5.11.1 What Is Cryptography and Why Is It Important?
- What Is Cryptography?
- Why Is Cryptography Necessary?
- What Security Services Does Cryptography Provide?
- Is Cryptography the Same as Encryption?
- What Is Encryption?
- What Is a Cipher?
- How Has Cryptography Changed Over Time?
- What Is the Difference Between Symmetric and Asymmetric Cryptography?
- Why Doesn't Everyone Use Public-Key Encryption?
- Where Is Cryptography Used?
- Can Cryptography Be Broken?
- Why Is Quantum Computing a Concern?
Description
Explore how cryptography protects information against eavesdropping, tampering, and impersonation. Learn how encryption, authentication, integrity checking, and digital signatures provide the foundation for secure communications across the Internet and modern digital networks.
Introduction
Every day, billions of people use cryptography without realizing it. Whenever we log into online banking, purchase goods over the Internet, send an email, unlock a smartphone, or watch encrypted streaming video, cryptographic techniques are working behind the scenes to protect our information. Without cryptography, modern electronic commerce, cloud computing, mobile communications, and much of the Internet simply could not function safely.
Although cryptography is often associated with secret codes and military intelligence, its role has expanded enormously over the past few decades. Today, it is a fundamental technology that protects not only confidential information but also digital identities, financial transactions, software updates, medical records, industrial control systems, and government communications.
At its heart, cryptography is concerned with one simple objective: ensuring that information remains secure even when transmitted across insecure communication channels.
What Is Cryptography?
Cryptography is the science and engineering of protecting information by transforming it into a form that can be understood only by authorized users.
The word comes from two Greek words: kryptos — hidden or secret and graphein — to write. Literally, cryptography means "secret writing”.
Modern cryptography, however, is much broader than simply hiding messages. It encompasses the mathematical techniques used to secure information throughout its entire lifecycle—from its creation and storage to its transmission and eventual use.
Today, cryptography provides mechanisms for:
- keeping information confidential;
- verifying the identity of users and systems;
- detecting unauthorized modification of data;
- proving who created a message;
- securely exchanging encryption keys; and
- establishing trust between parties that have never previously communicated.
It is therefore one of the fundamental enabling technologies of modern digital communications.
Why Is Cryptography Necessary?
Communication networks are inherently insecure.
Whenever information travels across a communication channel, numerous threats may exist. An attacker may attempt to:
- intercept the information;
- modify it during transmission;
- impersonate one of the communicating parties;
- replay previously transmitted messages;
- or prevent legitimate users from accessing the system.
Historically, these threats required physical access to communication media. Today, because most communications pass through shared networks such as the Internet, attacks can originate from anywhere in the world.
Cryptography provides the tools needed to protect information against these threats.
What Security Services Does Cryptography Provide?
Modern information-security standards identify several fundamental security services.
Confidentiality
Confidentiality prevents unauthorized people from reading information.
This is the purpose most people associate with encryption.
Even if an attacker intercepts the transmitted data, the information remains unintelligible without the appropriate cryptographic key.
Examples include:
- encrypted email;
- secure messaging applications;
- virtual private networks (VPNs);
- online banking.
Integrity
Integrity ensures that information has not been modified.
A single altered bit may completely change the meaning of a financial transaction or software update.
Cryptographic techniques allow the receiver to determine whether any alteration has occurred during storage or transmission.
Authentication
Authentication verifies identity. It answers questions such as:
- Is this really my bank?
- Is this software update genuine?
- Did this email really originate from the claimed sender?
Authentication prevents attackers from masquerading as legitimate users or systems.
Non-Repudiation
Non-repudiation prevents someone from later denying that they created or approved a message.
Digital signatures provide this capability and are widely used for:
- electronic contracts;
- software distribution;
- legal documents;
- financial transactions.
Availability
Although availability is not provided directly by encryption, it forms part of the broader information-security framework.
Information must remain accessible to authorized users when required.
Protecting systems from denial-of-service attacks, equipment failures, and accidental damage contributes to overall security.
Is Cryptography the Same as Encryption?
No.
This is one of the most common misunderstandings. Encryption is only one application of cryptography. Cryptography includes many other techniques, including:
- cryptographic hash functions;
- digital signatures;
- message authentication codes;
- public-key infrastructures;
- key-management systems;
- secure key exchange;
- random-number generation.
Encryption protects confidentiality.
