比特派安卓怎么下载|cryptographic _比特派(Bitpie)官网-比特派钱包app官方下载-bitpie官网下载app

What is Cryptography? Definition, Importance, Types | Fortinet

Skip to navigation

Skip to footer

FREE PRODUCT DEMO

SERVICES

SUPPORT

DOWNLOADS

FORTICLOUD LOGIN

username

USA (English)

UK & Ireland (English)

Germany (Deutsch)

France (Français)

Italy (Italiano)

China (简体中文)

Taiwan (繁體中文)

Korea (한국어)

Japan (日本語)

Brazil (Portugués)

Latin America (Español)

Products

Network Security

Hybrid Mesh Firewall

Next-Generation Firewall

Virtual Next-Generation Firewall

Cloud-Native Firewall

FortiGuard AI-Powered Security Services

Threat Protection

Intrusion Prevention Service (IPS)

URL Filtering

DNS Filtering

Inline Malware Prevention

Attack Surface Security Rating

IoT Detection

NOC Management

Central Management

Firewall Migration Service

Latest From Fortinet

Revolutionizing Security for Hybrid Network Protection

Explore the Gartner® Market Guide to understand emerging trends to secure your hybrid network with our Fortinet Hybrid Mesh Firewall solution.

Get the Report

Learn more about

Secure Networking

Secure Access Service Edge (SASE)

Single Vendor SASE

Secure SD-WAN

Security Service Edge (SSE)

Zero Trust Network Access (ZTNA)

Secure Web Gateway (Proxy)

CASB

Secure Endpoint Connectivity

Unified Agent (FortiClient)

Identity

Identity Access Management (IAM)

Identity as-a-Service

Privileged Access Management

NOC Management

Centralized Management

Digital Experience Monitoring

FortiGuard AI-Powered Security Services

Threat Protection

Data Loss Prevention (DLP)

URL Filtering

Intrusion Prevention Service (IPS)

DNS Filtering

SOC-as-a-Service

Inline Malware Prevention

IoT Detection

Latest From Fortinet

A Challenger in the 2023 Gartner® Magic Quadrant™ for Single-Vendor SASE

FortiSASE: Delivering consistent security for the hybrid workforce

Get the Report

Learn more about

Unified SASE

Enterprise Networking

LAN

Switching

Wireless LAN (WLAN)

Network Access Control (NAC)

Cloud-based LAN Management

WAN

Secure SD-WAN

5G/LTE Wireless WAN

Communications & Surveillance

Voice & Collaboration

Video Surveillance

NOC Management

Central Management

Artificial Intelligence for IT Operations

FortiGuard AI-Powered Security Services

Threat Protection

Intrusion Prevention Service (IPS)

IoT Detection

URL Filtering

DNS Filtering

OT Security Service

Latest From Fortinet

Fortinet Recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Enterprise Wired and Wireless LAN Infrastructure

Fortinet delivers an organically developed converged networking and security solution grounded in AI.

Get the Report

Learn more about

Secure Networking

Security Operations

Security Operations Automation

Security Fabric Analytics

Security Information & Event Management (SIEM/UEBA)

Security Orchestration, Automation, & Response (SOAR/TIM)

GenAI-powered Security Assistant

Early Detection & Prevention

Endpoint Detection & Response

Network Detection & Response (NDR)

Deception Technology

Digital Risk Protection Systems (DRPS)

Sandbox Analysis

Secure Email Gateway

Endpoint Security

Endpoint Security Solutions

Extended Detection & Response

Cloud Governance, Risk, and Compliance

Advanced Cloud Security Posture Management (CSPM)

Expert Services

Incident Response

Security Advisory

Ransomware Advisory

Managed Detection & Response (MDR)

SOC-as-a-Service (SOCaaS)

FortiGuard AI-Powered Security Services

Threat Protection

Latest From Fortinet

Slash Cyber Risk From Weeks to Minutes

Enterprise Strategy Group quantifies the reduction in time, effort, and risk with Fortinet Security Operations Solutions.

Download the Report

Learn more about

Security Operations

Application Security

Cloud Network Security

Virtual Network Firewall

Cloud-Native Firewall

Distributed Denial of Service Protection

Web Application / API Protection

Web Application Firewall

Application Delivery & Server Load Balancing

Dynamic Application Security Testing (DAST)

FortiGuard Advanced Bot Protection

Cloud-Native Protection

Workload Protection & Cloud Security Posture Management

DevSecOps

Cloud Service Providers

AWS

Microsoft Azure

Google Cloud

Oracle

FortiGuard AI-Powered Security Services

Threat Protection

Latest From Fortinet

2023 Cloud Security Report

Discover why 95% of organizations are moderately to extremely concerned about cloud security in 2023.

Download the Report

Learn more about

Application Security

Operational Technology

Overview

Secure Operational Technology

Products

Ruggedized Network Firewall

Security Information & Event Management (SIEM/UEBA)

Security Orchestration, Automation, & Response (SOAR/TIM)

Privileged Access Management

Secure Ethernet Switches

Endpoint Detection & Response (EDR)

Network Detection & Response (NDR)

FortiGuard AI-Powered Security Services

Threat Protection

OT Security

IoT Detection

Inline Malware Prevention

Intrusion Prevention Service (IPS)

Expert Services

SOC-as-a-Service (SOCaaS)

OT Tabletop Exercise

Latest From Fortinet

Fortinet is One of the Fastest-Growing OT Security Vendors

Fortinet Recognized as the Sole Leader in the Westlands Advisory 2023 IT/OT Network Protection Platforms Navigator™

Download the Report

Learn more about the

Fortinet Security Fabric

View All Products

Solutions

Enterprise

Featured

Secure Networking

Unified SASE

Work From Anywhere

Secure Application Journey

Secure Operational Technology

Security Operations

GenAI-powered Security Assistant

Cybersecurity Platform

Hybrid Mesh Firewall

Fortinet Security Fabric

FortiOS

Flexible Consumption Licensing

Usage-Based Licensing

Latest From Fortinet

318% ROI Revealed in Forrester TEI Study

Fortinet NGFW for Data Center and FortiGuard AI-Powered Security Services Solution.

Download the Study

Small & Midsize Business

Overview

Small & Midsize Business

Products

Next-Generation Firewall

Virtual Next-Generation Firewall

Switching

Wireless LAN (WLAN)

Management & Reporting

Secure Access Service Edge (SASE)

Services

FortiGuard Security Portfolio

FortiConverter

FortiCare Support Services

Security Awareness Training

Cyber Threat Assessment

Cloud Consulting Services

Expert Services

SOC-as-a-Service (SOCaaS)

Latest From Fortinet

Fortinet Achieves a 99.88% Security Effectiveness Score in 2023 CyberRatings

FortiGate NGFW earned the highest ranking of ‘AAA’ showcasing low cost of ownership and high ROI in the Enterprise Firewall Report.

Download the Report

Operational Technology

Overview

Secure Operational Technology

Products

Ruggedized Network Firewall

Security Information & Event Management (SIEM/UEBA)

Security Orchestration, Automation, & Response (SOAR/TIM)

Privileged Access Management

Secure Ethernet Switches

Endpoint Detection & Response (EDR)

Network Detection & Response (NDR)

FortiGuard AI-Powered Security Services

Threat Protection

OT Security

IoT Detection

Inline Malware Prevention

Intrusion Prevention Service (IPS)

Expert Services

SOC-as-a-Service (SOCaaS)

OT Tabletop Exercise

Latest From Fortinet

Fortinet is One of the Fastest-Growing OT Security Vendors

Fortinet Recognized as the Sole Leader in the Westlands Advisory 2023 IT/OT Network Protection Platforms Navigator™

Download the Report

Learn more about the

Fortinet Security Fabric

Industries

IT/OT

Operational Technology

Manufacturing

SCADA/ICS

Oil & Gas

Power Utilities

Health and Medical

Healthcare

Pharmaceutical

Education

Higher Education

K–12 School Districts

Consumer

Financial Services

Retail

Hospitality

All Industries

View All

Latest From Fortinet

Fortinet is One of the Fastest-Growing OT Security Vendors

Fortinet Recognized as the Sole Leader in the Westlands Advisory 2023 IT/OT Network Protection Platforms Navigator™

Download the Report

Service Providers

Managed Services

Solutions

MSSP Cybersecurity

Managed SD-WAN for Service Providers

Managed SOC Service

Managed Cloud Security Service

Managed WAF Service

Case Studies

Orange Business Services

GTT Communications

Spark NZ

View All

Communication Service Providers

Solutions

Overview

Headquarters Network Security

PCI Compliance

Secure Networking

ATP

Adaptive Cloud Security

Latest From Fortinet

2023 Cybersecurity Skills Gap Global Research Report

Cyberthreats are increasing in volume and sophistication while organizations around the world struggle to fill security positions.

Read the Press Release

Mobile Provider

Overview

Cybersecurity for Mobile Networks and Ecosystems

Latest From Fortinet

Energy- and Space-Efficient Security in Telco Networks

Secure your infrastructure while reducing energy costs and overall environmental impact

Download the White Paper

Support & Services

Cybersecurity Services

Cybersecurity Subscriptions

FortiGuard Security Portfolio

CASB

Data Loss Prevention

URL Filtering

DNS Filtering

Inline Malware Prevention

Intrusion Prevention Service (IPS)

IoT Detection

OT Security

Security Rating

Employee Training

Free Training & On-demand Labs

Security Awareness Training

Phishing Simulation

Expert Services

Incident Response

Managed Detection & Response (MDR)

Ransomware Advisory Services

Security Advisory Services

SOC-as-a-Service (SOCaaS)

Latest From Fortinet

Understand the Threat Profiles of 2023 Outbreak Alerts

Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.

Get the Report

FortiCare Support

Technical Support

Contact FortiCare Customer Support

Support Services

Customer Support & RMA

Advanced Support

Resources

Experienced a Breach?

Getting Started and Registration

Documents Library

Fortinet Community

Latest From Fortinet

Understand the Threat Profiles of 2023 Outbreak Alerts

Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.

Get the Report

318% ROI Revealed in Forrester TEI Study

Delivered with Fortinet NGFWs for Data Center and FortiGuard AI-Powered Security Services Solution.

Download the Study

FortiCare Professional Services

Services

Professional Services

Cloud Consulting Services

Latest From Fortinet

Understand the Threat Profiles of 2023 Outbreak Alerts

Gain an in-depth understanding of various threat categories, including vulnerabilities, targeted attacks, ransomware campaigns, and OT- and IoT-related threats.

Get the Report

318% ROI Revealed in Forrester TEI Study

Delivered with Fortinet NGFWs for Data Center and FortiGuard AI-Powered Security Services Solution.

Download the Study

Company

Fortinet

About Us

Executive Management

Investor Relations

Executive Briefing Center

Newsroom

Blogs

Social Responsibility

Life at Fortinet

Careers

Early Talent Programs

Connect With Us

Fortinet Community

Email Preference Center

Trust

Fortinet Trust Center

Security Certifications

Product Certifications

Fortinet Federal, Inc.

Analyst Reports

Advisory Councils

Fortinet Strategic Advisory Council

Veterans Program Advisory Council

Resources

Customer Stories

Resource Center

Ransomware Hub

Fortinet TV

Cyber Glossary

Fortinet Icon Library

Fortinet Video Library

Ordering Guides

Fortinet Contracts & Grants

Events & Webinars

Accelerate 2024

Events

Webinars

On-Demand Webinars

Training

Overview

Training Institute

Certification Program

Free Training & On-demand Labs

Authorized Training Centers

Platform

Training Institute Portal

Programs and Services

Academic Partner Program

Education Outreach Program

Veterans Program

Security Awareness Training

Security Awareness Service

For All Schools

For United States Schools

For United Kingdom Schools

For Australian Schools

For Canadian Schools

Latest From Fortinet

Fortinet Research Finds Over 80% of Organizations Experience Cyber Attacks that Target Employees

With most cyberthreats targeting individuals directly, this report reveals the need for having an effective security awareness and training program for all employees.

Read the Press Release

Partners

For Partners

Partner Login

Become a Partner

Join the Ecosystem

For Customers

Ecosystem Overview

Fabric Connectors

Find a Partner

Global System Integrators

For Service Providers

Managed Services

Communication Service Providers

Mobile Provider

Latest From Fortinet

Fortinet Named to 2022 Dow Jones Sustainability World and North America Indices

For the first time, ranking among the global top sustainable companies in the software and services industry.

Read the Press Release

SALES

Contact Sales

Request a Quote

Experienced a Breach?

Cyber Threat Assessment

Free Product Demo

SUPPORT

Contact FortiCare Technical Support

Call our Support Team

Fortinet Community: Support Forum

FIND A RESELLER

North America

EMEA

Latin America & Caribbean

APAC, Australia & New Zealand

Latest From Fortinet

Fortinet 2022 Sustainability Report

In our report, we share the progress made in 2022 across our ESG priorities and detail how Fortinet is advancing cybersecurity as a sustainability issue.

Read the Press Release

FortiGuard Labs Threat Intelligence

What Is Cryptography?

Get Free Cybersecurity Training

Cryptography Definition

Cryptography is the process of hiding or coding information so that only the person a message was intended for can read it. The art of cryptography has been used to code messages for thousands of years and continues to be used in bank cards, computer passwords, and ecommerce.

Modern cryptography techniques include algorithms and ciphers that enable the encryption and decryption of information, such as 128-bit and 256-bit encryption keys. Modern ciphers, such as the Advanced Encryption Standard (AES), are considered virtually unbreakable.

A common cryptography definition is the practice of coding information to ensure only the person that a message was written for can read and process the information. This cybersecurity practice, also known as cryptology, combines various disciplines like computer science, engineering, and mathematics to create complex codes that hide the true meaning of a message.

Cryptography can be traced all the way back to ancient Egyptian hieroglyphics but remains vital to securing communication and information in transit and preventing it from being read by untrusted parties. It uses algorithms and mathematical concepts to transform messages into difficult-to-decipher codes through techniques like cryptographic keys and digital signing to protect data privacy, credit card transactions, email, and web browsing.

The Importance of Cryptography

Cryptography remains important to protecting data and users, ensuring confidentiality, and preventing cyber criminals from intercepting sensitive corporate information. Common uses and examples of cryptography include the following:

Privacy and Confidentiality

Individuals and organizations use cryptography on a daily basis to protect their privacy and keep their conversations and data confidential. Cryptography ensures confidentiality by encrypting sent messages using an algorithm with a key only known to the sender and recipient. A common example of this is the messaging tool WhatsApp, which encrypts conversations between people to ensure they cannot be hacked or intercepted.

Cryptography also secures browsing, such as with virtual private networks (VPNs), which use encrypted tunnels, asymmetric encryption, and public and private shared keys.

Authentication

Integrity

Similar to how cryptography can confirm the authenticity of a message, it can also prove the integrity of the information being sent and received. Cryptography ensures information is not altered while in storage or during transit between the sender and the intended recipient. For example, digital signatures can detect forgery or tampering in software distribution and financial transactions.

Nonrepudiation

Cryptography confirms accountability and responsibility from the sender of a message, which means they cannot later deny their intentions when they created or transmitted information. Digital signatures are a good example of this, as they ensure a sender cannot claim a message, contract, or document they created to be fraudulent. Furthermore, in email nonrepudiation, email tracking makes sure the sender cannot deny sending a message and a recipient cannot deny receiving it.

Key Exchange

Key exchange is the method used to share cryptographic keys between a sender and their recipient.

Types of Cryptographic Algorithms

There are many types of cryptographic algorithms available. They vary in complexity and security, depending on the type of communication and the sensitivity of the information being shared.

