5.11.2 What Is the Difference Between Encryption and Cryptography?
- What Is Cryptography?
- What Is Encryption?
- Why Isn't Encryption Enough?
- What Security Services Does Cryptography Provide?
- What Is a Cryptographic Hash Function?
- What Is a Message Authentication Code?
- What Is a Digital Signature?
- What Is Key Management?
- What Is Public-Key Infrastructure?
- How Do Modern Secure Communication Systems Work?
- Why Is Encryption Still So Important?
- Where Is Cryptography Used?
- Why Do People Confuse Cryptography and Encryption?
- Why Is the Difference Important?
Description
Understand the relationship between cryptography and encryption. Learn why encryption is only one part of cryptography, and how hashing, authentication, key management, digital signatures, and public-key infrastructures work together to provide secure communications.
Introduction
The terms cryptography and encryption are often used interchangeably in newspapers, advertising, and even technical discussions. A messaging application may claim to use "advanced cryptography" when it simply encrypts messages, while another product may advertise "encryption" when it also provides authentication, digital signatures, and key management.
Although closely related, the two terms do not mean the same thing.
Encryption is one technique used within cryptography. Cryptography is the broader discipline concerned with protecting information against unauthorized disclosure, modification, impersonation, and other security threats. Encryption addresses only one of these objectives—keeping information confidential.
Understanding the distinction helps explain why modern secure communication systems employ much more than encryption alone. Secure Internet banking, online shopping, secure email, virtual private networks (VPNs), and mobile communications all rely upon a combination of cryptographic techniques working together.
What Is Cryptography?
Cryptography is the science and engineering of securing information.
It encompasses the mathematical methods used to protect information throughout its lifetime, whether it is stored on a computer, transmitted across a network, or processed by an application.
Modern cryptography provides mechanisms for:
- confidentiality;
- integrity;
- authentication;
- non-repudiation;
- secure key exchange;
- digital signatures;
- cryptographic hashing;
- secure random-number generation.
Encryption is only one component of this much broader discipline.
What Is Encryption?
Encryption is the process of converting readable information, known as plaintext, into an unreadable form called ciphertext.
The transformation is performed by an encryption algorithm, commonly called a cipher, together with an encryption key. Only someone possessing the appropriate key should be able to recover the original information through decryption.
A simplified encryption process is: Plaintext → Encryption → Ciphertext → Decryption → Plaintext
The objective is straightforward: Prevent unauthorized people from reading the information.
Encryption therefore provides confidentiality.
Why Isn't Encryption Enough?
Suppose Alice sends Bob an encrypted message.
Even if an attacker cannot read the message, several important questions remain unanswered.
- Did the message actually come from Alice?
- Has the message been altered during transmission?
- Has someone replayed an earlier message?
- Is Bob communicating with the genuine Alice or an impostor?
- Can Alice later deny sending the message?
Encryption alone cannot answer these questions.
Modern communication systems therefore require additional cryptographic techniques.
What Security Services Does Cryptography Provide?
Most information-security frameworks identify four primary security services.
- Confidentiality. Confidentiality prevents unauthorized disclosure of information. Encryption provides confidentiality.
- Integrity. Integrity ensures that information has not been modified. Cryptographic hash functions and message authentication codes allow receivers to detect even very small changes.
- Authentication. Authentication verifies identity, which is essential because encrypted information is of little value if its source cannot be trusted. It answers questions such as: Who sent this message? Is this website genuine? Is this software update authentic?
- Non-repudiation. Non-repudiation prevents a sender from later denying that they created or approved a message. Digital signatures provide this capability. They play an important role in electronic commerce and electronic legal documents.
What Is a Cryptographic Hash Function?
A hash function converts information of arbitrary length into a fixed-length value known as a hash, message digest, or fingerprint.
Unlike encryption:
- hashing is one-way;
- the original information cannot be recovered from the hash.
A good cryptographic hash possesses several important properties. It should be computationally infeasible to:
- determine the original message from the hash;
- find two different messages producing the same hash;
- predict how small changes affect the output.
Hash functions are widely used for:
- integrity checking;
- password storage;
- digital signatures;
- software verification.