The other techniques provide authentication, integrity, trust, and secure key management.
What Is Encryption?
Encryption transforms readable information—known as plaintext—into an apparently random sequence called ciphertext.
The transformation is controlled by an encryption key. Only someone possessing the correct key can recover the original information through decryption. A simplified communication system therefore consists of:
Plaintext → Encryption → Ciphertext → Transmission → Decryption → Plaintext
If the correct key is unavailable, recovering the original message should be computationally impractical.
What Is a Cipher?
A cipher is the mathematical algorithm that performs the encryption and decryption processes.
The cipher itself is usually public knowledge. Modern cryptographic systems do not rely upon keeping the algorithm secret. Instead, security depends entirely upon the secrecy of the cryptographic key.
This design philosophy is known as Kerckhoffs's Principle, first proposed during the nineteenth century: A cryptographic system should remain secure even if everything about the system, except the key, is public knowledge.
Virtually every modern encryption standard follows this principle.
How Has Cryptography Changed Over Time?
For thousands of years, cryptography consisted mainly of handwritten substitution and transposition ciphers.
Examples include:
- the Caesar cipher;
- monoalphabetic substitution;
- the Vigenère cipher.
These methods provided modest protection but were eventually broken through careful statistical analysis. The invention of computers transformed cryptography.
Instead of manipulating letters, modern algorithms manipulate binary digits using sophisticated mathematical operations involving:
- modular arithmetic;
- finite fields;
- matrix operations;
- number theory;
- elliptic curves.
As computing power increased, cryptography evolved from an art into a rigorous branch of applied mathematics and computer science.
What Is the Difference Between Symmetric and Asymmetric Cryptography?
Modern cryptography is generally divided into two major branches.
Symmetric Cryptography
Both users share the same secret key. The same key performs both encryption and decryption.
Examples include:
- AES;
- ChaCha20.
Symmetric systems are extremely fast and are used to encrypt almost all large volumes of data.
Asymmetric Cryptography
Different keys are used for encryption and decryption. One key—the public key—may be distributed openly. The second—the private key—is kept secret.
Examples include:
- RSA;
- Elliptic Curve Cryptography (ECC).
Public-key systems solve the difficult problem of securely exchanging encryption keys over insecure communication channels.
Why Doesn't Everyone Use Public-Key Encryption?
Public-key cryptography is computationally much slower than symmetric encryption.
Consequently, modern secure communication systems combine the two approaches. Typically:
- Public-key cryptography establishes a secure session key.
- Symmetric encryption protects the actual data.
This hybrid approach combines:
- the efficiency of symmetric encryption;
- the convenience of public-key key exchange.
Nearly every secure Internet protocol operates in this manner.
Where Is Cryptography Used?
Cryptography underpins almost every aspect of modern digital life.
Applications include:
- Internet banking;
- electronic commerce;
- mobile-phone networks;
- Wi-Fi security;
- virtual private networks;
- cloud computing;
- digital television;
- satellite communications;
- software distribution;
- cryptocurrencies;
- electronic passports;
- secure government communications.
Most users interact with cryptography hundreds of times each day without realizing it.
Can Cryptography Be Broken?
No cryptographic system is absolutely secure forever.
Its security depends upon several factors:
- the strength of the underlying mathematics;
- the length of the encryption key;
- correct implementation;
- proper key management;
- advances in computing technology.
Historically, many systems failed because of implementation mistakes rather than weaknesses in the underlying mathematics.
Modern algorithms such as AES remain secure because no practical attack significantly faster than exhaustive key search is currently known.
Why Is Quantum Computing a Concern?
Many widely used public-key algorithms rely upon mathematical problems that are extremely difficult for conventional computers.
Large-scale quantum computers could solve some of these problems dramatically faster. Consequently, researchers are developing post-quantum cryptography—new algorithms believed to remain secure even in the presence of future quantum computers.
This represents one of the most active areas of cryptographic research today.
Summary
Cryptography is the science of protecting information against unauthorized access, modification, and impersonation. Although encryption is its most familiar application, modern cryptography also provides authentication, integrity, digital signatures, secure key exchange, and trust management.
Virtually every secure communication system—from online banking and mobile phones to satellite communications and cloud computing—depends on cryptographic techniques. As communications continue to evolve and new threats emerge, particularly from quantum computing, cryptography remains one of the most important enabling technologies of the digital age.
Back to reading