Secret Key Cryptography

Secret key cryptography, also known as symmetric encryption, uses a single key to encrypt and decrypt a message. The sender encrypts the plaintext message using the key and sends it to the recipient who then uses the same key to decrypt it and unlock the original plaintext message.

Stream Ciphers

Stream ciphers work on a single bit or byte at any time and constantly change the key using feedback mechanisms. A self-synchronizing stream cipher ensures the decryption process stays in sync with the encryption process by recognizing where it sits in the bit keystream. A synchronous stream cipher generates the keystream independently of the message stream and generates the same keystream function at both the sender and the receiver.

Block Ciphers

Block ciphers encrypt one block of fixed-size data at a time. It will always encrypt a plaintext data block to the same ciphertext when the same key is used. A good example of this is the Feistel cipher, which uses elements of key expansion, permutation, and substitution to create vast confusion and diffusion in the cipher.

The stages of encryption and decryption are similar if not identical, which means reversing the key reduces the code size and circuitry required for implementing the cipher in a piece of software or hardware.

Public Key Cryptography

Public key cryptography (PKC), or asymmetric cryptography, uses mathematical functions to create codes that are exceptionally difficult to crack. It enables people to communicate securely over a nonsecure communications channel without the need for a secret key. For example, proxy reencryption enables a proxy entity to reencrypt data from one public key to another without requiring access to the plaintext or private keys.

A common PKC type is multiplication vs. factorization, which takes two large prime numbers and multiplies them to create a huge resulting number that makes deciphering difficult. Another form of PKC is exponentiation vs. logarithms such as 256-bit encryption, which increases protection to the point that even a computer capable of searching trillions of combinations per second cannot crack it.

Generic forms of PKC use two keys that are related mathematically but do not enable either to be determined. Put simply, a sender can encrypt their plaintext message using their private key, then the recipient decrypts the ciphertext using the sender’s public key.

Common PKC algorithms used for digital signatures and key exchanges include:

RSA

RSA was the first and remains the most common PKC implementation. The algorithm is named after its MIT mathematician developers, Ronald Rivest, Adi Shamir, and Leonard Adleman, and is used in data encryption, digital signatures, and key exchanges. It uses a large number that is the result of factoring two selected prime numbers. It is impossible for an attacker to work out the prime factors, which makes RSA especially secure.

Elliptic Curve Cryptography (ECC)

ECC is a PKC algorithm based on the use of elliptic curves in cryptography. It is designed for devices with limited computing power or memory to encrypt internet traffic. A common use of ECC is in embedded computers, smartphones, and cryptocurrency networks like bitcoin, which consumes around 10% of the storage space and bandwidth that RSA requires.

Digital Signature Algorithm (DSA)

DSA is a standard that enables digital signatures to be used in message authentication. It was introduced by the National Institute of Standards and Technology (NIST) in 1991 to ensure a better method for creating digital signatures.

Identity-based Encryption (IBE)

IBE is a PKC system that enables the public key to be calculated from unique information based on the user’s identity, such as their email address. A trusted third party or private key generator then uses a cryptographic algorithm to calculate a corresponding private key. This enables users to create their own private keys without worrying about distributing public keys.

Public Key Cryptography Standards (PKCS)

All PKC algorithms and usage are governed by a set of standards and guidelines designed by RSA Data Security. These are as follows:

PKCS #1 or RFC 8017: RSA Cryptography Standard

PKCS #3: Diffie-Hellman Key Agreement Standard

PKCS #5 and PKCS #5 v2.1 or RFC 8018: Password-Based Cryptography Standard

PKCS #6: Extended-Certificate Syntax Standard (being replaced by X.509v3)

PKCS #7 or RFC 2315: Cryptographic Message Syntax Standard

PKCS #8 or RFC 5958: Private Key Information Syntax Standard

PKCS #9 or RFC 2985: Selected Attribute Types

PKCS #10 or RFC 2986: Certification Request Syntax Standard

PKCS #11: Cryptographic Token Interface Standard

PKCS #12 or RFC 7292: Personal Information Exchange Syntax Standard

PKCS #13: Elliptic Curve Cryptography Standard

PKCS #14: Pseudorandom Number Generation Standard

PKCS #15: Cryptographic Token Information Format Standard

Diffie-Hellman and Key Exchange Algorithm (KEA)

The Diffie-Hellman algorithm was devised in 1976 by Stanford University professor Martin Hellman and his graduate student Whitfield Diffie, who are considered to be responsible for introducing PKC as a concept. It is used for secret key exchanges and requires two people to agree on a large prime number.

KEA is a variation of the Diffie-Hellman algorithm and was proposed as a method for key exchange in the NIST/National Security Agency’s (NSA) Capstone project, which developed cryptography standards for public and government use.

Hash Function

Hash functions ensure that data integrity is maintained in the encryption and decryption phases of cryptography. It is also used in databases so that items can be retrieved more quickly.

Hashing is the process of taking a key and mapping it to a specific value, which is the hash or hash value. A hash function transforms a key or digital signature, then the hash value and signature are sent to the receiver, who uses the hash function to generate the hash value and compare it with the one they received in the message.

A common hash function is folding, which takes a value and divides it into several parts, adds parts, and uses the last four remaining digits as the key or hashed value. Another is digit rearrangement, which takes specific digits in the original value, reverses them, and uses the remaining number as the hash value. Examples of hash function types include Secure Hash Algorithm 1 (SHA-1), SHA-2, and SHA-3.

What Are Cryptographic Key Attacks? What Are the Types?

Modern cryptographic key techniques are increasingly advanced and often even considered unbreakable. However, as more entities rely on cryptography to protect communications and data, it is vital to keep keys secure. One compromised key could result in regulatory action, fines and punishments, reputational damage, and the loss of customers and investors.

Potential key-based issues and attack types that could occur include:

Weak Keys

Keys are essentially random numbers that become more difficult to crack the longer the number is. Key strength and length need to be relative to the value of the data it protects and the length of time that data needs to be protected. Keys should be created with a high-quality, certified random number generator that collects entropy—the information density of a file in bits or characters—from suitable hardware noise sources.

Incorrect Use of Keys

When keys are used improperly or encoded poorly, it becomes easier for a hacker to crack what should have been a highly secure key.

Reuse of Keys

Every key should only be generated for a specific single-use encrypt/decrypt purpose, and use beyond that may not offer the level of protection required.

Non-rotation of Keys

Keys that are overused, such as encrypting too much data on a key, become vulnerable to attacks. This is particularly the case with older ciphers and could result in data being exposed. Keys need to be rotated, renewed, and updated when appropriate.

Inappropriate Storage of Keys

Storing keys alongside the information they have been created to protect increases their chances of being compromised. For example, keys stored on a database or server that gets breached could also be compromised when the data is exfiltrated.

Inadequate Protection of Keys

Huge cyberattacks like Meltdown/Spectre and Heartbleed have been capable of exposing cryptographic keys stored in server memory. Therefore, stored keys must be encrypted and only made available unencrypted when placed within secure, tamper-protected environments, or even kept offline.

Insecure Movement of Keys

Moving keys between systems should only occur when the key is encrypted or wrapped under an asymmetric or symmetric pre-shared transport key. If this is not possible, then the key must be split up into multiple parts that are kept separate, re-entered into the target system, then destroyed.

Insider Threats (User Authentication, Dual Control, and Segregation of Roles)

Insider threats are one of the most serious threats posed to any key. This is most likely to occur through a rogue employee having access to a key, then using it for malicious purposes or giving or selling it to a hacker or third party.

Lack of Resilience

Resilience is vital to protecting the availability, confidentiality, and integrity of keys. Any key that suffers a fault with no backup results in the data the key protects being lost or inaccessible.

Lack of Audit Logging

Key life cycles must be logged and recorded in full to ensure any compromise can be tracked and enable subsequent investigations to occur smoothly.

Manual Key Management Processes

Recording key management processes manually on paper or spreadsheets runs the risk of human error and makes the keys highly vulnerable to attack or theft.

How to Minimize the Risks Associated with Cryptography

Organizations and individuals can minimize and mitigate cryptography-related threats with a dedicated electronic key management system from a reputable provider. The solution must use a hardware security module to generate and protect keys, and underpin the entire system’s security.

It needs to include features like full key management life cycle, strong key generation, strict policy-based controls, swift compromise detection, secure key destruction, strong user authentication, secure workflow management, and a secure audit and usage log. This will protect the organization's keys, enhance efficiency, and ensure compliance with data and privacy regulations.

Another potential solution is cryptography quantum, whereby it is impossible to copy data encoded in a quantum state.

Frequently Asked Questions about Cryptography

What do you mean by cryptography?

In computer science, cryptography is the collection of secure information and communication techniques employing mathematical concepts and algorithms used to disguise the content of messages.

What are the three types of cryptography?

The three types of cryptography are:

Secret key cryptography

Public key cryptography

Hash function cryptography

What is an example of cryptography?

The Rivest-Shamir-Adleman (RSA) algorithm is widely used on the Internet. RSA uses a pair of keys to encrypt and decrypt information.

Cryptography - Wikipedia

Jump to content

Main menu

move to sidebar

hide

Navigation

Main pageContentsCurrent eventsRandom articleAbout WikipediaContact usDonate

Contribute

HelpLearn to editCommunity portalRecent changesUpload file

Create account

Personal tools

Create account Log in

Pages for logged out editors learn more

ContributionsTalk

Contents

move to sidebar

hide

(Top)

1Terminology

2History

Toggle History subsection

2.1Classic cryptography

2.2Early computer-era cryptography

2.3Modern cryptography

3Modern cryptography

Toggle Modern cryptography subsection

3.1Symmetric-key cryptography

3.2Public-key cryptography

3.3Cryptographic hash functions

3.4Cryptanalysis

3.5Cryptographic primitives

3.6Cryptosystems

3.7Lightweight cryptography

4Applications

Toggle Applications subsection

4.1Cybersecurity

4.2Cryptocurrencies and cryptoeconomics

5Legal issues

Toggle Legal issues subsection

5.1Prohibitions

5.2Export controls

5.3NSA involvement

5.4Digital rights management

5.5Forced disclosure of encryption keys

6See also

7References

8Further reading

9External links

Toggle the table of contents

Cryptography

95 languages

AfrikaansالعربيةAsturianuAzərbaycancaবাংলাBân-lâm-gúБашҡортсаБеларускаяБеларуская (тарашкевіца)БългарскиBoarischBosanskiCatalàČeštinaDanskالدارجةDeutschEestiΕλληνικάEspañolEsperantoEuskaraفارسیFrançaisGaeilgeGalego贛語ગુજરાતી한국어Հայերենहिन्दीHrvatskiBahasa IndonesiaIsiZuluÍslenskaItalianoעבריתJawaಕನ್ನಡქართულიҚазақшаKiswahiliKriyòl gwiyannenКыргызчаLatinaLatviešuLietuviųLombardMagyarМакедонскиമലയാളംमराठीBahasa MelayuМонголမြန်မာဘာသာNederlands日本語NordfriiskNorsk bokmålNorsk nynorskOccitanОлык марийଓଡ଼ିଆOʻzbekcha / ўзбекчаپنجابیPatoisPiemontèisPolskiPortuguêsRomânăРусскийShqipSicilianuSimple EnglishSlovenčinaSlovenščinaکوردیСрпски / srpskiSrpskohrvatski / српскохрватскиSuomiSvenskaTagalogதமிழ்ไทยТоҷикӣTürkçeУкраїнськаاردوTiếng ViệtWinaray吴语ייִדיש粵語Zazaki中文

Edit links

ArticleTalk

English

ReadEditView history

Tools

move to sidebar

hide

Actions

ReadEditView history

General

What links hereRelated changesUpload fileSpecial pagesPermanent linkPage informationCite this pageGet shortened URLDownload QR codeWikidata item

Print/export

Download as PDFPrintable version

In other projects

Wikimedia CommonsWikibooksWikiquoteWikiversity

From Wikipedia, the free encyclopedia

This is the latest accepted revision, reviewed on 9 March 2024.

Practice and study of secure communication techniques

"Secret code" redirects here. For the Aya Kamiki album, see Secret Code.

"Cryptology" redirects here. For the David S. Ware album, see Cryptology (album).

This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: "Cryptography" – news · newspapers · books · scholar · JSTOR (March 2021) (Learn how and when to remove this template message)

Lorenz cipher machine, used in World War II to encrypt communications of the German High Command

Cryptography, or cryptology (from Ancient Greek: κρυπτός, romanized: kryptós "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively[1]), is the practice and study of techniques for secure communication in the presence of adversarial behavior.[2] More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages.[3] Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others.[4] Core concepts related to information security (data confidentiality, data integrity, authentication, and non-repudiation) are also central to cryptography.[5] Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

Cryptography prior to the modern age was effectively synonymous with encryption, converting readable information (plaintext) to unintelligible nonsense text (ciphertext), which can only be read by reversing the process (decryption). The sender of an encrypted (coded) message shares the decryption (decoding) technique only with the intended recipients to preclude access from adversaries. The cryptography literature often uses the names "Alice" (or "A") for the sender, "Bob" (or "B") for the intended recipient, and "Eve" (or "E") for the eavesdropping adversary.[6] Since the development of rotor cipher machines in World War I and the advent of computers in World War II, cryptography methods have become increasingly complex and their applications more varied.

Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness assumptions, making such algorithms hard to break in actual practice by any adversary. While it is theoretically possible to break into a well-designed system, it is infeasible in actual practice to do so. Such schemes, if well designed, are therefore termed "computationally secure". Theoretical advances (e.g., improvements in integer factorization algorithms) and faster computing technology require these designs to be continually reevaluated and, if necessary, adapted. Information-theoretically secure schemes that provably cannot be broken even with unlimited computing power, such as the one-time pad, are much more difficult to use in practice than the best theoretically breakable but computationally secure schemes.

The growth of cryptographic technology has raised a number of legal issues in the Information Age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export.[7] In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation.[8][9] Cryptography also plays a major role in digital rights management and copyright infringement disputes with regard to digital media.[10]

Terminology[edit]

Alphabet shift ciphers are believed to have been used by Julius Caesar over 2,000 years ago.[6] This is an example with k = 3. In other words, the letters in the alphabet are shifted three in one direction to encrypt and three in the other direction to decrypt.

The first use of the term "cryptograph" (as opposed to "cryptogram") dates back to the 19th century—originating from "The Gold-Bug", a story by Edgar Allan Poe.[11][12]

Until modern times, cryptography referred almost exclusively to "encryption", which is the process of converting ordinary information (called plaintext) into an unintelligible form (called ciphertext).[13] Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that carry out the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and, in each instance, by a "key". The key is a secret (ideally known only to the communicants), usually a string of characters (ideally short so it can be remembered by the user), which is needed to decrypt the ciphertext. In formal mathematical terms, a "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, and the encryption and decryption algorithms that correspond to each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive) for most purposes. Historically, ciphers were often used directly for encryption or decryption without additional procedures such as authentication or integrity checks.

There are two main types of cryptosystems: symmetric and asymmetric. In symmetric systems, the only ones known until the 1970s, the same secret key encrypts and decrypts a message. Data manipulation in symmetric systems is significantly faster than in asymmetric systems. Asymmetric systems use a "public key" to encrypt a message and a related "private key" to decrypt it. The advantage of asymmetric systems is that the public key can be freely published, allowing parties to establish secure communication without having a shared secret key. In practice, asymmetric systems are used to first exchange a secret key, and then secure communication proceeds via a more efficient symmetric system using that key.[14] Examples of asymmetric systems include Diffie–Hellman key exchange, RSA (Rivest–Shamir–Adleman), ECC (Elliptic Curve Cryptography), and Post-quantum cryptography. Secure symmetric algorithms include the commonly used AES (Advanced Encryption Standard) which replaced the older DES (Data Encryption Standard).[15] Insecure symmetric algorithms include children's language tangling schemes such as Pig Latin or other cant, and all historical cryptographic schemes, however seriously intended, prior to the invention of the one-time pad early in the 20th century.

