The field of cryptology includes both the study of and practice of securing information in the presence of untrusted third parties or adversaries. Specifically, it is focused on creating and analyzing the protocols used to subvert attempts by adversaries to gain access to or interrupt the flow of information between trusted parties. Specific focus areas of cryptology include data confidentiality, authentication, non-repudiation, and data integrity. The modern-day field of study has grown to include advanced applications from the computer science, math, and electrical engineering disciplines. Applications include secure communications, eCommerce, network and computer passwords, and debit and credit cards.
Evolution of Cryptology
Prior to the computer age, the field of cryptology primarily focused on encrypting and decrypting messages. This would consist of transforming readable information or cleartext into unreadable ciphertext. The method of decoding the message would have to be shared with the intended recipient in order to decode the information.
Starting with World War I and throughout the computer age, the methods to conduct cryptology have increased in complexity. The applications for the technology have grown from only being used by militaries and security agencies of national governments to now be used daily by the average consumer in a multitude of applications.
The modern field of cryptology has grown dependent on advanced mathematical theory and implementation within the computer science field of study. Modern algorithms are based upon the computational hardness assumption which results in it being very difficult for an adversary to crack ciphertext in practice.
Due to the continued improvement in computing technology focused on speed and increased capacity for instruction processing, cipher algorithms must continually be improved to keep data secure. Another issue that arises with the improvements in computer technology is the difficulty to implement new or emerging algorithms without inadvertently introducing security flaws into the cipher system.
In order to understand how the field of cryptology impacts daily life, it is necessary to understand a number of terms associated with the field that are not necessarily intuitive to understanding for the non-technical reader.
ciphertext and a cryptanalyst will use cryptanalysis to attempt to turn that ciphertext back into plaintext.
Plaintext – Plaintext, or cleartext, is the term used for information or data that will be encrypted or decrypted through the use of a cipher algorithm. Plaintext can refer to both the written word or multimedia files and is the “normal” or “natural” state of information.
Ciphertext – The output of an encryption cipher is referred to as ciphertext. The text is typically un-readable by a person or a computer. When the inverse of the appropriate encryption algorithm is applied to ciphertext, the resulting output is the original plaintext.
Encryption – The transformation of plaintext information (normal writing or data) into ciphertext, or indecipherable information.
Decryption – The reverse of encryption. Decryption reverses the encryption operation and transforms ciphertext into cleartext.
Cipher – The device or computer program that is responsible for transforming plaintext into ciphertext as well as completing the inverse operation. A cipher is based on an algorithm designed for encryption or decryption and may or may not require the use of a secret key.
Key – A key, or secrety key is known only to the individuals or systems that are exchanging encrypted information with each other. The key must only be known to the parties exchanging data and typically consists of a string of characters that vary in length depending on the algorithm in use by the cipher.
Cryptosystem – A cryptosystem includes the list of required elements for a functioning system to include encryption and decryption algorithms, a finite set of possible keys, and plaintext inputs, and resulting cypher text outputs. The encryption and decryption algorithms can be implemented via hardware, software, or a combination of the two. Modern cryptosystems include the ability to conduct additional procedures such as data integrity validation and authentication.
Cryptanalysis – The study of the methods or techniques for cracking or determining the meaning of ciphertext without access to the secret key used to encrypt the information.
Cryptography – Commonly used in a military setting to refer to the use of cryptographic techniques using the combined fields of cryptography and cryptanalysis.
Cryptolinguistics – The study of the various characteristics of languages to include patterns, letter combinations, and frequency data. Cryptolinguistics is commonly used in the cryptanalysis field of study to help crack or break cryptosystems.
At its inception, cryptology was primarily concerned with helping to ensure message confidentiality through the act of encrypting messages or information by a message sender. The receiving agent would then decipher or decrypt the message through the use of a secret key and/or knowledge of the cipher being used. This form of cryptology is commonly used in military, diplomatic, and espionage circles. Since that time, the field has continued to expand to include advanced techniques capable of confirming the identity of message senders and receivers, data integrity validation, secure computation, and digital signatures.
Classic Cryptology Origins
As the rate of literacy arose in ancient times, the need for encrypting the written word became essential for nation states to effectively conduct military operations and diplomacy. From this need arose what is referred to today as the classic ciphers. These cipher types were predominantly based on transposition ciphers that would reorder the letters or characters in a message, substitution ciphers that would replace either individual or groups of letters in a message with alternative letters, and hiding messages.
One of the first documented uses of substitution ciphers was the Caesar cipher where every letter included in the plaintext was subsequently replaced by another letter set to a fixed number of positions down the alphabet. Caesar is reported to have used the cipher for private communications with his generals in the field.
In ancient Greece, the use of cryptology was used by the government and military. There is documented use of the scytale transposition cipher, steganography, and concealing messages on the shaved head(s) of slaves via tattoo.
One of the first discovered uses of a cryptology; however, is ciphertext found carved on stone in Egypt from around 1900 BC. It is debatable on whether this example was actually used for commercial or military purposes, or if simply done as a demonstration. Almost 1500 years later, the Kama Sutra (approximately 400 BC) mentioned cryptology as a means for lovers to communicate with each other without being discovered.
