Cryptology 101: Encryption

Hello!
Welcome to my Cryptology 101 article!

Today I would like to describe encryption techniques and introduce distinction arbitrage between such complex and mixed terms: cryptology vs. cryptography, public vs. private key cryptography, or stream and block ciphers (with a limited amount of math!).

We will also learn how to distinguish between ciphers and codes and answer the question: is cryptology a science? 😉

First things first – let’s settle establish who is who in cryptology: encryption section!

You are more than welcome to read and ask any questions you want!

Cryptology vs. cryptography

As I mentioned in CryptoPy: Caesar Cipher aka Shift Cipher in Python history of ciphers is more protracted than anybody could’ve expected. Cryptology (from Ancient Greek: κρυπτός, romanized: kryptós “hidden, secret”; and γράφειν graphein, “to write”, or -λογία -logia, “study”). So – cryptology is a study about ciphers and can be divided into two subtopics: cryptography and cryptanalysis.

Where is the line between them? Hard to say. Without a doubt, cryptanalysis is all about analysis (what a coincidence) – we are focusing on different types of attacks – the intent is to break the cipher.

As we can read in Colin’s Percival, “Cryptography is a science, not engineering” (we will discuss if further):

I recommend a more modern approach to cryptography — which means studying the theory and designing systems which you can prove are secure.

Cryptography is a science, not engineering – Colin Percival

So cryptography is about securing – we are focusing on building ciphers.

And this approach I was taught – cryptography is about building (securing), and cryptanalysis is about attacking (breaking). And cryptology is a mother of those two feuding brothers (being a science about ciphers).

Is cryptology a science?

Bruce Schneier, one of the most recognized modern cryptographers, is actually a living LEGEND in cryptology published on his site article title “Is Cryptography Engineering or Science?”

He took into consideration Colin’s Percival article (mentioned above) and Thomas Ptacek’s tweet saying

If you’re not learning crypto by coding attacks, you might not actually be learning crypto

Thomas Ptacek’s tweet – Twitter

To answer a question stated in the title of the article. I’ll agree with Schneier that:

Traditional cryptography is a science — applied mathematics — and applied cryptography is engineering.

Is Cryptography Engineering or Science? – Bruce Schneier

So both statements are factual – cryptology IS science and IS engineering.
Is it that simple? Not really, but as Schneier says:

Lots of people have said: “In theory, theory and practice are the same. But in practice, they are not.” It’s true about cryptography. If you want to be a cryptographer, study mathematics. Study the mathematics of cryptography, and especially cryptanalysis. There’s a lot of art to the science, and you won’t be able to design good algorithms and protocols until you gain experience in breaking existing ones. If you want to be a security engineer, study implementations and coding. Take the tools cryptographers create, and learn how to use them well.

Is Cryptography Engineering or Science? – Bruce Schneier

Encryption, decryption and encoding

From now, knowing what cryptology is and is not, we can focus on ciphers. What kind of ciphers do we have?

My previous article related to cryptography, CryptoPy: Caesar Cipher aka Shift Cipher in Python, described Caesar Cipher – a simple implementation of shift cipher, which is part of classic cryptography.

The difference between classic and modern cryptography are shown in the other article (not published yet) @placeholder.

I would like to focus on modern cryptography.

What is encryption vs. decryption? Encryption is a process (or mathematical function if we want to be strict) transforming messages (plain text) into ciphertext using a key. Decryption is basically the reverse process of transforming ciphertext into the original message (also using a key).

Why is a key so important? Without a key, transforming one text into another is just an encoding, so we can, e.g., base64 encode a text, and base64 decode it, but the transformation is ALWAYS the same, so base64(abc) ALWAYS equals to YWJj==. With encryption, the result depends on a key, so it is crucial for the encryption process (and provides confidentiality ).

In short: encoding is transforming a message into another form (without a key); encryption maintains data confidentiality and requires the use of a key.

Public-key vs. private key

Knowing all that, we can focus on ciphers. We can differentiate two groups of ciphers: private key cryptography (aka symmetric cryptography) and public-key cryptography (asymmetric cryptography).

What is the difference between them? Actually, it is pretty straightforward!

• Private key cryptography uses (one – symmetric) private key for BOTH encryption and decryption.
• Public-key cryptography uses pair of keys (here is the asymmetry) – one for encryption and one for decryption.

And that’s it!

Symmetric cryptography (private key)

In modern cryptography, both message and ciphertext are viewed as a group of bits (0s and 1s).  

With that approach, we can divide symmetric ciphers into two groups: block ciphers and stream ciphers – stream ciphers operate on stream (what a surprise) of message (and key) bits, while block ciphers work with message blocks. How does it work under the surface? What does it mean?

Stream ciphers

Let’s take a look at a high-level stream cipher diagram:

Here we have Message M, Key K, Generator G, XOR (math operator), and Ciphertext C.

• Message M is a group of bits (let it be 10101),
• Key K – it’s going to be an input to Generator G,
• Generator G – transforms Key K into the stream of bits (generates streams based on the key)*,
• XOR – exclusive OR math operator,
• Ciphertext C – expected group of bits.

*Remember, it’s a high-level description. In real-life scenarios, “key” is the starting state of the generator.