In colloquial use, the term "code" is often used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning: the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for example, "wallaby" replaces "attack at dawn"). A cypher, in contrast, is a scheme for changing or substituting an element below such a level (a letter, a syllable, or a pair of letters, etc.) in order to produce a cyphertext.

Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to "crack" encryption algorithms or their implementations.

Some use the terms "cryptography" and "cryptology" interchangeably in English,[16] while others (including US military practice generally) use "cryptography" to refer specifically to the use and practice of cryptographic techniques and "cryptology" to refer to the combined study of cryptography and cryptanalysis.[17][18] English is more flexible than several other languages in which "cryptology" (done by cryptologists) is always used in the second sense above. RFC 2828 advises that steganography is sometimes included in cryptology.[19]

The study of characteristics of languages that have some application in cryptography or cryptology (e.g. frequency data, letter combinations, universal patterns, etc.) is called cryptolinguistics. Cryptolingusitics is especially used in military intelligence applications for deciphering foreign communications.[20][21]

History[edit]

Main article: History of cryptography

Before the modern era, cryptography focused on message confidentiality (i.e., encryption)—conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge (namely the key needed for decryption of that message). Encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.

Classic cryptography[edit]

Reconstructed ancient Greek scytale, an early cipher device

The main classical cipher types are transposition ciphers, which rearrange the order of letters in a message (e.g., 'hello world' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme), and substitution ciphers, which systematically replace letters or groups of letters with other letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu podf' by replacing each letter with the one following it in the Latin alphabet).[22] Simple versions of either have never offered much confidentiality from enterprising opponents. An early substitution cipher was the Caesar cipher, in which each letter in the plaintext was replaced by a letter some fixed number of positions further down the alphabet. Suetonius reports that Julius Caesar used it with a shift of three to communicate with his generals. Atbash is an example of an early Hebrew cipher. The earliest known use of cryptography is some carved ciphertext on stone in Egypt (c. 1900 BCE), but this may have been done for the amusement of literate observers rather than as a way of concealing information.

The Greeks of Classical times are said to have known of ciphers (e.g., the scytale transposition cipher claimed to have been used by the Spartan military).[23] Steganography (i.e., hiding even the existence of a message so as to keep it confidential) was also first developed in ancient times. An early example, from Herodotus, was a message tattooed on a slave's shaved head and concealed under the regrown hair.[13] Other steganography methods involve 'hiding in plain sight,' such as using a music cipher to disguise an encrypted message within a regular piece of sheet music. More modern examples of steganography include the use of invisible ink, microdots, and digital watermarks to conceal information.

In India, the 2000-year-old Kamasutra of Vātsyāyana speaks of two different kinds of ciphers called Kautiliyam and Mulavediya. In the Kautiliyam, the cipher letter substitutions are based on phonetic relations, such as vowels becoming consonants. In the Mulavediya, the cipher alphabet consists of pairing letters and using the reciprocal ones.[13]

In Sassanid Persia, there were two secret scripts, according to the Muslim author Ibn al-Nadim: the šāh-dabīrīya (literally "King's script") which was used for official correspondence, and the rāz-saharīya which was used to communicate secret messages with other countries.[24]

David Kahn notes in The Codebreakers that modern cryptology originated among the Arabs, the first people to systematically document cryptanalytic methods.[25] Al-Khalil (717–786) wrote the Book of Cryptographic Messages, which contains the first use of permutations and combinations to list all possible Arabic words with and without vowels.[26]

First page of a book by Al-Kindi which discusses encryption of messages

Ciphertexts produced by a classical cipher (and some modern ciphers) will reveal statistical information about the plaintext, and that information can often be used to break the cipher. After the discovery of frequency analysis, perhaps by the Arab mathematician and polymath Al-Kindi (also known as Alkindus) in the 9th century,[27] nearly all such ciphers could be broken by an informed attacker. Such classical ciphers still enjoy popularity today, though mostly as puzzles (see cryptogram). Al-Kindi wrote a book on cryptography entitled Risalah fi Istikhraj al-Mu'amma (Manuscript for the Deciphering Cryptographic Messages), which described the first known use of frequency analysis cryptanalysis techniques.[27][28]

16th-century book-shaped French cipher machine, with arms of Henri II of France

Enciphered letter from Gabriel de Luetz d'Aramon, French Ambassador to the Ottoman Empire, after 1546, with partial decipherment

Language letter frequencies may offer little help for some extended historical encryption techniques such as homophonic cipher that tend to flatten the frequency distribution. For those ciphers, language letter group (or n-gram) frequencies may provide an attack.

Essentially all ciphers remained vulnerable to cryptanalysis using the frequency analysis technique until the development of the polyalphabetic cipher, most clearly by Leon Battista Alberti around the year 1467, though there is some indication that it was already known to Al-Kindi.[28] Alberti's innovation was to use different ciphers (i.e., substitution alphabets) for various parts of a message (perhaps for each successive plaintext letter at the limit). He also invented what was probably the first automatic cipher device, a wheel that implemented a partial realization of his invention. In the Vigenère cipher, a polyalphabetic cipher, encryption uses a key word, which controls letter substitution depending on which letter of the key word is used. In the mid-19th century Charles Babbage showed that the Vigenère cipher was vulnerable to Kasiski examination, but this was first published about ten years later by Friedrich Kasiski.[29]

Although frequency analysis can be a powerful and general technique against many ciphers, encryption has still often been effective in practice, as many a would-be cryptanalyst was unaware of the technique. Breaking a message without using frequency analysis essentially required knowledge of the cipher used and perhaps of the key involved, thus making espionage, bribery, burglary, defection, etc., more attractive approaches to the cryptanalytically uninformed. It was finally explicitly recognized in the 19th century that secrecy of a cipher's algorithm is not a sensible nor practical safeguard of message security; in fact, it was further realized that any adequate cryptographic scheme (including ciphers) should remain secure even if the adversary fully understands the cipher algorithm itself. Security of the key used should alone be sufficient for a good cipher to maintain confidentiality under an attack. This fundamental principle was first explicitly stated in 1883 by Auguste Kerckhoffs and is generally called Kerckhoffs's Principle; alternatively and more bluntly, it was restated by Claude Shannon, the inventor of information theory and the fundamentals of theoretical cryptography, as Shannon's Maxim—'the enemy knows the system'.

Different physical devices and aids have been used to assist with ciphers. One of the earliest may have been the scytale of ancient Greece, a rod supposedly used by the Spartans as an aid for a transposition cipher. In medieval times, other aids were invented such as the cipher grille, which was also used for a kind of steganography. With the invention of polyalphabetic ciphers came more sophisticated aids such as Alberti's own cipher disk, Johannes Trithemius' tabula recta scheme, and Thomas Jefferson's wheel cypher (not publicly known, and reinvented independently by Bazeries around 1900). Many mechanical encryption/decryption devices were invented early in the 20th century, and several patented, among them rotor machines—famously including the Enigma machine used by the German government and military from the late 1920s and during World War II.[30] The ciphers implemented by better quality examples of these machine designs brought about a substantial increase in cryptanalytic difficulty after WWI.[31]

Early computer-era cryptography[edit]

Cryptanalysis of the new mechanical ciphering devices proved to be both difficult and laborious. In the United Kingdom, cryptanalytic efforts at Bletchley Park during WWII spurred the development of more efficient means for carrying out repetitive tasks, such as military code breaking (decryption). This culminated in the development of the Colossus, the world's first fully electronic, digital, programmable computer, which assisted in the decryption of ciphers generated by the German Army's Lorenz SZ40/42 machine.

Extensive open academic research into cryptography is relatively recent, beginning in the mid-1970s. In the early 1970s IBM personnel designed the Data Encryption Standard (DES) algorithm that became the first federal government cryptography standard in the United States.[32] In 1976 Whitfield Diffie and Martin Hellman published the Diffie–Hellman key exchange algorithm.[33] In 1977 the RSA algorithm was published in Martin Gardner's Scientific American column.[34] Since then, cryptography has become a widely used tool in communications, computer networks, and computer security generally.

Some modern cryptographic techniques can only keep their keys secret if certain mathematical problems are intractable, such as the integer factorization or the discrete logarithm problems, so there are deep connections with abstract mathematics. There are very few cryptosystems that are proven to be unconditionally secure. The one-time pad is one, and was proven to be so by Claude Shannon. There are a few important algorithms that have been proven secure under certain assumptions. For example, the infeasibility of factoring extremely large integers is the basis for believing that RSA is secure, and some other systems, but even so, proof of unbreakability is unavailable since the underlying mathematical problem remains open. In practice, these are widely used, and are believed unbreakable in practice by most competent observers. There are systems similar to RSA, such as one by Michael O. Rabin that are provably secure provided factoring n = pq is impossible; it is quite unusable in practice. The discrete logarithm problem is the basis for believing some other cryptosystems are secure, and again, there are related, less practical systems that are provably secure relative to the solvability or insolvability discrete log problem.[35]

As well as being aware of cryptographic history, cryptographic algorithm and system designers must also sensibly consider probable future developments while working on their designs. For instance, continuous improvements in computer processing power have increased the scope of brute-force attacks, so when specifying key lengths, the required key lengths are similarly advancing.[36] The potential impact of quantum computing are already being considered by some cryptographic system designers developing post-quantum cryptography.[when?] The announced imminence of small implementations of these machines may be making the need for preemptive caution rather more than merely speculative.[5]

Modern cryptography[edit]

Prior to the early 20th century, cryptography was mainly concerned with linguistic and lexicographic patterns. Since then cryptography has broadened in scope, and now makes extensive use of mathematical subdisciplines, including information theory, computational complexity, statistics, combinatorics, abstract algebra, number theory, and finite mathematics.[37] Cryptography is also a branch of engineering, but an unusual one since it deals with active, intelligent, and malevolent opposition; other kinds of engineering (e.g., civil or chemical engineering) need deal only with neutral natural forces. There is also active research examining the relationship between cryptographic problems and quantum physics.

Just as the development of digital computers and electronics helped in cryptanalysis, it made possible much more complex ciphers. Furthermore, computers allowed for the encryption of any kind of data representable in any binary format, unlike classical ciphers which only encrypted written language texts; this was new and significant. Computer use has thus supplanted linguistic cryptography, both for cipher design and cryptanalysis. Many computer ciphers can be characterized by their operation on binary bit sequences (sometimes in groups or blocks), unlike classical and mechanical schemes, which generally manipulate traditional characters (i.e., letters and digits) directly. However, computers have also assisted cryptanalysis, which has compensated to some extent for increased cipher complexity. Nonetheless, good modern ciphers have stayed ahead of cryptanalysis; it is typically the case that use of a quality cipher is very efficient (i.e., fast and requiring few resources, such as memory or CPU capability), while breaking it requires an effort many orders of magnitude larger, and vastly larger than that required for any classical cipher, making cryptanalysis so inefficient and impractical as to be effectively impossible.

Modern cryptography[edit]

Symmetric-key cryptography[edit]

Main article: Symmetric-key algorithm

Symmetric-key cryptography, where a single key is used for encryption and decryption

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976.[33]

One round (out of 8.5) of the IDEA cipher, used in most versions of PGP and OpenPGP compatible software for time-efficient encryption of messages

Symmetric key ciphers are implemented as either block ciphers or stream ciphers. A block cipher enciphers input in blocks of plaintext as opposed to individual characters, the input form used by a stream cipher.

The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are block cipher designs that have been designated cryptography standards by the US government (though DES's designation was finally withdrawn after the AES was adopted).[38] Despite its deprecation as an official standard, DES (especially its still-approved and much more secure triple-DES variant) remains quite popular; it is used across a wide range of applications, from ATM encryption[39] to e-mail privacy[40] and secure remote access.[41] Many other block ciphers have been designed and released, with considerable variation in quality. Many, even some designed by capable practitioners, have been thoroughly broken, such as FEAL.[5][42]

Stream ciphers, in contrast to the 'block' type, create an arbitrarily long stream of key material, which is combined with the plaintext bit-by-bit or character-by-character, somewhat like the one-time pad. In a stream cipher, the output stream is created based on a hidden internal state that changes as the cipher operates. That internal state is initially set up using the secret key material. RC4 is a widely used stream cipher.[5] Block ciphers can be used as stream ciphers by generating blocks of a keystream (in place of a Pseudorandom number generator) and applying an XOR operation to each bit of the plaintext with each bit of the keystream.[43]

Message authentication codes (MACs) are much like cryptographic hash functions, except that a secret key can be used to authenticate the hash value upon receipt;[5][44] this additional complication blocks an attack scheme against bare digest algorithms, and so has been thought worth the effort. Cryptographic hash functions are a third type of cryptographic algorithm. They take a message of any length as input, and output a short, fixed-length hash, which can be used in (for example) a digital signature. For good hash functions, an attacker cannot find two messages that produce the same hash. MD4 is a long-used hash function that is now broken; MD5, a strengthened variant of MD4, is also widely used but broken in practice. The US National Security Agency developed the Secure Hash Algorithm series of MD5-like hash functions: SHA-0 was a flawed algorithm that the agency withdrew; SHA-1 is widely deployed and more secure than MD5, but cryptanalysts have identified attacks against it; the SHA-2 family improves on SHA-1, but is vulnerable to clashes as of 2011; and the US standards authority thought it "prudent" from a security perspective to develop a new standard to "significantly improve the robustness of NIST's overall hash algorithm toolkit."[45] Thus, a hash function design competition was meant to select a new U.S. national standard, to be called SHA-3, by 2012. The competition ended on October 2, 2012, when the NIST announced that Keccak would be the new SHA-3 hash algorithm.[46] Unlike block and stream ciphers that are invertible, cryptographic hash functions produce a hashed output that cannot be used to retrieve the original input data. Cryptographic hash functions are used to verify the authenticity of data retrieved from an untrusted source or to add a layer of security.

Public-key cryptography[edit]

Main article: Public-key cryptography

Public-key cryptography, where different keys are used for encryption and decryption.

Symmetric-key cryptosystems use the same key for encryption and decryption of a message, although a message or group of messages can have a different key than others. A significant disadvantage of symmetric ciphers is the key management necessary to use them securely. Each distinct pair of communicating parties must, ideally, share a different key, and perhaps for each ciphertext exchanged as well. The number of keys required increases as the square of the number of network members, which very quickly requires complex key management schemes to keep them all consistent and secret.

Whitfield Diffie and Martin Hellman, authors of the first published paper on public-key cryptography.