In 9th Century, Arab mathematician Al-Kindi made the discovery of frequency analysis. This discovery made it possible to analyze ciphertexts to leverage statistical information about the plaintext in order to crack or break the cipher. He would go on to write about his discovery and the field of cryptology in his book, Risalah fi Istikhraj al-Mu’amma (English Translation: Manuscript for the Deciphering Cryptographic Messages).
From this point onwards, almost all ciphers would be vulnerable to cryptanalysis using Al-Kindi’s methods until the polyalphabetic cipher was invented (or reinvented) in approximately 1467 by Leon Battista Alberti. His invention was to make use of different cipher types or ciphers for different components of a message. He also created one of the world’s first automatic cipher devices that made use of a keyword which helped control the letter substitution of the cipher.
Over the years, there have been a number of aids or physical devices invented to assist with the cipher process dating to ancient Greeks. Thomas Jefferson quietly invented a multi-cylinder cipher which was subsequently invented independently by Vazeries in 1900. During the early 20th Centery, there were a number of rotor-based machines created to aid in cryptology to include the German Enigma machine used from the late 1920s throughout World War 2. As a result of the improved complexity of encryption introduced by the machines, it subsequently became more difficult to crack encryption schemes after World War 1.
History of Cryptology in the Computer Era
During World War 2, cryptanalysis of the mechanical devices used to encrypt information for the Axis Powers was both hard and time intensive. As a result, the Allied Powers invested significant effort in developing more efficient methods for conducting repetitive tasks required during analysis of ciphertext. As a result, the first fully digital, programmable computer was developed to aid in the decryption of ciphertext created by the German Army’s Lorenz SZ40/42 machines, the Colossus.
From this time forward, computers have been used not only to help break ciphertext, but to also create more complex cipher algorithms. Computers also make it possible to encrypt and decrypt any type of information to include binary information and multimedia files.
As computer technology has continued to mature and increase in capability over the past several decades, the field of cryptology has expanded into the commercial realm. Today, credit cards are capable of including 3 x 5 mm chips that embed public key cryptology capabilities in addition to eCommerce being secured through the use of online cryptology.
The Development of Modern Cryptology
The study of cryptology in the modern day covers several focus areas to include symmetric key cryptology, asymmetric key ciphers, and public key cryptology.
Symmetric Key Cryptology
The primary basis behind symmetric key cryptology is that the encryption method requires both the sending and receiving station or person to use the same encryption/ decryption key (or keys that are related in a computationally relevant manner). Until the mid-1970’s, this was the only variant of cryptology that was known in the public domain.
A symmetric key cipher is either implemented as a stream or block cipher. The block implementation will take blocks of plaintext as input (vice single characters like the stream implementation) and produce blocks of ciphertext as output. Two of the best-known examples of symmetric key ciphers are the Advanced Encryption Standard (AES) and the Data Encryption Standard (DES). DES served as the official government standard for encryption until the implementation and adoption of AES. Despite being deprecated, the more advanced versions of DES (triple DES) remains in use today across a wide variety of applications to include secure remote access, email privacy, and ATM encryption.
A stream cipher will create a long stream of key material that when combined with plaintext will function similar to a one-time pad. The output stream is created based on the internal state of the cipher that is kept hidden and changes over time. The internal state will normally be setup using secret key material.
Cryptographic Hash Functions
A cryptographic hashing function is another type of algorithm used today. The hash function is capable of taking a message of varying length for its input and subsequently output a fixed length hash that can be used in a variety of ways to include digital signatures. For a hash function to be considered strong, there should not be two messages which produce the same hash output. MD5 is a strengthened version of MD4 that was previously used in industry. Additionally, the United States National Security Agency has created a secure hash algorithm called, SHA-1, that is more secure than MD5. To address insecurities, the SHA-2 family of hash functions is slowly being adopted with SHA-3 emerging as the new U.S. NIST standard.
Public Key Cryptography
One of the primary disadvantages of symmetric ciphers is that they require a key management system in order to securely use the cipher. Each of the communicating parties is required to have the appropriate bank or store of keys which creates overhead in order to securely share. As the number of required parties who need access to the system increases, the total number of keys also gets larger. The total number of keys required is equivalent to the square of the total number of network members in this type of system making it more complex to keep the keys both secret and distributed to the correct individuals or computers on the network.
In order to address this issue, Whitfield Diffie and Martin Hellman published a paper on public key cryptography in 1976. In this paper, they introduced the idea of PKI (also referred to as asymmetric key cryptography) that makes use of two different, but mathematically related keys referred to as the public and private key respectfully. In this system, the calculation of the private key is mathematically infeasible from the public key that is not kept secret.
In the PKI cryptosystem, only the private key is kept secret by the person or organization that it is created for. The public key is used to encrypt information, while the private key is used for decrypting data. After the publication of Diffie Hellman’s paper, a practical public key encryption system was created in 1973 by Ronald Rivest, Adi Shamir, and Len Adleman which subsequently became known as the RSA algorithm. Today, the system has become one of the most used throughout commerce and industry supporting both digital signatures as well as secure socket layer (SSL) web connections.