This document explains cryptography from the most general concepts

When systems communicate over a network, there are three major security concerns:

• Confidentiality
• Integrity
• Authenticity

These concerns are solved using cryptography.

Confidentiality means:

Only authorized parties can read the data.

Example:

Alice sends a password to Bob.

Without protection:

Alice ---- Internet ---- Bob
                ^
             Attacker

The attacker can read the message.

Solution:

Encryption

Integrity means:

Data was not modified during transmission.

Example:

Original:

Transfer $100

Modified by attacker:

Transfer $10000

Solution:

Digital Signatures

Authenticity means:

Verify who actually sent the message.

Example:

Someone claims to be your bank.

How do you know it is really your bank?

Solution:

Digital Signatures
Certificates

Cryptography is the science of protecting information.

Main categories:

Cryptography
│
├── Encryption
│
└── Digital Signatures

Encryption protects:

Confidentiality

Goal:

Prevent unauthorized people from reading data.

Process:

Plain Text
    ↓
Encrypt
    ↓
Cipher Text
    ↓
Decrypt
    ↓
Plain Text

Example:

Hello World

may become:

A83D91F22C...

Only someone with the correct key can recover the original message.

A key is a secret value used by cryptographic algorithms.

Example:

Message:
Hello

Key:
abc123

Analogy:

House Key

Without key:

Cannot open the door.

With key:

Can open the door.

There are two major cryptographic models.

Cryptography
│
├── Symmetric Cryptography
│
└── Asymmetric Cryptography

Symmetric cryptography uses:

ONE SECRET KEY

for both encryption and decryption.

           Secret Key
               |
       ----------------
       |              |
    Encrypt       Decrypt

Alice and Bob share the same secret key.

Secret Key = abc123

Encryption:

Encrypt("Hello", abc123)

Decryption:

Decrypt(ciphertext, abc123)

Same key is used for both operations.

Think about a locked box.

Key
 ↓
Lock Box
 ↓
Unlock Box

The same key locks and unlocks the box.

• Fast
• Efficient
• Easy to implement

The key must be shared securely.

Problem:

Alice ---- Secret Key ---- Bob

If attacker obtains the key:

Attacker can decrypt everything.

• AES
• ChaCha20
• DES (legacy)

Asymmetric cryptography uses:

TWO KEYS

A key pair:

Public Key
Private Key

These keys are mathematically related.

Public key can be shared freely.

Example locations:

• Websites
• Certificates
• API documentation

Anyone may know the public key.

Private key must remain secret.

Only the owner should possess it.

If leaked:

Security is compromised.

Provides:

Confidentiality

Public Key  → Encrypt

Private Key → Decrypt

Alice owns:

Public Key
Private Key

Bob wants to send a secret message.

Bob:

Encrypt(message, Alice Public Key)

Alice:

Decrypt(message, Alice Private Key)

Anyone can encrypt.

Only owner can decrypt.

Digital signatures solve:

• Integrity
• Authenticity

Private Key → Sign

Public Key  → Verify

Server signs a document.

Document
   ↓
Sign with Private Key
   ↓
Signed Document

Verification:

Signed Document
   ↓
Verify with Public Key
   ↓
Valid or Invalid

Only owner can sign.

Everyone can verify.

Goal:

Hide data

Workflow:

Public Key  → Encrypt

Private Key → Decrypt

Question answered:

Can someone read this?

Goal:

Verify authenticity

Workflow:

Private Key → Sign

Public Key  → Verify

Question answered:

Did this really come from the owner?