In a groundbreaking 1976 paper, Whitfield Diffie and Martin Hellman proposed the notion of public-key (also, more generally, called asymmetric key) cryptography in which two different but mathematically related keys are used—a public key and a private key.[47] A public key system is so constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'public key'), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair.[48] The historian David Kahn described public-key cryptography as "the most revolutionary new concept in the field since polyalphabetic substitution emerged in the Renaissance".[49]

In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In a public-key encryption system, the public key is used for encryption, while the private or secret key is used for decryption. While Diffie and Hellman could not find such a system, they showed that public-key cryptography was indeed possible by presenting the Diffie–Hellman key exchange protocol, a solution that is now widely used in secure communications to allow two parties to secretly agree on a shared encryption key.[33]

The X.509 standard defines the most commonly used format for public key certificates.[50]

Diffie and Hellman's publication sparked widespread academic efforts in finding a practical public-key encryption system. This race was finally won in 1978 by Ronald Rivest, Adi Shamir, and Len Adleman, whose solution has since become known as the RSA algorithm.[51]

The Diffie–Hellman and RSA algorithms, in addition to being the first publicly known examples of high-quality public-key algorithms, have been among the most widely used. Other asymmetric-key algorithms include the Cramer–Shoup cryptosystem, ElGamal encryption, and various elliptic curve techniques.[citation needed]

A document published in 1997 by the Government Communications Headquarters (GCHQ), a British intelligence organization, revealed that cryptographers at GCHQ had anticipated several academic developments.[52] Reportedly, around 1970, James H. Ellis had conceived the principles of asymmetric key cryptography. In 1973, Clifford Cocks invented a solution that was very similar in design rationale to RSA.[52][53] In 1974, Malcolm J. Williamson is claimed to have developed the Diffie–Hellman key exchange.[54]

In this example the message is only signed and not encrypted. 1) Alice signs a message with her private key. 2) Bob can verify that Alice sent the message and that the message has not been modified.

Public-key cryptography is also used for implementing digital signature schemes. A digital signature is reminiscent of an ordinary signature; they both have the characteristic of being easy for a user to produce, but difficult for anyone else to forge. Digital signatures can also be permanently tied to the content of the message being signed; they cannot then be 'moved' from one document to another, for any attempt will be detectable. In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message (or a hash of the message, or both), and one for verification, in which the matching public key is used with the message to check the validity of the signature. RSA and DSA are two of the most popular digital signature schemes. Digital signatures are central to the operation of public key infrastructures and many network security schemes (e.g., SSL/TLS, many VPNs, etc.).[42]

Public-key algorithms are most often based on the computational complexity of "hard" problems, often from number theory. For example, the hardness of RSA is related to the integer factorization problem, while Diffie–Hellman and DSA are related to the discrete logarithm problem. The security of elliptic curve cryptography is based on number theoretic problems involving elliptic curves. Because of the difficulty of the underlying problems, most public-key algorithms involve operations such as modular multiplication and exponentiation, which are much more computationally expensive than the techniques used in most block ciphers, especially with typical key sizes. As a result, public-key cryptosystems are commonly hybrid cryptosystems, in which a fast high-quality symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm. Similarly, hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed.[5]

Cryptographic hash functions[edit]

Cryptographic hash functions are functions that take a variable-length input and return a fixed-length output, which can be used in, for example, a digital signature. For a hash function to be secure, it must be difficult to compute two inputs that hash to the same value (collision resistance) and to compute an input that hashes to a given output (preimage resistance). MD4 is a long-used hash function that is now broken; MD5, a strengthened variant of MD4, is also widely used but broken in practice. The US National Security Agency developed the Secure Hash Algorithm series of MD5-like hash functions: SHA-0 was a flawed algorithm that the agency withdrew; SHA-1 is widely deployed and more secure than MD5, but cryptanalysts have identified attacks against it; the SHA-2 family improves on SHA-1, but is vulnerable to clashes as of 2011; and the US standards authority thought it "prudent" from a security perspective to develop a new standard to "significantly improve the robustness of NIST's overall hash algorithm toolkit."[45] Thus, a hash function design competition was meant to select a new U.S. national standard, to be called SHA-3, by 2012. The competition ended on October 2, 2012, when the NIST announced that Keccak would be the new SHA-3 hash algorithm.[46] Unlike block and stream ciphers that are invertible, cryptographic hash functions produce a hashed output that cannot be used to retrieve the original input data. Cryptographic hash functions are used to verify the authenticity of data retrieved from an untrusted source or to add a layer of security.

Cryptanalysis[edit]

Main article: Cryptanalysis

Variants of the Enigma machine, used by Germany's military and civil authorities from the late 1920s through World War II, implemented a complex electro-mechanical polyalphabetic cipher. Breaking and reading of the Enigma cipher at Poland's Cipher Bureau, for 7 years before the war, and subsequent decryption at Bletchley Park, was important to Allied victory.[13]

The goal of cryptanalysis is to find some weakness or insecurity in a cryptographic scheme, thus permitting its subversion or evasion.

It is a common misconception that every encryption method can be broken. In connection with his WWII work at Bell Labs, Claude Shannon proved that the one-time pad cipher is unbreakable, provided the key material is truly random, never reused, kept secret from all possible attackers, and of equal or greater length than the message.[55] Most ciphers, apart from the one-time pad, can be broken with enough computational effort by brute force attack, but the amount of effort needed may be exponentially dependent on the key size, as compared to the effort needed to make use of the cipher. In such cases, effective security could be achieved if it is proven that the effort required (i.e., "work factor", in Shannon's terms) is beyond the ability of any adversary. This means it must be shown that no efficient method (as opposed to the time-consuming brute force method) can be found to break the cipher. Since no such proof has been found to date, the one-time-pad remains the only theoretically unbreakable cipher. Although well-implemented one-time-pad encryption cannot be broken, traffic analysis is still possible.

There are a wide variety of cryptanalytic attacks, and they can be classified in any of several ways. A common distinction turns on what Eve (an attacker) knows and what capabilities are available. In a ciphertext-only attack, Eve has access only to the ciphertext (good modern cryptosystems are usually effectively immune to ciphertext-only attacks). In a known-plaintext attack, Eve has access to a ciphertext and its corresponding plaintext (or to many such pairs). In a chosen-plaintext attack, Eve may choose a plaintext and learn its corresponding ciphertext (perhaps many times); an example is gardening, used by the British during WWII. In a chosen-ciphertext attack, Eve may be able to choose ciphertexts and learn their corresponding plaintexts.[5] Finally in a man-in-the-middle attack Eve gets in between Alice (the sender) and Bob (the recipient), accesses and modifies the traffic and then forwards it to the recipient.[56] Also important, often overwhelmingly so, are mistakes (generally in the design or use of one of the protocols involved).

Poznań monument (center) to Polish cryptanalysts whose breaking of Germany's Enigma machine ciphers, beginning in 1932, altered the course of World War II

Cryptanalysis of symmetric-key ciphers typically involves looking for attacks against the block ciphers or stream ciphers that are more efficient than any attack that could be against a perfect cipher. For example, a simple brute force attack against DES requires one known plaintext and 255 decryptions, trying approximately half of the possible keys, to reach a point at which chances are better than even that the key sought will have been found. But this may not be enough assurance; a linear cryptanalysis attack against DES requires 243 known plaintexts (with their corresponding ciphertexts) and approximately 243 DES operations.[57] This is a considerable improvement over brute force attacks.

Public-key algorithms are based on the computational difficulty of various problems. The most famous of these are the difficulty of integer factorization of semiprimes and the difficulty of calculating discrete logarithms, both of which are not yet proven to be solvable in polynomial time (P) using only a classical Turing-complete computer. Much public-key cryptanalysis concerns designing algorithms in P that can solve these problems, or using other technologies, such as quantum computers. For instance, the best-known algorithms for solving the elliptic curve-based version of discrete logarithm are much more time-consuming than the best-known algorithms for factoring, at least for problems of more or less equivalent size. Thus, to achieve an equivalent strength of encryption, techniques that depend upon the difficulty of factoring large composite numbers, such as the RSA cryptosystem, require larger keys than elliptic curve techniques. For this reason, public-key cryptosystems based on elliptic curves have become popular since their invention in the mid-1990s.

While pure cryptanalysis uses weaknesses in the algorithms themselves, other attacks on cryptosystems are based on actual use of the algorithms in real devices, and are called side-channel attacks. If a cryptanalyst has access to, for example, the amount of time the device took to encrypt a number of plaintexts or report an error in a password or PIN character, they may be able to use a timing attack to break a cipher that is otherwise resistant to analysis. An attacker might also study the pattern and length of messages to derive valuable information; this is known as traffic analysis[58] and can be quite useful to an alert adversary. Poor administration of a cryptosystem, such as permitting too short keys, will make any system vulnerable, regardless of other virtues. Social engineering and other attacks against humans (e.g., bribery, extortion, blackmail, espionage, rubber-hose cryptanalysis or torture) are usually employed due to being more cost-effective and feasible to perform in a reasonable amount of time compared to pure cryptanalysis by a high margin.

Cryptographic primitives[edit]

Much of the theoretical work in cryptography concerns cryptographic primitives—algorithms with basic cryptographic properties—and their relationship to other cryptographic problems. More complicated cryptographic tools are then built from these basic primitives. These primitives provide fundamental properties, which are used to develop more complex tools called cryptosystems or cryptographic protocols, which guarantee one or more high-level security properties. Note, however, that the distinction between cryptographic primitives and cryptosystems, is quite arbitrary; for example, the RSA algorithm is sometimes considered a cryptosystem, and sometimes a primitive. Typical examples of cryptographic primitives include pseudorandom functions, one-way functions, etc.

Cryptosystems[edit]

Main article: List of cryptosystems

One or more cryptographic primitives are often used to develop a more complex algorithm, called a cryptographic system, or cryptosystem. Cryptosystems (e.g., El-Gamal encryption) are designed to provide particular functionality (e.g., public key encryption) while guaranteeing certain security properties (e.g., chosen-plaintext attack (CPA) security in the random oracle model). Cryptosystems use the properties of the underlying cryptographic primitives to support the system's security properties. As the distinction between primitives and cryptosystems is somewhat arbitrary, a sophisticated cryptosystem can be derived from a combination of several more primitive cryptosystems. In many cases, the cryptosystem's structure involves back and forth communication among two or more parties in space (e.g., between the sender of a secure message and its receiver) or across time (e.g., cryptographically protected backup data). Such cryptosystems are sometimes called cryptographic protocols.

Some widely known cryptosystems include RSA, Schnorr signature, ElGamal encryption, and Pretty Good Privacy (PGP). More complex cryptosystems include electronic cash[59] systems, signcryption systems, etc. Some more 'theoretical'[clarification needed] cryptosystems include interactive proof systems,[60] (like zero-knowledge proofs)[61] and systems for secret sharing,[62][63].

Lightweight cryptography[edit]

Lightweight cryptography (LWC) concerns cryptographic algorithms developed for a strictly constrained environment. The growth of Internet of Things (IoT) has spiked research into the development of lightweight algorithms that are better suited for the environment. An IoT environment requires strict constraints on power consumption, processing power, and security.[64] Algorithms such as PRESENT, AES, and SPECK are examples of the many LWC algorithms that have been developed to achieve the standard set by the National Institute of Standards and Technology.[65]

Applications[edit]

This section needs expansion. You can help by adding to it. (December 2021)

Main category: Applications of cryptography

Cryptography is widely used on the internet to help protect user-data and prevent eavesdropping. To ensure secrecy during transmission, many systems use private key cryptography to protect transmitted information. With public-key systems, one can maintain secrecy without a master key or a large number of keys.[66] But, some algorithms like Bitlocker and Veracrypt are generally not private-public key cryptography. For example, Veracrypt uses a password hash to generate the single private key. However, it can be configured to run in public-private key systems. The C++ opensource encryption library OpenSSL provides free and opensource encryption software and tools. The most commonly used encryption cipher suit is AES,[67] as it has hardware acceleration for all x86 based processors that has AES-NI. A close contender is ChaCha20-Poly1305, which is a stream cipher, however it is commonly used for mobile devices as they are ARM based which does not feature AES-NI instruction set extension.

Cybersecurity[edit]

Cryptography can be used to secure communications by encrypting them. Websites use encryption via HTTPS.[68] "End-to-end" encryption, where only sender and receiver can read messages, is implemented for email in Pretty Good Privacy and for secure messaging in general in WhatsApp, Signal and Telegram.[68]

Operating systems use encryption to keep passwords secret, conceal parts of the system, and ensure that software updates are truly from the system maker.[68] Instead of storing plaintext passwords, computer systems store hashes thereof; then, when a user logs in, the system passes the given password through a cryptographic hash function and compares it to the hashed value on file. In this manner, neither the system nor an attacker has at any point access to the password in plaintext.[68]

Encryption is sometimes used to encrypt one's entire drive. For example, University College London has implemented BitLocker (a program by Microsoft) to render drive data opaque without users logging in.[68]

Cryptocurrencies and cryptoeconomics[edit]

Cryptographic techniques enable cryptocurrency technologies, such as distributed ledger technologies (e.g., blockchains), which finance cryptoeconomics applications such as decentralized finance (DeFi). Key cryptographic techniques that enable cryptocurrencies and cryptoeconomics include, but are not limited to: cryptographic keys, cryptographic hash function, asymmetric (public key) encryption, Multi-Factor Authentication (MFA), End-to-End Encryption (E2EE), and Zero Knowledge Proofs (ZKP).

Legal issues[edit]

See also: Cryptography laws in different nations

Prohibitions[edit]

Cryptography has long been of interest to intelligence gathering and law enforcement agencies.[9] Secret communications may be criminal or even treasonous.[citation needed] Because of its facilitation of privacy, and the diminution of privacy attendant on its prohibition, cryptography is also of considerable interest to civil rights supporters. Accordingly, there has been a history of controversial legal issues surrounding cryptography, especially since the advent of inexpensive computers has made widespread access to high-quality cryptography possible.

In some countries, even the domestic use of cryptography is, or has been, restricted. Until 1999, France significantly restricted the use of cryptography domestically, though it has since relaxed many of these rules. In China and Iran, a license is still required to use cryptography.[7] Many countries have tight restrictions on the use of cryptography. Among the more restrictive are laws in Belarus, Kazakhstan, Mongolia, Pakistan, Singapore, Tunisia, and Vietnam.[69]

In the United States, cryptography is legal for domestic use, but there has been much conflict over legal issues related to cryptography.[9] One particularly important issue has been the export of cryptography and cryptographic software and hardware. Probably because of the importance of cryptanalysis in World War II and an expectation that cryptography would continue to be important for national security, many Western governments have, at some point, strictly regulated export of cryptography. After World War II, it was illegal in the US to sell or distribute encryption technology overseas; in fact, encryption was designated as auxiliary military equipment and put on the United States Munitions List.[70] Until the development of the personal computer, asymmetric key algorithms (i.e., public key techniques), and the Internet, this was not especially problematic. However, as the Internet grew and computers became more widely available, high-quality encryption techniques became well known around the globe.