And all magic in stream cipher is XOR – Exclusive or exclusive disjunction, which is a logical operation that outputs true only when inputs differ (one is true, the other is false).

It means that if we have a five-bit message, each bit is being XORed with a five-bit key (generator output), and the result is ciphertext. The same for decryption – five-bits ciphertext is XORed with a five-bits key, and the product is the original message!

How is it computed? Below you can find the XOR truth table:

Input A	Input B	Output
0	0	0
0	1	1
1	0	1
1	1	0

Let’s take a look at the example.

We would like to encrypt Message M (10101). Based on input (001), generator G provides output – 11001 (K). So:

	0	1	2	3	4
Message M	1	0	1	0	1
Key K	1	1	0	0	1
Result ⊕	0	1	1	0	0

Ciphertext C = M⊕G(K) = 10101⊕11001 = 01100

What about decryption?

	0	1	2	3	4
Message M	0	1	1	0	0
Key K	1	1	0	0	1
Result ⊕	1	0	1	0	1

Message M = C⊕G(K) = 01100⊕11001 = 10101

Stream ciphers are simple as that – they just XOR message stream with a key stream 😊

Block ciphers

On the other hand, block ciphers are much more complex. They are working on fixed-length groups of bits (blocks) – padded if needed. Most block ciphers consist of two paired algorithms – one for encryption and the other one for decryption.

On the high-level diagram:

Both Message M and Key K are divided into blocks, which are handed to the algorithm. Then in the “encryption black box,” magic happens, and the same amount of blocks as input (with the same length) is produced – and we have a ciphertext (so 128-bit message input provides 128-bit ciphertext).

Decryption works the same way – ciphertext is sliced into blocks, along with (the same!) symmetric key is transformed to original message M by “black box.”

What’s inside the black box? It is very complex and varies depends on the algorithm, but I promise to write more articles about block ciphers – stay tuned! 😊

Another good question is how to establish – exchange – keys. Key-exchange protocols are a significant part of cryptology knowledge – I’ll give it a full article in the future.

Also, please note that block ciphers can work in different modes of operation – this is be covered in the other art: Cryptology 101: Block Cipher Modes of Operation with Python example.

If you are asked to list block ciphers, here are a few you better memorize:

• AES – Advanced Encryption Standard,
• DES – Data Encryption Standard,
• 3DES – Triple DES,
• Serpent,
• Twofish.

Asymmetric cryptography (public-key)

As I mentioned above, asymmetric in asymmetric cryptography refers to the key pair.

In most algorithms, we have two keys – a public key and a private key (that’s why it is also known as public-key cryptography).

The public key can be distributed publicly (what a shock!), and the private one must be kept secret!

Why? Because the keys in the key pair correspond to each other – the public key is designed for encryption (messages FROM others TO us), and the private key is used to decrypt the ciphertext (FROM others BY us).

There is no way to use a public key (for encryption) to decrypt the data – there is strong and complex math proving it!

This is demystified in another article – Textbook RSA – asymmetric encryption with Java, now let’s focus on the concept.

Let’s consider this textbook situation:

Alice and Bob live in the asymmetric cryptography world (just like us), and they know each other public keys.

Alice wants to proclaim her love to him secretly. She has written a letter, but how can she protect it before sending it?

That’s where the public key cryptography comes into play!

Alice will write a love letter (message) to Bob, and:

1. Alice is taking Bob’s public key
2. She will use his public key to encrypt the message
3. The message is encrypted and sends to Bob

I’m delighted to announce that Bob also has a crush on Alice, so:

4. He uses his private key to decrypt the message
5. Reads the message, and the next day he asks Alice for a date!

What would happen if somebody between Alice and Bob would intercept the message? Can he or she read or change the message knowing Bob’s public key?

The answer is: No, the message is safe. By the power of applied mathematics, it is protected, and only the owner of the private key can retrieve the message. 😉

Asymmetric cryptography is an immensely expanded topic – it can also be used for digital signatures, fingerprinting, PKI, and many others – and I would like to invite you to discover them together in future articles!

The most popular asymmetric cryptosystem is RSA – you better memorize it 🙂

Summary

I know this one was full of theory, but… as Schneier mentioned: “In theory, theory and practice are the same. But in practice, they are not.”. Now it was time for some theory, then it’ll be time to present more practice.

I really enjoy writing about anything related to cryptology! There is so much more to describe and discover, so I strongly encourage you to follow my blog and stay tuned – some crypto-related stuff (with practical examples and appliances) is going to appear here sooner or later – stay tuned. 😊

Soon, I’m planning to write about:

• Textbook RSA – asymmetric encryption with Java,
• AES on Android – how to encrypt your messages with NIST approved algorithm.

If you are mostly interested in reading that – feel free, and do not hesitate to contact me!

Reference list:

1. Cryptography is a science, not engineering – Colin Percival
2. Thomas Ptacek’s tweet – Twitter
3. Is Cryptography Engineering or Science? – Bruce Schneier
4. Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition – Bruce Schneier
5. Introduction to Cryptography with Coding Theory, 3rd Edition – Wade Trappe, Lawrence C. Washington
6. Modern Cryptography: Applied Mathematics for Encryption and Information Security – Chuck Easttom

Check out related posts: