as decryption and encryption.

Changing four positions in the alphabet is accurate, but not safe. More safety is making a complicated mapping that necessitates a code for translation. Such a code should be circulated to every involving party. This requirement asserts all kinds of logistical frailties.

A well-known paradigm of a symmetric cipher is the Enigma machine developed during Second World War.

Coming of One-way function techniques

The prospects of encryption enlarged more complex with the discovery of computers and increased developments in arithmetic. Countless modern methods came into existence, but in which the most basic is what is known as a one-way function (which comprises one-way hashes, for developing fixed-length output). One-way functions are defined as a cryptographic primitive. A one-way function acts in only one direction just like the name implies.

A general use for one-way functions, and an appropriate tool to comprehend them, is hashing passwords when they are maintained to the database (for example, in JavaScript and Java). The password is obtained from plain text (“fluffy123”) and the one-way algorithm alters it into a random-looking string (“XFcbe2d3bh0sa”). Even in case a hacker catches admittance to the database, the passwords are safeguarded. There is no so-called technique (with current computer systems) to successfully overturn the method.

It’s a peculiar truth to view that although attackers have full entrance to the principles of the algorithm, they are usually incapable of reversing the function. Having said that, one-way hashing is not accurate and several facilities have been developed for bursting them. Rainbow tables are an example for that.

Latest hashing libraries consist the ability to improve the complexity of the hash (thereby allowing the hash strength to increase as computing power increases) and to introducing “salt” into the algorithm (in this way assuring that hashes of similar inputs are however uncommon). As far as the salt is kept concealed, passwords hashed with it are generally untraceable.

Pseudo-random functions

In addition with one-way functions, algorithms for creating random-like numbers are observed cryptographic “primitives,” i.e., essential factors inevitable for shielding communications. Why is that? Simply put, any secret communication system relies on principles that are familiar to the safeguarding party, and unfamiliar to the outside. That counts on creating random numbers. (Certainly, consumer supplied input is also integrated, but human are notably undependable providing such input.)

Almost all variety of random seeding is only “sort of” random. If an attacker found out how the numbers are created, they can conceive random number attacks. The cleverness of attackers appear to keep accompany with that of white hat coders. The history of cryptography is one of in and out competition, a kind of call and response of development.

Much protection means of creating random numbers have been created to to restrict random number attacks. Every crypto library consist capabilities for these generators.

Asymmetric keys

Probably, the utmost brave and prominent innovation in latest cryptography is the asymmetric key pair, also known as public-private key pairs. The vital concept is that two keys are created, one for decrypting and the other for encrypting. The encryption key is secured to circulate; the decryption key is kept secretly.

This advancement was initialed in the late 1970s by two coders and a mathematician, who provide their contributions to the revolutionary crypto system they developed: RSA. (A similar thing was discovered several decades earlier by a British Intelligence Mathematician, but the discovery was kept concealed and the system considered unworkable at the period given the restrictions of computer systems.)

RSA and another asymmetric key systems considers the concept of the one-way function a significant move advanced by generating two keys that practice in an asymmetric manner: The formal one is utilized to develop encrypted messages (the public key) and the latter one is to decrypt them (the private key).

The technique behind this method is not easier. Indeed, for a period, the researchers concerned raise crucial doubts as to whether it was even realistic in theory. Presently, public-private key cryptography props up lot of new internet safety facility, consisting the “transport layer” safety utilized by SSL/TLS, digital signatures, and crypto currencies like Bitcoin.

It’s significant to notice that asymmetric keys never construct impracticable systems. However, as long as the private key is kept concealed, it is realistically impracticable to destroy the encryption. Beyond numerous in-the-wild ventures (consisting random number attacks, timing attacks, and others) that have been exposed, the protection of even the much safeguarded public-private key pair is relied on how long it would need to overturn the procedure of arranging the numbers engaged.

This may not seem much safe, but to quote Brett Slatkin’s article on public key crypto math, “even fancy solutions on the fastest computer on Earth would take until the end of the universe” to figure out new asymmetric encryption. Excluding the introduction of practical quantum computing, which would make cracking RSA-like encryption a polynomial time resolvable issue (not significantly a remote chance), modern algorithms are taken feasible for possible applications.

In latest applications, asymmetric keys are frequently utilized as a manner of salute to invent a safe channel for switching symmetric keys. (This is normally what occuring is when your browser is “negotiating TLS.”) As symmetric keys are in work much faster, the server and user identify each other through asymmetric keys, then transfer symmetric keys for use in advance communication. This communication is then protected from hacking or altering even through non-confidential channels.

Public key infrastructure

Another significant caution to asymmetric cryptography is that it commonly demands a trusted, centralized power. This is because the problem of identifying that someone is who they claim they isn’t limited to just proving that someone carries a private key (something asymmetric encryption can do on its own). However, to assure that (for instance a web server’s SSL/TLS certificate is not only technically true, but also genuine (honestly represents the organization it claims to), a central power (Google, for instance) must be mentioned to.

This makes more facilities for attackers, because any violation within the order of validating keys compromises all the keys below. Even though such violations do come, most of the internet depends on this system. The system in general is popular as public key infrastructure (PKI). A trusted group that issues certificates is a certification authority (CA).

A substitute to PKI is pretty good privacy (PGP), wherein consumers trust each other on a corresponding, classified basis, apart from depending on a base authority (here too asymmetric keys are utilized to switch symmetric keys). PGP is widely utilized to encrypt email and to check that downloads have not been evolved with.


The best refined case of asymmetric keys and cryptography in common is observed in blockchain systems are demonstrated by Bitcoin. By excluding the demand for a centralized power and forwarding the certification of cryptographically signed transactions to the network, a blockchain creates the chances for modern patterns of systems constructed on a distributed-yet-secure layer on top of the internet infrastructure. We are currently viewing the teasing out of these chances.

Blockchains and the systems create on them are important cryptographic structures. Key pairs are utilised to sign transactions, and crypto hashes are utilized to ensure the links in the chain.