Export controls[edit]

Main article: Export of cryptography

In the 1990s, there were several challenges to US export regulation of cryptography. After the source code for Philip Zimmermann's Pretty Good Privacy (PGP) encryption program found its way onto the Internet in June 1991, a complaint by RSA Security (then called RSA Data Security, Inc.) resulted in a lengthy criminal investigation of Zimmermann by the US Customs Service and the FBI, though no charges were ever filed.[71][72] Daniel J. Bernstein, then a graduate student at UC Berkeley, brought a lawsuit against the US government challenging some aspects of the restrictions based on free speech grounds. The 1995 case Bernstein v. United States ultimately resulted in a 1999 decision that printed source code for cryptographic algorithms and systems was protected as free speech by the United States Constitution.[73]

In 1996, thirty-nine countries signed the Wassenaar Arrangement, an arms control treaty that deals with the export of arms and "dual-use" technologies such as cryptography. The treaty stipulated that the use of cryptography with short key-lengths (56-bit for symmetric encryption, 512-bit for RSA) would no longer be export-controlled.[74] Cryptography exports from the US became less strictly regulated as a consequence of a major relaxation in 2000;[75] there are no longer very many restrictions on key sizes in US-exported mass-market software. Since this relaxation in US export restrictions, and because most personal computers connected to the Internet include US-sourced web browsers such as Firefox or Internet Explorer, almost every Internet user worldwide has potential access to quality cryptography via their browsers (e.g., via Transport Layer Security). The Mozilla Thunderbird and Microsoft Outlook E-mail client programs similarly can transmit and receive emails via TLS, and can send and receive email encrypted with S/MIME. Many Internet users do not realize that their basic application software contains such extensive cryptosystems. These browsers and email programs are so ubiquitous that even governments whose intent is to regulate civilian use of cryptography generally do not find it practical to do much to control distribution or use of cryptography of this quality, so even when such laws are in force, actual enforcement is often effectively impossible.[citation needed]

NSA involvement[edit]

NSA headquarters in Fort Meade, Maryland

Category

vteCryptographic hash functions and message authentication codes

List

Comparison

Known attacks

Common functions

MD5 (compromised)

SHA-1 (compromised)

SHA-2

SHA-3

BLAKE2

SHA-3 finalists

BLAKE

Grøstl

Skein

Keccak (winner)

Other functions

BLAKE3

CubeHash

ECOH

FSB

Fugue

GOST

HAS-160

HAVAL

Kupyna

LSH

Lane

MASH-1

MASH-2

MD2

MD4

MD6

MDC-2

N-hash

RIPEMD

RadioGatún

SIMD

SM3

SWIFFT

Shabal

Snefru

Streebog

Tiger

VSH

Whirlpool

Password hashing/key stretching functions

Argon2

Balloon

bcrypt

Catena

crypt

LM hash

Lyra2

Makwa

PBKDF2

scrypt

yescrypt

General purposekey derivation functions

HKDF

KDF1/KDF2

MAC functions

CBC-MAC

DAA

GMAC

HMAC

NMAC

OMAC/CMAC

PMAC

Poly1305

SipHash

UMAC

VMAC

Authenticatedencryption modes

CCM

ChaCha20-Poly1305

CWC

EAX

GCM

IAPM

OCB

Attacks

Collision attack

Preimage attack

Birthday attack

Brute-force attack

Rainbow table

Side-channel attack

Length extension attack

Design

Avalanche effect

Hash collision

Merkle–Damgård construction

Sponge function

HAIFA construction

Standardization

CAESAR Competition

CRYPTREC

NESSIE

NIST hash function competition

Password Hashing Competition

Utilization

Hash-based cryptography

Merkle tree

Message authentication

Proof of work

Salt

Pepper

vteCryptographyGeneral

History of cryptography

Outline of cryptography

Cryptographic protocol

Authentication protocol

Cryptographic primitive

Cryptanalysis

Cryptocurrency

Cryptosystem

Cryptographic nonce

Cryptovirology

Hash function

Cryptographic hash function

Key derivation function

Digital signature

Kleptography

Key (cryptography)

Key exchange

Key generator

Key schedule

Key stretching

Keygen

Cryptojacking malware

Ransomware

Random number generation

Cryptographically secure pseudorandom number generator (CSPRNG)

Pseudorandom noise (PRN)

Secure channel

Insecure channel

Subliminal channel

Encryption

Decryption

End-to-end encryption

Harvest now, decrypt later

Information-theoretic security

Plaintext

Codetext

Ciphertext

Shared secret

Trapdoor function

Trusted timestamping

Key-based routing

Onion routing

Garlic routing

Kademlia

Mix network

Mathematics

Cryptographic hash function

Block cipher

Stream cipher

Symmetric-key algorithm

Authenticated encryption

Public-key cryptography

Quantum key distribution

Quantum cryptography

Post-quantum cryptography

Message authentication code

Random numbers

Steganography

Category

vteBlock ciphers (security summary)Commonalgorithms

AES

Blowfish

DES (internal mechanics, Triple DES)

Serpent

SM4

Twofish

Less commonalgorithms

ARIA

Camellia

CAST-128

GOST

IDEA

LEA

RC5

RC6

SEED

Skipjack

TEA

XTEA

Otheralgorithms

3-Way

Adiantum

Akelarre

Anubis

BaseKing

BassOmatic

BATON

BEAR and LION

CAST-256

Chiasmus

CIKS-1

CIPHERUNICORN-A

CIPHERUNICORN-E

CLEFIA

CMEA

Cobra

COCONUT98

Crab

Cryptomeria/C2

CRYPTON

CS-Cipher

DEAL

DES-X

DFC

FEAL

FEA-M

FROG

G-DES

Grand Cru

Hasty Pudding cipher

Hierocrypt

ICE

IDEA NXT

Intel Cascade Cipher

Iraqi

Kalyna

KASUMI

KeeLoq

KHAZAD

Khufu and Khafre

KN-Cipher

Kuznyechik

Ladder-DES

LOKI (97, 89/91)

Lucifer

MacGuffin

Madryga

MAGENTA

MARS

Mercy

MESH

MISTY1

MMB

MULTI2

MultiSwap

New Data Seal

NewDES

Nimbus

NOEKEON

NUSH

PRESENT

Prince

RC2

REDOC

Red Pike

S-1

SAFER

SAVILLE

SC2000

SHACAL

SHARK

Simon

Speck

Spectr-H64

Square

SXAL/MBAL

Threefish

Treyfer

UES

xmx

XXTEA

Zodiac

Design

Feistel network

Key schedule

Lai–Massey scheme

Product cipher

S-box

P-box

SPN

Confusion and diffusion

Round

Avalanche effect

Block size

Key size

Key whitening (Whitening transformation)

Attack(cryptanalysis)

Brute-force (EFF DES cracker)

MITM

Biclique attack

3-subset MITM attack

Linear (Piling-up lemma)

Differential

Impossible

Truncated

Higher-order

Differential-linear

Distinguishing (Known-key)

Integral/Square

Boomerang

Mod n

Related-key

Slide

Rotational

Side-channel

Timing

Power-monitoring

Electromagnetic

Acoustic

Differential-fault

XSL

Interpolation

Partitioning

Rubber-hose

Black-bag

Davies

Rebound

Weak key

Tau

Chi-square

Time/memory/data tradeoff

Standardization

AES process

CRYPTREC

NESSIE

Utilization

Initialization vector

Mode of operation

Padding

vteCryptographyGeneral

History of cryptography

Outline of cryptography

Cryptographic protocol

Authentication protocol

Cryptographic primitive

Cryptanalysis

Cryptocurrency

Cryptosystem

Cryptographic nonce

Cryptovirology

Hash function

Cryptographic hash function

Key derivation function

Digital signature

Kleptography

Key (cryptography)

Key exchange

Key generator

Key schedule

Key stretching

Keygen

Cryptojacking malware

Ransomware

Random number generation

Cryptographically secure pseudorandom number generator (CSPRNG)

Pseudorandom noise (PRN)

Secure channel

Insecure channel

Subliminal channel

Encryption

Decryption

End-to-end encryption

Harvest now, decrypt later

Information-theoretic security

Plaintext

Codetext

Ciphertext

Shared secret

Trapdoor function

Trusted timestamping

Key-based routing

Onion routing

Garlic routing

Kademlia

Mix network

Mathematics

Cryptographic hash function

Block cipher

Stream cipher

Symmetric-key algorithm

Authenticated encryption

Public-key cryptography

Quantum key distribution

Quantum cryptography

Post-quantum cryptography

Message authentication code

Random numbers

Steganography

Category

vteStream ciphersWidely used ciphers

A5/1

A5/2

ChaCha

Crypto-1

RC4

eSTREAM PortfolioSoftware

HC-256

Rabbit

Salsa20

SOSEMANUK

Hardware

Grain

MICKEY

Trivium

Other ciphers

Achterbahn (stream cipher)

F-FCSR

FISH

ISAAC

MUGI

ORYX

Panama

Phelix

Pike

QUAD

Scream

SEAL

SNOW

SOBER

SOBER-128

VEST

VMPC

WAKE

Generators

shrinking generator

self-shrinking generator

alternating step generator

Theory

block ciphers in stream mode

shift register

LFSR

NLFSR

T-function

Attacks

correlation attack

correlation immunity

stream cipher attacks

vteCryptographyGeneral

History of cryptography

Outline of cryptography

Cryptographic protocol

Authentication protocol

Cryptographic primitive

Cryptanalysis

Cryptocurrency

Cryptosystem

Cryptographic nonce

Cryptovirology

Hash function

Cryptographic hash function

Key derivation function

Digital signature

Kleptography

Key (cryptography)

Key exchange

Key generator

Key schedule

Key stretching

Keygen

Cryptojacking malware

Ransomware

Random number generation

Cryptographically secure pseudorandom number generator (CSPRNG)

Pseudorandom noise (PRN)

Secure channel

Insecure channel

Subliminal channel

Encryption

Decryption

End-to-end encryption

Harvest now, decrypt later

Information-theoretic security

Plaintext

Codetext

Ciphertext

Shared secret

Trapdoor function

Trusted timestamping

Key-based routing

Onion routing

Garlic routing

Kademlia

Mix network

Mathematics

Cryptographic hash function

Block cipher

Stream cipher

Symmetric-key algorithm

Authenticated encryption

Public-key cryptography

Quantum key distribution

Quantum cryptography

Post-quantum cryptography

Message authentication code

Random numbers

Steganography

Category

vteEspionageAgentsAssets

Agent handling

Cover

Double agent

Field agent

Resident spy

Sleeper agent

Spymaster

Analysis

Intelligence assessment

competing hypotheses

Devices andcommunications

Concealment device

Covert listening device

Cryptography

Cutout

Computer and network surveillance

Cyber spying

Dead drop

Invisible ink

Numbers station

One-way voice link

Phone surveillance

Short-range agent communications

Steganography

microdot

Surveillance tools

Tradecraft andtechniques

Canary trap

Front organization

Limited hangout

Operations

Chinese intelligence activity abroad

Chinese espionage in the United States

Cold War espionage

Recruitment

Black operation

black bag

wetwork

Eavesdropping

SIGINT

MASINT

False flag

Industrial espionage

Interpersonal (HUMINT) intelligence

interrogation

safe house

surveillance

COINTELPRO

MINARET

SHAMROCK

FVEY

Sexpionage

Stay-behind

Targeted surveillance

vteHidden messagesMain

Subliminal message

Audio

Backmasking

Hidden track

Phonetic reversal

Reverse speech

Numeric

Chronogram

Numerology

Theomatics

Bible code

Cryptology

Visual

Fnord

Hidden text

Paranoiac-critical method

Pareidolia

Psychorama

Sacred geometry

Steganography

Visual cryptography

Other

Apophenia

Asemic writing

Clustering illusion

Cryptic crossword

Anagram

Easter egg

Observer-expectancy effect

Pattern recognition

Palindrome

Simulacrum

Synchronicity

Unconscious mind

vteIntelligence managementCollectionHuman

Special reconnaissance

organizations

Clandestine

Asset recruiting

Cell system

Covert action

Direct action

Operational techniques

Espionage

Agents

field

handling

Asset

Black operation

black bag

Concealment device

Cover

Cryptography

Cutout

Dead drop

Defection / Turncoat

Denial and deception

Eavesdropping

False flag

Industrial espionage

Interrogation

Numbers station

One-way voice link

Resident spy

Steganography

Surveillance

Signals (SIGINT)

By alliances, nations and industries

In modern history

Operational platforms by nation

Direction finding

Traffic analysis

TEMPEST

Measurement andsignature (MASINT)

Electro-optical

Geophysical

Nuclear

Radar

Radiofrequency

Materials

Casualty estimation (earthquake)

Other

Cultural (CULTINT)

Financial (FININT)

Geospatial (GEOINT)

Imagery (IMINT)

Market (MARKINT)

Open-source (OSINT)

Technical (TECHINT)

Analysis

Cognitive traps

Competing hypotheses

Target-centric

Words of estimative probability

All-source intelligence

Basic intelligence

Intelligence assessment

Medical intelligence

Military geography

Scientific & Technical intelligence

Dissemination

Intelligence cycle security

Counterintelligence

organizations

Counterintelligence and counter-terrorism organizations

Authority control databases National

Spain

France

BnF data

Israel

United States

Czech Republic

Other

NARA

Retrieved from "https://en.wikipedia.org/w/index.php?title=Cryptography&oldid=1212749356"

Categories: CryptographyApplied mathematicsBanking technologyFormal sciencesHidden categories: CS1 maint: multiple names: editors listCS1: long volume valueCS1 maint: archived copy as titleCS1 maint: bot: original URL status unknownArticles with short descriptionShort description matches WikidataWikipedia indefinitely move-protected pagesWikipedia pending changes protected pagesArticles needing additional references from March 2021All articles needing additional referencesUse dmy dates from September 2015Articles containing Ancient Greek (to 1453)-language textAll articles with vague or ambiguous timeVague or ambiguous time from January 2022All articles with unsourced statementsArticles with unsourced statements from August 2018Wikipedia articles needing clarification from December 2018Articles to be expanded from December 2021All articles to be expandedArticles using small message boxesArticles with unsourced statements from April 2016Articles with unsourced statements from August 2013Webarchive template wayback linksCommons category link is on WikidataCS1 maint: multiple names: authors listArticles with BNE identifiersArticles with BNF identifiersArticles with BNFdata identifiersArticles with J9U identifiersArticles with LCCN identifiersArticles with NKC identifiersArticles with NARA identifiers

This page was last edited on 9 March 2024, at 11:54 (UTC).

Text is available under the Creative Commons Attribution-ShareAlike License 4.0;

additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.

About Wikipedia

Disclaimers

Contact Wikipedia

Code of Conduct

Developers

Statistics

Cookie statement

Mobile view

Toggle limited content width

What is cryptography? | IBM

What is cryptography?

Explore IBM cryptography solutions

What is cryptography?

Cryptography is the practice of developing and using coded algorithms to protect and obscure transmitted information so that it may only be read by those with the permission and ability to decrypt it. Put differently, cryptography obscures communications so that unauthorized parties are unable to access them.

In our modern digital age, cryptography has become an essential cybersecurity tool for protecting sensitive information from hackers and other cybercriminals.

Derived from the Greek word “kryptos,” meaning hidden, cryptography literally translates to “hidden writing.” Of course, it can be used to obscure any form of digital communication, including text, images, video or audio. In practice, cryptography is mainly used to transform messages into an unreadable format (known as ciphertext) that can only be decrypted into a readable format (known as plaintext) by the authorized intended recipient through the use of a specific secret key.

Cryptology, which encompasses both cryptography and cryptanalysis, is deeply rooted in computer science and advanced mathematics. The history of cryptography dates back to ancient times when Julius Caesar created the Caesar cipher to obscure the content of his messages from the messengers who carried them in the first century B.C. Today, organizations like the National Institute of Standards and Technology (NIST) continue to develop cryptographic standards for data security.

Ebook

Encryption: Protect your most critical data

Learn how encryption can help safeguard your data against threats and address compliance.

Related topic

What is encryption?

Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can access encrypted data with an encryption key and decrypted data with a decryption key.

Related topic

What is quantum-safe cryptography?

Quantum-safe cryptography secures sensitive data, access, and communications for the era of quantum computing.

Related topic

What is data security?

Data security is the practice of protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle. It’s a concept that encompasses every aspect of information security from the physical security of hardware and storage devices to administrative and access controls, as well as the logical security of software applications.

Podcast

The Quantum Quandary: How Researchers Are Bridging the Supercomputer Security Concerns

In this episode of Into the Breach, Dr. Walid Rjaibi shares his perspective on quantum safety and gives us an in-depth view of the security risk it poses, how researchers are addressing that risk, and how policy can (or should) shift to make standardization a reality.

Blog post

Protecting apps on IBM Cloud with quantum-safe cryptography

When large-scale quantum computers are available, they pose a potential risk that they will be able to break the systems that are built on public-key cryptography that are currently in use.