What Is a Message Authentication Code?
A Message Authentication Code (MAC) combines a secret key with a cryptographic hash function.
The resulting value allows the receiver to verify both:
- message integrity;
- message authenticity.
Unlike ordinary hash functions, MACs require both communicating parties to share a secret key.
What Is a Digital Signature?
A digital signature provides proof that a particular individual or organization created a message.
Although it uses cryptographic algorithms, a digital signature is not encryption. Instead, it combines:
- a cryptographic hash;
- public-key cryptography;
- the sender's private key.
The receiver verifies the signature using the sender's public key.
Digital signatures provide:
- authentication;
- integrity;
- non-repudiation.
They are widely used for:
- electronic contracts;
- software updates;
- secure email;
- financial transactions.
What Is Key Management?
One of the greatest practical challenges in cryptography is not designing encryption algorithms but managing the cryptographic keys.
Key management includes:
- generating keys;
- distributing keys;
- storing keys securely;
- replacing compromised keys;
- destroying expired keys.
A mathematically perfect encryption algorithm becomes useless if attackers obtain the encryption key.
Consequently, key management is often considered the most important aspect of practical cryptography.
What Is Public-Key Infrastructure?
Public-Key Infrastructure (PKI) provides a framework for establishing trust between parties that have never previously communicated.
PKI includes:
- digital certificates;
- certificate authorities (CAs);
- certificate revocation mechanisms;
- trust hierarchies.
When a web browser displays the familiar padlock symbol, it is relying upon a public-key infrastructure to verify the identity of the website.
Without PKI, secure electronic commerce would be extremely difficult.
How Do Modern Secure Communication Systems Work?
Modern communication systems combine many cryptographic techniques.
For example, when a user visits a secure website:
- The website presents a digital certificate.
- The browser verifies the certificate.
- Public-key cryptography establishes a shared session key.
- Symmetric encryption protects the transmitted information.
- Message authentication codes verify integrity.
- Hash functions support authentication and certificate validation.
Although users often describe this process simply as "encryption," it actually involves many different cryptographic techniques working together.
Why Is Encryption Still So Important?
Despite its limitations, encryption remains one of the most important components of cryptography.
Without encryption:
- confidential information could be read by anyone intercepting communications;
- passwords and financial information would be exposed;
- online banking and electronic commerce would be impossible.
Encryption therefore remains the primary mechanism for protecting confidentiality.
Where Is Cryptography Used?
Cryptography appears throughout modern digital technology.
Examples include:
- Internet banking;
- secure websites;
- Wi-Fi security;
- mobile-phone networks;
- virtual private networks;
- cloud storage;
- encrypted messaging applications;
- software distribution;
- digital television;
- satellite communications.
Most users encounter cryptographic systems many times each day without realizing it.
Why Do People Confuse Cryptography and Encryption?
Historically, encryption was the most visible aspect of cryptography.
Classical cryptography consisted almost entirely of substitution and transposition ciphers used to conceal messages. Modern cryptography has expanded far beyond this traditional role. Today, encryption represents only one part of a much broader security framework.
Consequently, all encryption is cryptography, but not all cryptography is encryption. This distinction is fundamental to understanding modern information security.
Why Is the Difference Important?
Recognizing the distinction between cryptography and encryption helps explain how modern secure communication systems actually work.
Encryption protects confidentiality, but secure systems also require authentication, integrity protection, digital signatures, secure key management, and trusted certificate infrastructures. Together, these techniques enable users to communicate securely across networks that may be completely untrusted.
Understanding this broader perspective provides the foundation for studying the remainder of modern cryptography.
Summary
Cryptography is the broad discipline concerned with securing information, while encryption is one of the techniques it employs to provide confidentiality. Modern cryptography also includes hashing, authentication, message authentication codes, digital signatures, public-key infrastructures, and secure key management.
Although encryption remains one of the most visible aspects of cryptography, secure communication depends upon the combined operation of many complementary techniques. Appreciating the distinction between cryptography and encryption is essential for understanding how today's secure communication systems protect information and establish trust.
Back to reading