Fundamentals of Cryptography

Fundamentals of Cryptography: Core Concepts Explained

Cryptography is the science of protecting information by transforming it into an unreadable format for unauthorized parties. This course breaks down the essential ideas that appear in typical introductory quizzes, providing clear explanations, real‑world examples, and practical insights. By mastering these topics, learners gain a solid foundation for further study in computer security, network engineering, and data privacy.

1. Non‑repudiation – Ensuring Accountability

One of the four classic security services offered by cryptography is non‑repudiation. Unlike confidentiality, authentication, or integrity, non‑repudiation prevents a sender from denying that they originated a message.

• How it works: Digital signatures created with a private key can be verified with the corresponding public key. Because only the private key holder could have generated the signature, the sender cannot later claim they did not send the message.
• Typical use cases: Electronic contracts, financial transactions, and legal documents where proof of origin is critical.
• Key terms: digital signature, public‑key infrastructure (PKI), certificate authority.

Understanding non‑repudiation is essential for designing systems that require audit trails and legal enforceability.

2. Symmetric‑Key vs. Public‑Key Cryptography

Symmetric‑key algorithms use the same secret key for encryption and decryption. While they are fast and efficient for bulk data, they suffer from a major drawback: key distribution and secure storage are problematic. Exchanging a secret key over an insecure channel exposes the entire communication to interception.

Public‑key (asymmetric) cryptography solves this problem by separating the keys:

• Public key: Distributed openly; used to encrypt data or verify signatures.
• Private key: Kept secret; used to decrypt data or create signatures.

Because the public key can be shared without compromising security, organizations can establish secure channels without the need for a pre‑shared secret. This property underpins protocols such as TLS, SSH, and PGP.

3. Classical Cipher Spotlight: Caesar Shift

The Caesar cipher is a historic example of a substitution cipher. It works by shifting each letter of the plaintext by a fixed number of positions in the alphabet—most famously three places. The receiver reverses the shift to recover the original message.

• Example: Plaintext "HELLO" shifted by 3 becomes "KHOOR".
• Security limitation: With only 25 possible shifts, a brute‑force attack can try every option instantly.
• Educational value: Demonstrates the concept of key space and why modern ciphers need far larger key spaces.

Although trivial by today’s standards, the Caesar cipher introduces the fundamental idea of systematic transformation, a principle that persists in all modern encryption schemes.

4. From DES to AES: Why AES Is More Secure

Data Encryption Standard (DES) was the dominant block cipher for decades, but it operates on 64‑bit blocks with a 56‑bit key—sizes that are now vulnerable to exhaustive search. Advanced Encryption Standard (AES) replaced DES for several reasons:

• Block size: AES processes 128‑bit blocks, reducing the chance of pattern leakage.
• Key length options: 128, 192, and 256 bits provide a vastly larger key space, making brute‑force attacks infeasible with current technology.
• Design robustness: AES has no known practical attacks; its substitution‑permutation network resists differential and linear cryptanalysis.

These attributes make AES the preferred choice for government, industry, and everyday applications such as Wi‑Fi encryption (WPA2/WPA3) and secure file storage.

5. Cryptographic Attacks: The Birthday Paradox

The birthday attack exploits the birthday paradox—a probability principle stating that in a group of just 23 people there is a >50% chance two share a birthday. Applied to hash functions, this means that finding two distinct inputs that produce the same hash (a collision) can be dramatically easier than brute‑forcing a specific pre‑image.

• Complexity: For an n‑bit hash, a birthday attack requires roughly 2^(n/2) operations, half the effort of a direct brute‑force search.
• Real‑world impact: Weak hash functions like MD5 and SHA‑1 have been broken using birthday attacks, prompting migration to SHA‑256 or stronger algorithms.
• Mitigation: Use hash functions with longer output (e.g., SHA‑256) and incorporate salts or keyed hashes (HMAC) to reduce collision risk.

Understanding the birthday attack highlights why hash length matters and why cryptographers continuously evaluate hash algorithms for collision resistance.

6. RSA Key Generation: The Role of the Modulus

RSA is a foundational public‑key algorithm. Its security rests on the difficulty of factoring large composite numbers. The key generation process follows these steps:

1. Select two large, random prime numbers p and q.
2. Compute the modulus n = p × q. This value is part of both the public and private keys.
3. Calculate Euler’s totient φ(n) = (p‑1)(q‑1).
4. Choose a public exponent e (commonly 65537) that is coprime with φ(n).
5. Derive the private exponent d such that e·d ≡ 1 (mod φ(n)).

The modulus n is the first value computed after selecting the primes, and it defines the key size (e.g., 2048‑bit RSA uses a 2048‑bit modulus). Proper generation of p and q ensures that n cannot be factored efficiently, preserving RSA’s security.

7. Hash Functions and the Avalanche Effect

A cryptographic hash function must exhibit the avalanche effect: a tiny change in the input (even a single bit) should produce a dramatically different output. This property prevents attackers from predicting how modifications affect the hash value.

• Example: SHA‑256("hello") = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 while SHA‑256("hell0") (note the zero) yields a completely unrelated hash.
• Related properties: Pre‑image resistance (hard to find an input for a given hash) and collision resistance (hard to find two inputs with the same hash).
• Applications: Password storage (with salts), data integrity verification, digital signatures, and blockchain mining.

When evaluating hash algorithms, look for strong avalanche behavior as an indicator of diffusion quality.

8. Block Cipher Modes: Why ECB Is Insecure

Block ciphers can be used in various modes of operation. The Electronic Codebook (ECB) mode encrypts each plaintext block independently. While simple, ECB has a critical weakness: identical plaintext blocks produce identical ciphertext blocks.

• Consequence: Patterns in the original data become visible in the encrypted output, leaking structural information.
• Visual example: Encrypting a bitmap image with ECB reveals the outline of the picture, even though the colors are scrambled.
• Secure alternatives: CBC (Cipher Block Chaining), GCM (Galois/Counter Mode), and CTR (Counter Mode) introduce randomness or chaining to hide patterns.

Modern cryptographic guidelines recommend avoiding ECB for any sensitive data and opting for authenticated modes like GCM that also provide integrity checks.

9. Summary and Further Study

These eight topics form the backbone of introductory cryptography curricula. Mastery of non‑repudiation, key management, classic and modern ciphers, attack vectors, RSA fundamentals, hash properties, and block cipher modes equips learners to evaluate security solutions critically.

For deeper exploration, consider studying:

• Elliptic Curve Cryptography (ECC) for efficient public‑key operations.
• Advanced hash constructions such as SHA‑3 and BLAKE2.
• Post‑quantum cryptographic algorithms that resist quantum attacks.
• Formal security proofs and the random oracle model.

By building on this foundation, you can confidently navigate the rapidly evolving landscape of computer security and contribute to the design of robust, trustworthy systems.