Related topic

What is end-to-end encryption?

End-to-end encryption (E2EE) is a secure communication process that prevents third parties from accessing data transferred from one endpoint to another.

Take the next step

IBM cryptography solutions can help your organization protect data and augment privacy and regulatory compliances. Schedule a free, one-on-one, 30-minute consultation to learn more about IBM cryptography solutions.

Book a meeting

Explore cryptography solutions

ISO - What is cryptography?

Applications

OBP

English

españolfrançaisрусский

StandardsSectorsHealthIT & related technologiesTransportEnvironmental sustainabilityManagement & servicesSecurity, safety and risk Food and agricultureBuilding and constructionEnergyEngineeringMaterialsDiversity and inclusionAbout usNewsTaking partStore

Cart

Security

What is cryptography?

Tagged as Information technology

As a child, you may recall using symbols to write coded messages to your classmates that no one else could understand. More seriously, codes and ciphers are used for information security in computer systems and networks to protect sensitive and commercial information from unauthorized access when it is at rest or in transit. Uses include anything from keeping military secrets to transmitting financial data safely across the Internet.

Cryptography is an important computer security tool that deals with techniques to store and transmit information in ways that prevent unauthorized access or interference.

Table of contents

Enable Javascript to view table

How cryptography keeps communication secret and safe

The cryptographic process of scrambling text from a readable form to an unintelligible form – known as cipher text – is called encryption. Sending secret or private messages as cipher text is a typical use of cryptography. Once the cipher text is received, it is descrambled by the authorized recipient back to its readable form. The descrambling (or decryption) is performed with the use of an encryption key, which serves to prevent third parties from reading these messages.

Encryption methods have been used by many civilizations throughout history to prevent non-authorized people from understanding messages. Julius Caesar is credited for one of the earliest forms of cipher – the “Caesar Cipher” – to convey messages to his generals. With increasing sophistication, cryptography now plays a vital role in ensuring the privacy, data confidentiality, data integrity and authentication in computer systems and networks. In today’s world, where the majority of our personal and professional communications and transactions are conducted online, cryptography is more important than ever.

Almost done!

You are only one step away from joining the ISO subscriber list. Please confirm your subscription by clicking on the email we've just sent to you. You will not be registered until you confirm your subscription. If you can't find the email, kindly check your spam folder and/or the promotions tab (if you use Gmail).

To learn how your data will be used, please see our privacy notice.Types of cryptography systems

Cryptography refers to the techniques and algorithms that are used today for secure communication and data in storage. It incorporates mathematics, computer science, electronics and digital signal processing. Broadly speaking, there are four types of cryptography systems:

Symmetric-key cryptography (or “secret key”): In this type of system, both the sender and the receiver share the same key, which is used to encrypt and decrypt the message.

Asymmetric-key cryptography (or “public key”): In this type of cryptography system, there are two keys – one public and one private; these form a pair and are related mathematically. To apply asymmetric cryptography, the sender uses the public key of the intended recipient to encode the message, and then sends it on its way. When the message arrives, only the recipient’s private key can be used to decode it, meaning that a stolen message is of no use to the thief without the corresponding private key. Encryption mechanisms are the focus of ISO/IEC 18033, a suite of International Standards that specifies a number of asymmetric ciphers. The multipart series includes identity-based ciphers, block ciphers, stream ciphers, and homomorphic encryption.

Cryptographic key management: This type of system is crucial for protecting the keys used in both symmetric and asymmetric cryptography. It includes a set of processes covering the entire “life cycle” of a key, including its generation, exchange and distribution, storage, use, safe destruction and replacement. If the key management is weak, then the protection of encrypted data is weak. There are a number of International Standards relating to key management (e.g. ISO/IEC 11770) and key generation (e.g. ISO/IEC 18031 and ISO/IEC 18032).

Cryptographic hash function: This is a technique that converts a string of data of any length into a hashed output (a digest of the input) of fixed length. Hash functions have many applications such as in digital signatures, MACs (message authentication codes), and checksums (to check data corruption). International Standards that specify hash functions include ISO/IEC 9797-2, ISO/IEC 9797-3 and ISO/IEC 10118.

Information security principles and uses of cryptography

The key principles of information security are confidentiality, integrity and availability. Cryptography is an important tool that helps to preserve two of these principles:

Data confidentiality ensures that data is not disclosed to unauthorized parties. Cryptographic techniques such as encryption can be used to protect the confidentiality of data by making it unreadable to those who don’t have the proper decryption key.

Data integrity ensures that data has not been modified or corrupted. One example for International Standards on data integrity is ISO/IEC 9797, which specifies algorithms for calculating message authentication codes.

In addition to these key information security objectives, cryptography is used to achieve:

Entity authentication

By checking knowledge of a secret, entity authentication verifies the identity of the sender. Various crypto-based mechanisms and protocols can be used to achieve this, such as symmetric systems, digital signatures, zero-knowledge techniques and checksums. ISO/IEC 9798 is a series of standards that specifies entity authentication protocols and techniques.

Digital signatures

Used to verify the authenticity of data, digital signatures confirm that the data originated from the signer and has not been changed. They are used, for example, in email messages, electronic documents and online payments. International Standards that specify digital signature schemes include ISO/IEC 9796, ISO/IEC 14888, ISO/IEC 18370 and ISO/IEC 20008.

Non-repudiation

Cryptographic techniques such as digital signatures can be used to provide non-repudiation by ensuring that the sender and receiver of a message cannot deny that they, respectively, sent or received the message. The standard ISO/IEC 13888 describes techniques (symmetric and asymmetric) for the provision of non-repudiation services.

Lightweight cryptography

Lightweight cryptography is used in applications and technologies that are constrained in computational complexity: limiting factors can be memory, power and computing resources. The need for lightweight cryptography is expanding in our modern digital world. Constrained devices – for example IoT (Internet of Things) sensors or actuators like the ones switching on appliances in a so-called smart home – use lightweight symmetric cryptography. ISO/IEC 29192 is an eight-part standard that specifies various cryptographic techniques for lightweight applications.

Digital rights management

Digital rights management (DRM) protects the copyright of your digital content. DRM uses cryptographic software to ensure that only authorized users can have access to the material, modify or distribute it.

Electronic commerce and online shopping

Secure e-commerce is made possible by the use of asymmetric-key encryption. Cryptography plays an important role in online shopping as it protects credit card information and related personal details, as well as customers’ purchasing history and transactions.

Cryptocurrencies and blockchain

A cryptocurrency is a digital currency that uses cryptographic techniques to secure transactions. Each cryptocurrency coin is validated via distributed ledger technologies (e.g. blockchain). A ledger, in this case, is a continuously growing list of records – known as blocks – that are linked together using cryptography. What are cryptographic algorithms?

A cryptographic algorithm is a math-based process for encoding text and making it unreadable. Cryptographic algorithms are used to provide data confidentiality, data integrity and authentication, as well as for digital signatures and other security purposes.

Both DES (Data Encryption Standard) and AES (Advanced Encryption Standard) are popular examples of symmetric-key algorithms, while prominent asymmetric-key algorithms include RSA (Rivest-Shamir-Adleman) and ECC (elliptic curve cryptography).

Elliptic curve cryptography (ECC)

ECC is an asymmetric-key technique based on the use of elliptic curves, which has applications in encryption and digital signatures, for example. ECC technology can be used to create faster, smaller and more efficient cryptographic keys. Elliptic curve techniques are covered in the multipart standard ISO/IEC 15946.

Standards for cryptography

Cryptography has been the subject of intense standardization efforts resulting in a range of International Standards that encapsulate the knowledge and best practice of leading experts in the field. Internationally agreed ways of working make technology more secure and interoperable. By using cryptography standards, developers can rely on common definitions, as well as proven methods and techniques. Future-proofing cryptography

Today, we are on the edge of a quantum revolution. The advent of quantum computing in the coming years will provide mankind with processing powers on a scale that traditional computers can never hope to match. While this offers countless possibilities for complex problem-solving, it also comes with corresponding security threats. That very same power could undermine much of today’s cybersecurity – including established cryptographic practices.

Quantum cryptography is a method of encryption that applies the principles of quantum mechanics to provide secure communication. It uses quantum entanglement to generate a secret key to encrypt a message in two separate places, making it (almost) impossible for an eavesdropper to intercept without altering its contents. Hailed as the next big revolution in secure communication systems, quantum cryptography has the potential to be a real breakthrough for data that needs to stay private far into the future.

The new dawn of encryption is looking bright!

News

What is cryptography?

Sitemap

StandardsBenefitsPopular standardsConformity assessmentSDGsSectorsHealthIT & related technologiesTransportEnvironmental sustainabilityManagement & servicesAbout usWhat we doStructureMembersStrategyNewsEventsMedia kitTaking partWho develops standardsDeliverablesGet involvedClimate action kitResourcesStoreStandards cataloguePublications and products

ISO name and logoPrivacy NoticeCopyrightCookie policyJobsFAQsContact ISO

Almost done!

To learn how your data will be used, please see our privacy notice.

Making lives easier, safer and better.

We are committed to ensuring that our website is accessible to everyone. If you have any questions or suggestions regarding the accessibility of this site, please contact us.

© All Rights Reserved All ISO publications and materials are protected by copyright and are subject to the user’s acceptance of ISO’s conditions of copyright. Any use, including reproduction requires our written permission. All copyright requests should be addressed to copyright@iso.org.

What is Cryptography?

is Cryptography?Skip to main contentSolutions for:Home ProductsSmall Business 1-50 employeesMedium Business 51-999 employeesEnterprise 1000+ employeesSolutions for:Home ProductsSmall Business 1-50 employeesMedium Business 51-999 employeesEnterprise 1000+ employeesKaspersky logoMy KasperskyProductsProductsKasperskyPremium

Complete protection for your devices, online privacy & identityLearn moreFree, 30-day trialKasperskyPlus

Combines security, performance & privacy features in one appLearn moreFree, 30-day trialKasperskyStandard

Enhanced protection with device performance boosterLearn moreFree, 30-day trialKasperskySafe KidsFlexible parental controls & GPS tracker for your kidsLearn moreFree trialKasperskyVPN Secure ConnectionThe private and secure VPN to enjoy the Internet without compromising on speedLearn moreDownloadKasperskyPassword ManagerBank-grade security vault for your passwords & documentsLearn moreGet Free VersionOther LinksRenew LicenseSupportTrials & DownloadsRenewDownloadsSupportResource CenterBlogBlogBusinessNewsPrivacyProductsSpecial ProjectsTechnologyThreatsTipsHomeHome SecurityResource CenterDefinitionsWhat is Cryptography?

As the world becomes increasingly digital, the need for security has become ever more imperative. That’s where cryptography and its applications to cybersecurity come in.

Essentially, the word refers to the study of secure communications techniques, but cryptography is closely associated with encryption, or the act of scrambling ordinary text into what’s known as ciphertext—and then back again into ordinary text (called

plaintext) when it arrives at its destination. Several historical figures have been credited with creating and using cryptography through the centuries, from Greek historian Polybios and French diplomat Blaise de Vigenère to Roman Emperor Julius Caesar—who

is credited with using one of the first modern ciphers—and Arthur Scherbius, who created the Enigma code-breaking machine during World War Two. Likely, none of them would recognize the ciphers of the 21st century. But exactly what is cryptography?

And, how does it work?

Cryptography Definition

Cryptography is the technique of obfuscating or coding data, ensuring that only the person who is meant to see the information–and has the key to break the code–can read it. The word is a hybrid of two Greek words: “kryptós”, which means hidden, and “graphein”,

which means to write. Literally, the word cryptography translates to hidden writing, but in reality, the practice involves the secure transmission of information.

The use of cryptography can be traced to the ancient Egyptians and their creative use of hieroglyphics. But, the art of coding has seen great strides over the millennia, and modern cryptography combines advanced computer technology, engineering, and maths—among

other disciplines—to create highly sophisticated and secure algorithms and ciphers to protect sensitive data in the digital era.

For example, cryptography is used to create various types of encryption protocols that are regularly used to protect data. These include 128-bit or 256-bit encryption, Secure Sockets Layer (SSL), and Transport Layer Security (TLS). These encryption protocols

protect all manner of digital information and data, from passwords and emails to ecommerce and banking transactions.

There are different cryptographic types, which are useful for different purposes. For example, the simplest is symmetric key cryptography. Here, data is encrypted using a secret key, and then both the encoded message and the secret key are sent to the

recipient for decryption. Of course, the problem here is that if the message is intercepted, the third party can easily decode the message and steal the information.

To create a more secure system of encoding, cryptologists devised asymmetric cryptography, which is sometimes known as the “public key” system. In this instance, all users have two keys: one public and one private. When creating a coded message, the sender

will request the recipient’s public key to encode the message. This way, only the intended recipient’s private key will decode it. This way, even if the message is intercepted, a third party cannot decode it.

Why is cryptography important?

Cryptography is an essential cybersecurity tool. Its use means that data and users have an additional layer of security that ensures privacy and confidentiality and helps keep data from being stolen by cybercriminals. In practice, cryptography has many

applications:

Confidentiality: Only the intended recipient can access and read the information, so conversations and data remain private.

Integrity of data: Cryptography ensures that the encoded data cannot be modified or tampered with enroute from the sender to the receiver without leaving traceable marks— an example of this is digital signatures.

Authentication: Identities and destinations (or origins) are verified.

Non-repudiation: Senders become accountable for their messages since they cannot later deny that the message was transmitted—digital signatures and email tracking are examples of this.

What is cryptography in cybersecurity?

Interest in the use of cryptography grew with the development of computers and their connections over an open network. Over time, it became obvious that there was a need to protect information from being intercepted or manipulated while being transmitted

over this network. IBM was an early pioneer in this field, releasing its “Lucifer” encryption in the 1960s—this eventually became the first Data Encryption Standard (DES).

As our lives become increasingly digital, the need for cryptography to secure massive amounts of sensitive information has become even more imperative. Now, there are many ways in which cryptography is crucial in the online space. Encryption is an essential

part of being online, since so much sensitive data is transmitted everyday. Here are a few real-life applications:

Using virtual private networks (VPNs) or protocols such as SSL to browse the internet safely and securely.

Creating limited access controls so that only individuals with the correct permissions can carry out certain actions or functions, or access particular things.

Securing different types of online communication, including emails, login credentials, and even text messages—such as with WhatsApp or Signal—through end-to-end encryption.

Protecting users from various types of cyberattacks, such as man-in-the-middle attacks.

Allowing companies to meet legal requirements, such as the data protections set out in the General Data Protection Regulation (GDPR).

Creating and verifying login credentials, especially passwords.

Allowing the secure management and transaction of cryptocurrencies.

Enabling digital signatures to securely sign online documents and contracts.

Verifying identities when logging into online accounts.

What are the types of cryptography?

Cryptography definitions are, understandably, quite broad. This is because the term covers a wide range of different processes. As such, there are many different types of cryptographic algorithms, each one offering varying levels of security, depending

on the type of information being transmitted. Below are the three main cryptographic types:

Symmetric Key Cryptography: This simpler form of cryptography takes its name from the fact that both the sender and receiver share one key to encrypt and decrypt information. Some examples of this are the Data Encryption Standard (DES) and Advanced

Encryption Standard (AES). The main difficulty here is finding a way to securely share the key between the sender and receiver.

Asymmetric Key Cryptography: A more secure type of cryptography, this involves both the sender and receiver having two keys: one public and one private. During the process, the sender will use the receiver’s public key to encrypt the message, while

the receiver will use their private key to decrypt it. The two keys are different, and since only the receiver will have the private key, they will be the only ones able to read the information. The RSA algorithm is the most popular form of asymmetric

cryptography.

Hash Functions: These are types of cryptographic algorithms that do not involve the use of keys. Instead, a hash value—a number of fixed lengths that acts as a unique data identifier—is created based on the length of the plain text information and

used to encrypt the data. This is commonly used by various operating systems to protect passwords, for example.

From the above, it is clear that the main difference in symmetric and asymmetric encryption in cryptography is that the first only involves one key while the second requires two.

Types of symmetric cryptography

Symmetric encryption is sometimes called secret key cryptography because one single—purportedly—secret key is used to encrypt and decrypt information. There are several forms of this type of cryptography, including:

Stream ciphers: These work on a single byte of data at a time and regularly change the encryption key. In this process, the keystream can be in tandem with—or independent of the message stream. This is called self-synchronizing or synchronous, respectively.

Block ciphers: This type of cryptography—which includes the Feistel cipher—codes and decodes one block of data at a time.

Forms of asymmetric key cryptography

Asymmetric cryptography—sometimes referred to as public-key encryption—hinges on the fact that the receiver has two keys in play: a public one and a private one. The first is used by the sender to encode the information, while the receiver uses the latter—which

only they have—to securely decrypt the message.

Asymmetric key cryptography encrypts and decrypts messages using algorithms. These are based on various mathematical principles, such as multiplication or factorization—multiplying two big prime numbers to generate one massive, random number which is

incredibly tricky to crack—or exponentiation and logarithms, which create exceptionally complex numbers that are nearly impossible to decrypt, such as in 256-bit encryption. There are different types of asymmetric key algorithms, such as:

RSA: The first type of asymmetric cryptography to be created, RSA is the basis of digital signatures and key exchanges, among other things. The algorithm is based on the principle of factorization.

Elliptic Curve Cryptography (ECC): Often found in smartphones and on cryptocurrency exchanges, ECC employs the algebraic structure of elliptic curves to build complex algorithms. Significantly, it does not require much storage memory or usage bandwidth,

making it especially useful for electronic devices with limited computing power.

Digital Signature Algorithm (DSA): Built on the principles of modular exponentiations, DSA is the gold standard for verifying electronic signatures and was created by the National Institute of Standards and Technologies.

Identity-based Encryption (IBE): This unique algorithm negates the need for a message recipient to provide their public key to the sender. Instead, a known unique identifier—such as an email address—is used by the sender to generate a public key to

encode the message. A trusted third-party server then generates a corresponding private key that the receiver can access to decrypt the information.

Cryptographic attacks

As with most technologies, cryptography has become increasingly sophisticated. But that does not mean that these encryptions cannot be broken. If the keys are compromised, it is possible for an external party to crack the coding and read the protected

data. Here are a few potential issues to watch for:

Weak keys: Keys are a collection of random numbers used with an encryption algorithm to alter and disguise data so that it is incomprehensible to others. Longer keys involve more numbers, making them much trickier to crack—and therefore, better for

protecting data.

Using keys incorrectly: Keys need to be used correctly—if they are not, hackers can easily crack them to access the data they are supposed to protect.

Reusing keys for different purposes: Like passwords, each key should be unique—using the same key across different systems weakens the ability of cryptography to protect data.

Not changing keys: Cryptographic keys can quickly become out of date, which is why it is important to regularly update them to keep data secure.

Not storing keys carefully: Ensure that keys are kept in a secure place where they cannot easily be found, otherwise they can be stolen to compromise the data they protect.

Insider attacks: Keys can be compromised by individuals who legitimately have access to them—such as an employee— and who them sells them on for nefarious purposes.

Forgetting the backup: Keys should have a backup because if they suddenly become faulty, the data they protect could become inaccessible.

Recording keys incorrectly: Manually entering keys into a spreadsheet or writing them down on paper may appear to be a logical choice, but it is also one that is prone to error and theft.

There are also specific cryptography attacks designed to break through encryptions by finding the right key. Here are some of the common:

Brute force attacks: Broad attacks that try to randomly guess private keys using the known algorithm.

Ciphertext-only attacks: These attacks involve a third party intercepting the encrypted message—not the plaintext—and trying to work out the key to decrypt the information, and later, the plaintext.

Chosen ciphertext attack: The opposite of a chosen plaintext attack, here, the attacker analyses a section of ciphertext against its corresponding plaintext to discover the key.

Chosen plaintext attack: Here, the third party chooses the plaintext for a corresponding ciphertext to begin working out the encryption key.

Known plaintext attack: In this case, the attacker randomly accesses part of the plaintext and part of the ciphertext and begins to figure out the encryption key. This is less useful for modern cryptography as it works best with simple ciphers.

Algorithm attack: In these attacks, the cybercriminal analyses the algorithm to try and work out the encryption key.

Is it possible to mitigate the threat of cryptography attacks?

There are a few ways in which individuals and organizations can try and lower the possibility of a cryptographic attack. Essentially, this involves ensuring the proper management of keys so that they are less likely to be intercepted by a third party,

or useable even if they do. Here are a few suggestions:

Use one key for each specific purpose—for example, use unique keys for authentication and digital signatures .

Protect cryptographic keys with stronger Key-encryption-keys (KEKs).

Use hardware security modules to manage and protect keys—these function like regular password managers.

Ensure that keys and algorithms are regularly updated.

Encrypt all sensitive data.

Create strong, unique keys for each encryption purpose.

Store keys securely so they cannot be easily accessed by third parties.

Ensure the correct implementation of the cryptographic system.

Include cryptography in security awareness training for employees.

The need for cryptography

Most people will not need to have more than a basic understanding of what cryptography is. But learning the cryptography definition, how the process works, and its applications to cybersecurity, can be useful in being more mindful about managing day-to-day

digital interactions. This can help most people keep their emails, passwords, online purchases, and online banking transactions—all of which use cryptography in their security features—more secure.

Get Kaspersky Premium + 1 YEAR FREE Kaspersky Safe Kids. Kaspersky Premium received five AV-TEST awards for best protection, best performance, fastest VPN, approved parental control for Windows and best rating for parental control Android.

What Is Cryptography and How Does It Work? | Synopsys

Application Security

| Build trust in your software

Support

About Us

English

日本語

简体中文

close search bar

Sorry, not available in this language yet

close language selection

English

日本語

简体中文

Platform

Solutions

Tools & Services

Customer Success

Partners

Resources

Blog

Contact Sales

Tools & Services

go back

Go Back

Integrated AppSec Solutions

AppSec SaaS Platform

AppSec IDE Plug-ins

Application Security Posture Management

DevSecOps Integrations

Software Risk Analysis

Static Analysis (SAST)

Software Composition Analysis (SCA)

Interactive Analysis (IAST)

Dynamic Analysis (DAST)

Penetration Testing

Protocol Fuzzing

AppSec Program Services

Program Strategy & Planning

Threat & Risk Assessments

Security Training

Implementation & Deployment

Security Testing Services

M&A Due Diligence

Open Source & Security Audits

2023 Gartner® Magic Quadrant™ for AppSec Testing

See why Synopsys is a Leader

AppSec SaaS Platform | Integrated, cloud-based AST solution optimized for development and DevSecOps teams.

AppSec IDE Plug-ins | Secure code as you write it in your IDE

Software Risk Management | Manage application security programs at enterprise scale

DevSecOps Integrations | Integrate AppSec tools into DevOps workflows

Static Analysis (SAST) | Address security and quality defects in code as it's being developed

Software Composition Analysis (SCA) | Secure and manage open source risks in applications and containers

Interactive Analysis (IAST) | Automate web security testing within your DevOps pipelines

Dynamic Analysis (DAST) | Continuous web application security testing in production.

Penetration Testing | Identify business-critical vulnerabilities with on-demand testing expertise.

Protocol Fuzzing | Identify defects and zero-day vulnerabilities in services and protocols

Program Strategy & Planning | Measure, scale, and optimize your AppSec program

Threat & Risk Assessments | Understand and address internal and external security risks

Security Training | Equip development teams with the skills they need to produce more secure software

Implementation & Deployment | Optimize utilization, management and deployment of AppSec tools

Security Testing Services | On-demand AppSec testing resources and expertise

Open Source & Security Audits | Comprehensive technical due diligence services for M&A

close sub navigation

Application Security index

Solutions

go back

Go Back

Use Cases

API Security Testing

AppSec Consolidation

Application Security Testing

DevSecOps

Software Supply Chain Security

Manage AppSec Risk

Cloud & Container Security

Open Source License Compliance

M&A Due Diligence

Quality & Security Standards Compliance

By Role

Dev and DevOps Teams

Security Teams

Legal Teams

By Industry

Financial Services

IoT & Embedded

Automotive

Telecommunications

Aerospace & Defense

Public Sector

Medical Device

2023 Gartner® Magic Quadrant™ for AppSec Testing

See why Synopsys is a Leader

API Security Testing | Manage software risks with a holistic API security testing program.

AppSec Consolidation | Simplify your application security program

Application Security Testing | Solutions to address security risks at all stages of the application life cycle.

DevSecOps | Solutions to help shift security left without slowing down your development teams.

Software Supply Chain Security | Solutions to identify and manage software supply chain risks end-to-end.

Manage AppSec Risk | Scale your application security program without increasing complexity or adding friction.

Cloud & Container Security | Optimize your applications for secure deployment and operation in the cloud

Open Source License Compliance | Effective solutions for ensuring open source license compliance

M&A Due Diligence | Identify software risks that could negatively impact the value of acquired IP.

Quality & Security Standards Compliance | Ensure your software complies with the standards critical to customers and regulators

Dev and DevOps Teams | Build secure software while maintaining developer productivity and pipeline velocity.

Security Teams | Align people, processes, and technology to minimize software risk and transform your business.

Legal Teams | Solutions to protect your IP and manage risk.

Financial Services | Protect sensitive customer and financial data from rapidly evolving security threats.

IoT & Embedded | Ensure your embedded and IoT devices are safe, secure, and reliable.

Automotive | Build software security & reliability into the modern connected car.

Telecommunications | Create seamless and safe mobile experiences, from silicon to software.

Aerospace & Defense | Solutions for automating mission-critical development.

Public Sector | Application security for government agencies and their suppliers.

Medical Device | Safeguard medical devices and applications.

close sub navigation

Application Security index

Customer Success

go back

Go Back

Customer Success

Our Commitment

Meet Your Team

Customer Testimonials

Support

Submit a Ticket

Documentation

Customer Community

Product Education

Add-On Services

Premium & Designated Support

Implementation & Deployment

AppSec Training

2023 Gartner® Magic Quadrant™ for AppSec Testing

See why Synopsys is a Leader

Our Commitment | Gain the confidence to implement, deploy, and grow with your AppSec tools

Meet Your Team | Achieve your AppSec goals with support from Synopsys experts.

Customer Testimonials | Application security customer success stories

Submit a Ticket | Visit our customer community for online support.

Documentation | Comprehensive user guides and how-to articles. <./li>

Customer Community | Search for answers, knowledge articles, tutorials, documentation, and more.

Product Education | Interactive courseware designed to help implement best practices for secure code.

Premium & Designated Support | Support with expedited response times and access to specialized technical, tactical, and operational knowledge.

Implementation & Deployment | Discover how to best utilize, manage, and deploy your application testing tools.

AppSec Training | Equip development teams with the skills they need to produce more secure software.

close sub navigation

Application Security index

Resources

go back

Go Back

Application Security News

Manage Security Risks

Build Security into DevOps

Secure the Software Supply Chain

Security News & Trends

Content Library

Case Studies

eBooks

Glossary

Reports

Webinars

White Papers

Cybersecurity Research Center

Overview

Research

News Room

Press Releases

2023 Gartner® Magic Quadrant™ for AppSec Testing

See why Synopsys is a Leader

Manage Security Risks News | Read the latest information on how to manage application security risks.

Build Security into DevOps News | Get insights from Synopsys on building security into DevOps.

Secure the Software Supply Chain News | Discover software supply chain risk management tips and best practices.

Security News & Trends | Get an analysis of today’s application security news and trends.

Case Studies | Application security customer stories

eBooks | Browse the latest ebooks on software security trends and best practices

Glossary | Glossary of Application Security, EDA & Semiconductor IP terms

Reports | Browse the latest application security reports from Synopsys and industry-leading analysts.

Webinars | Browse the latest webinars on application security solutions, trends, and strategies.

White Papers | Access the latest white papers for technical knowledge on application security solutions.

Overview | Learn more about the Synopsys Cybersecurity Research Center.

Research | Access the latest first-party research and analysis from the Synopsys Cybersecurity Research Center.

Press Releases | Browse our most recent news releases.

close sub navigation

Application Security index

Home

Products A-Z

Silicon Design

Design

Verification Family

Synopsys IP

Application Security

Manufacturing Solutions

Simpleware 3D Image Processing

Optical Solutions

Photonic Solutions

Solutions

Aerospace & Government

AI & Machine Learning Solutions

Internet of Things

HPC & Data Center

Cloud

Memory

Multi-Die System Solution

RF Design

RISC-V

About Us

Newsroom

Community

Services

Support

Blogs

Careers

Events

Academic & Research Alliances

Webinars

Partners

Glossary

What is Design Planning?

What is cryptography?

The 10 most common web and software application vulnerabilities

Table of Contents

What is the difference between symmetric and asymmetric cryptography?

What problems does cryptography solve?

What are the principles?

Cryptography | NIST

An official website of the United States government

Here’s how you know

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock (

Lock

A locked padlock

) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

https://www.nist.gov/cryptography

Search NIST

Topics

All Topics

Advanced communications

Artificial intelligence

Bioscience

Buildings and construction

Chemistry

Climate

Cybersecurity

Electronics

Energy

Environment

Fire

Forensic science

Health

Information technology

Infrastructure

Manufacturing

Materials

Mathematics and statistics

Metrology

Nanotechnology

Neutron research

Performance excellence

Physics

Public safety

Resilience

Standards

Transportation

Publications

Labs & Major Programs

Laboratories

Communications Technology Laboratory

Engineering Laboratory

Information Technology Laboratory

Material Measurement Laboratory

Physical Measurement Laboratory

User Facilities

NIST Center for Neutron Research

CNST NanoFab

Research Test Beds

Research Projects

Tools & Instruments

Major Programs

Baldrige Performance Excellence Program

CHIPS for America Initiative

Manufacturing Extension Partnership (MEP)

Office of Advanced Manufacturing

Special Programs Office

Technology Partnerships Office

Services & Resources

Standards and Measurements

Calibration Services

Laboratory Accreditation (NVLAP)

Quality System

Standard Reference Materials (SRMs)

Standards.gov

Time Services

Office of Weights and Measures

Software

Data

Chemistry WebBook

National Vulnerability Database

Physical Reference Data

Standard Reference Data (SRD)

Storefront

License & Patents

Computer Security Resource Center (CSRC)

NIST Research Library

News & Events

News

Events

Blogs

Feature Stories

Awards

Video Gallery

Image Gallery

Media Contacts

About NIST

About Us

Leadership

Organization Structure

Budget & Planning

Visit

Careers

Student programs

Work with NIST

History

NIST Digital Archives

NIST Museum

NIST and the Nobel

Educational Resources

Information Technology /Cybersecurity

Cryptography

Overview

Cryptography uses mathematical techniques to transform data and prevent it from being read or tampered with by unauthorized parties. That enables exchanging secure messages even in the presence of adversaries. Cryptography is a continually evolving field that drives research and innovation. The Data Encryption Standard (DES), published by NIST in 1977 as a Federal Information Processing Standard (FIPS), was groundbreaking for its time but would fall far short of the levels of protection needed today.

As our electronic networks grow increasingly open and interconnected, it is crucial to have strong, trusted cryptographic standards and guidelines, algorithms and encryption methods that provide a foundation for e-commerce transactions, mobile device conversations and other exchanges of data. NIST has fostered the development of cryptographic techniques and technology for 50 years through an open process which brings together industry, government, and academia to develop workable approaches to cryptographic protection that enable practical security.

Our work in cryptography has continually evolved to meet the needs of the changing IT landscape. Today, NIST cryptographic solutions are used in commercial applications from tablets and cellphones to ATMs, to secure global eCommcerce, to protect US federal information and even in securing top-secret federal data. NIST looks to the future to make sure we have the right cryptographic tools ready as new technologies are brought from research into operation. For example, NIST is now working on a process to develop new kinds of cryptography to protect our data when quantum computing becomes a reality. At the other end of the spectrum, we are advancing so-called lightweight cryptography to balance security needs for circuits smaller than were dreamed of just a few years ago.

In addition to standardizing and testing cryptographic algorithms used to create virtual locks and keys, NIST also assists in their use. NIST’s validation of strong algorithms and implementations builds confidence in cryptography—increasing its use to protect the privacy and well-being of individuals and businesses.

NIST continues to lead public collaborations for developing modern cryptography, including:

Block ciphers, which encrypt data in block-sized chunks (rather than one bit at a time) and are useful in encrypting large amounts of data.

Cryptographic hash algorithms, which create short digests, or hashes, of the information being protected. These digests find use in many security applications including digital signatures (the development of which NIST also leads).

Key establishment, employed in public-key cryptography to establish the data protection keys used by the communicating parties.

Post-quantum cryptography, intended to be secure against both quantum and classical computers and deployable without drastic changes to existing communication protocols and networks.

Lightweight cryptography, which could be used in small devices such as Internet of Things (IoT) devices and other resource-limited platforms that would be overtaxed by current cryptographic algorithms.

Privacy-enhancing cryptography, intended to allow research on private data without revealing aspects of the data that could be used to identify its owner.

Digital Signatures, which is an electronic analogue of a written signature that provides assurance that the claimed signatory signed, and the information was not modified after signature generation.

Random Bit Generation, which is a device or algorithm that can produce a sequence of bits that appear to be both statistically independent and unbiased.

NIST also promotes the use of validated cryptographic modules and provides Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules through other efforts including: FIPS 140, Cryptographic Programs and Laboratory Accreditation Cryptographic Module Validation Program (CMVP), Cryptographic Algorithm Validation Program (CAVP), and Applied Cryptography at NIST's National Cybersecurity Center of Excellence (NCCoE).

What is Cryptography? Definition from SearchSecurity

Security

Search the TechTarget Network

Explore the Network

TechTarget Network

Networking

CIO

Enterprise Desktop

Cloud Computing

Computer Weekly

Security

Analytics & Automation

Application & Platform Security

Cloud Security

Compliance

Data Security & Privacy

What Is Cryptography? Definition & How It Works | Okta

Okta

Looks like you have Javascript turned off! Please enable it to improve your browsing experience.

Next Generation Authorization—Okta Fine Grained Authorization is here

+1 (800) 425-1267

Chat with Sales

United States

United KingdomFranceGermanyJapanNetherlandsAustraliaSingaporeKoreaSweden

Products

With flexibility and neutrality at the core of our Customer Identity and Workforce Identity Clouds, we make seamless and secure access possible for your customers, employees, and partners.

Free trial

Pricing

Customer Identity Cloud

Actions

Multifactor Authentication

Passwordless

Single Sign On

Universal Login

Explore Customer Identity Cloud

Workforce Identity Cloud

Single Sign On

Adaptive MFA

Lifecycle Management

Workflows

Identity Governance

Privileged Access

Explore Workforce Identity Cloud

Why Okta

Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered.

Your Goals

High-Performing IT

Optimized Digital Experiences

Identity-Powered Security

Innovation Without Compromise

Agile Workforces

Your Industry

Public Sector

Financial Services

Retail

Healthcare

Travel & Hospitality

Technology

Energy

Nonprofit

Ensuring Success

Okta AI

Okta Integration Network

For Small Businesses (SMBs)

Customer Success Stories

Okta Advantage

Trust

Developers

For Developers

Start building with powerful and extensible out-of-the-box features, plus thousands of integrations and customizations. Our developer community is here for you.

Customer Identity Cloud

Auth0 Marketplace

Developer Center

Community

Knowledge Base

Customer Identity Cloud Status

Workforce Identity Cloud

Okta Integration Network

Developer Center

Community

Knowledge Base

Workforce Identity Cloud Status

Resources

Resources and support

Okta gives you a neutral, powerful and extensible platform that puts identity at the heart of your stack. No matter what industry, use case, or level of support you need, we’ve got you covered.

Resources

Customer Case Studies

Events

Podcasts

Blog

Press Room

Analyst Research

Datasheets

Demo Library

Videos

Webinars

Whitepapers

Customer Success

Customer First Overview

Okta Community

Support Services

Professional Services

Expert Assist

Training

Certification

Find a Partner

Support

Help and Support

Product Documentation

Knowledge Base

Frequently Asked Questions

Customer Identity Cloud Status

Workforce Identity Cloud Status

Free trial

Questions? Contact us:

1 (800) 425-1267

Identity 101

What Is Cryptography? Definition & How It Works

Learn how Adaptive Multi-Factor Authentication combats data breaches, weak passwords, and phishing attacks.

Okta

Updated: 04/21/2022 - 12:27

Time to read: 9 minutes

Modern cryptography is a method of sending and receiving messages that only the intended receiver and sender can read — to prevent third-party access. It often involves encryption of electronic data, which commonly creates ciphertext by scrambling regular text. Then, it uses a decryption key of some form to return it to readable format on the receiving end. Cryptography can involve either a symmetric key system, which is the simplest, or an asymmetric key system, which is typically more secure. Cryptography provides methods for secure communication and electronic data that malicious adversaries cannot read, interpret, or access.

What is cryptography?

Cryptography is used to keep messages and data secure from being accessible to anyone other than the sender and the intended recipient. It is the study of communications and a form of security for messaging. Ultimately, cryptography can keep data from being altered or stolen. It can also be used to authenticate users. Cryptography often uses encryption and an algorithm to keep electronic data and messages secure and only readable by the intended parties. Cryptography has been around for centuries. The term itself comes from the Greek word kryptos, which translates to hidden. Today, cryptography is based on computer science practices and mathematical theory.

Types of cryptography

There are two main types of cryptography used for digital data and secure messages today: symmetric cryptography and asymmetric cryptography. Hash functions, a third type, doesn’t involve use of a key.

Symmetric cryptography: This is one of the most commonly used and simplest forms of encrypting and decrypting electronic data. It is also called secret-key or private-key cryptography. With symmetric cryptography, both the sender and the recipient will have the same key. This key is used to encrypt messages and data on one end and then decrypt it on the other end. Before communications begin, both parties must have the same secret key. Symmetric cryptography is fast, easy to use, and best suited for transmitting large amounts of data or for bulk encryption. The issue with this form of cryptography is that if a third party gets the secret key, they too can read and decrypt the data or messages. There are two main forms of symmetric encryption algorithms: stream and block algorithms.

Stream algorithm: This type encrypts the data while it is being streamed; therefore, it is not stored in the system’s memory. One of the most popular stream ciphers is the RC4 (Rivest Cipher 4), which encrypts messages one byte at a time.

Block algorithms: This type encrypts specific lengths of bits in blocks of data using the secret key. The data is held within the system’s memory while blocks are completed. The Advanced Encryption Standard (AES) is the most commonly used symmetric algorithm. Blocks of 128-bit data are encrypted and decrypted using cryptographic keys of 128, 192, and 256 bits. The AES is FIPS (Federal Information Processing Standards) approved under guidance from NIST (National Institute of Standards and Technology).

Asymmetric cryptography: This is also called public-key cryptography, and it involves the use of two different keys. A public key is distributed widely to everyone to encrypt data. This key is required to send messages and encrypt them. A sender can request the public key for the recipient to encrypt the data. Then, it will require the private key, which is kept secret, to decrypt the message. The key pair of the private and public key are mathematically related. Both keys are needed to perform operations, send and receive encrypted data and messages, and access sensitive data. Asymmetric cryptography needs higher processing and longer keys, with pieces of data that are smaller than the key; therefore, is often used on a smaller scale. Asymmetric and symmetric cryptography can be used together in a cryptosystem. Asymmetric cryptography can be used to encrypt symmetric keys, for example, while the symmetric cryptography is used to transmit or encrypt larger amounts of data.

Hash functions: This is a third type of cryptography that does not use a key. It uses a fixed length hash value based on the plain text message. This can then be used to ensure that the message has not been altered or compromised. Hash functions add an extra layer of security, as the hashed output can’t be reversed to reveal the data that was originally input.

What is cryptography used for?

The intention of cryptography is to keep data and messages secure and inaccessible to potential threats or bad actors. It is often working behind the scenes to encrypt and decrypt data you are sending through social media, applications, interactions on websites, and email. Symmetric cryptography can be used for these purposes:

Card transactions and payment applications

Random number generation

Signature verification to ensure the sender is who they claim to be

Asymmetric cryptography can be used for the following purposes:

Email messages

SIM card authentication

Web security

Exchange of private keys

Key principles of cryptography

Cryptography strives for private communications and data security to protect digital information from being altered, accessed, or read by anyone other than those with legitimate access. These are key principles of cryptography:

Confidentiality: The basis of cryptography relies on the information being kept private and confidential from third-party or malicious adversaries. Confidentiality agreements contain specific guidelines and rules that are meant to ensure that information is restricted, secure, and only accessible to certain people or within certain arenas.

Encryption: Encryption is what converts readable data into an unreadable form to protect the privacy as messages or data are sent between a sender and a receiver. This is typically done using an algorithm.

Decryption: The reverse of encryption is decryption, and this is returning the data to its original and readable form. Typically, this is performed using a specific key, which can be the same for encryption and decryption or require two different keys.

Data integrity: Data needs to stay consistent and accurate over its entire lifestyle, and data integrity can help to maintain this accuracy. Data cannot be altered anywhere in the communication path. It all needs to remain intact between the sender and the receiver.

Authentication: This is to determine that the message or data received is sent from the actual originator of the message. The sender is often required to verify that they are indeed the originator of the message received by the recipient.

Non-repudiation: This is the ability to ensure that the originator of a message or piece of data is unable to deny the authenticity of their signature. The use of digital signatures can prevent the originator or sender from denying their communication.

Best practices

Messages and data should always be encrypted to ensure privacy and security. The best practices for cryptography include using an entire cryptographic system, or cryptosystem, that regularly uses multiple forms of encryption to keep data and communications safe and secure. This system should have an easy-to-use interface along with strong cryptographic algorithms that conform to the industry’s best practices. For symmetric encryption, this means using AES with 128, 192, or 256-bit keys. For asymmetric encryption standards, it should include elliptical curve cryptography (ECC) and RSA. These are examples of files and data that should be encrypted and protected with cryptography:

Email and messages

Critical and sensitive files

Company data

Payment information

Personal identification details

Cryptographic methods need to be effective, but also user-friendly to ensure that they are actually going to be used as intended. Using encryption functions can also help to prevent the loss or theft of data even if the hardware itself is stolen or compromised. A strong cryptosystem should be able to hold up to the security community and not rely on security through obscurity. Instead, the system should be known, and the only thing kept secret and private are the actual keys. The public key can be publicized, but the secret or private key should be protected. These are methods for keeping your keys secure:

Do not store your encryption keys in clear text or along with the data that is encrypted.

Store your keys in a file system protected with strong access control lists (ACLs) while adhering to the principle of least privilege — access only to those who need it.

Use a second encryption key to encrypt your data encryption keys, generated using password-based encryption (PBE). A small number of administrators can use a password to generate a key to avoid storing the key in an unencrypted form within the system.

Use a tamper-resistant hardware appliance called a hardware security model (HSM) that can securely store keys. When data is needed to be decrypted, code can make an application programming interface (API) call to the HSM.

Key takeaways

Cryptography is a necessary form of cybersecurity that uses encryption methods to keep digital data and communications secure and out of the hands of potential threats or bad actors. Data protection is highly important in this digital era where so much information is stored on computers, in the cloud, and on the internet. Data security is important to businesses, industries, companies, and individuals alike. Cryptography is a form of securing digital data and messages often using special keys that only the sender and recipient have access to. Cryptography uses mathematical systems and algorithms to encrypt and decrypt data. Symmetrical cryptography uses the same key for both encryption and decryption. It can quickly encrypt and decrypt data, and it is easy to use. It can also be compromised if a third party gains access to the key, however. It is important to keep your data encryption keys safe and secure. Sending your encryption key in a plain text form along with your encrypted message, for example, is similar to leaving your front door key in plain sight in front of your locked door. Keep your keys safe to keep your data safe. Asymmetrical cryptography is a step further than symmetrical cryptography, using different keys for encryption and decryption. The encryption key is “public,” and everyone has access to it. The decryption key is kept “private,” and only intended recipients can have access to this secret key. While this adds an extra layer of security, it can also take longer to encrypt and decrypt data, so it is regularly used for smaller bits of data. A strong cryptosystem often uses multiple forms of encryption and cryptographic methods to keep digital data private and secure from adversaries. Cryptography is a vital component of digital security.

References

Definition of ‘Cryptography.’ (January 2022). The Economic Times.

Security Component Fundamentals for Assessment. (2020). Security Controls Evaluation, Testing, and Assessment Handbook (Second Edition).

Advanced Encryption Standard (AES). (2001). National Institute of Standards and Technology (NIST).

Compliance FAQs: Federal Information Processing Standards (FIPS). (November 2019). National Institute of Standards and Technology (NIST).

Security and Privacy in the Internet of Things. (2016). Internet of Things.

Elliptical Curve Cryptography ECC. (June 2020). National Institute of Standards and Technology (NIST).

To connect with a product expert today, use our chat box, email us, or call +1-800-425-1267.

YouTube

Facebook

Twitter

Footer Navtane22

Company

About Us

Our Customers

Leadership

Investors

Careers

Events

Press Room

Partners

Responsibility

Okta for Good

Diversity, Inclusion & Belonging

Starting with Okta

The Okta Advantage

Customer Identity Cloud

Workforce Identity Cloud

Free Trial

Pricing

Contact Sales

Trust

Accessibility

Help & Support

Help and Support

Frequently Asked Questions

Customer Identity Cloud Status

Workforce Identity Cloud Status

Footer utility Navtane22

Site Terms

Security

Sitemap

Cookie Preferences

Your Privacy Choices

Footer utility Navtane22

Site Terms

Security

Sitemap

Cookie Preferences

Your Privacy Choices

United States

United KingdomFranceGermanyJapanNetherlandsAustraliaSingaporeKoreaSweden

Access Denied

You don't have permission to access "http://www.linode.com/docs/guides/what-is-cryptography/" on this server.

Reference #18.c64d2501.1710270813.30a1fb96

imtoken钱包下载app 数字资产服务平台

比特派安卓怎么下载|cryptographic

What is Cryptography? Definition, Importance, Types | Fortinet

Cryptography - Wikipedia

What is cryptography? | IBM

ISO - What is cryptography?

What is Cryptography?

What Is Cryptography and How Does It Work? | Synopsys

Cryptography | NIST

What is Cryptography? Definition from SearchSecurity

What Is Cryptography? Definition & How It Works | Okta

Access Denied

imtoken钱包下载app
数字资产服务平台