What is Cryptography?
With its origins in the Greek word kryptos, which means hidden, cryptography is a discipline that is essential in our connected world. Whether we are paying for something online, depositing a check via our smartphones, or establishing a virtual account with our healthcare providers, we all want to be assured that the messages and data transmitted are secure. Cryptography applies advanced mathematical principles for storing and transmitting data as a means to protect our information from getting into the wrong hands.
Modern cryptography relies on two basic algorithms—the asymmetric key and the symmetric key. Asymmetric key algorithms use a combination of private and public keys while symmetric algorithms use only private ones, commonly referred to as secret keys. While both approaches can be part of a digital security strategy, each is suited for specific use cases. Symmetric key cryptography tends to be used when there's a large volume of data that needs to be protected, as it is relatively fast. Asymmetric key cryptography is ideal when there's a large subset of entities sharing information.
Both of these algorithms support primary cryptographic goals, including:
- Confidentiality, which keeps information secure and out of reach from those who are not privy to it
- Identification and authentication, which is the process of identifying and then authenticating an object or user to ensure that communications happens with the intended entity
- Preserving message integrity, which ensures that any message received, or any new device being connected, is not carrying unwanted code or information
In a symmetric key cryptographic system, ensuring confidentiality is achieved by encrypting the data that is exchanged between the sender and the recipient. Both the sender and the recipient have access to the same secret key that is used to encrypt and decrypt the exchanged message, as shown in Figure 1.
Figure 1. Symmetric key algorithms help achieve confidentiality using secret keys
In an asymmetric key system, the recipient freely distributes her/his public key. The sender acquires the public key and verifies the authenticity of it. Figure 2 shows the main steps involved. For simplicity's sake, let's assume that the sender has access to the verified public key of the recipient. The sender then uses that public key to encrypt the message and sends it to the recipient.
Figure 2. Asymmetric key algorithm helps achieve confidentiality through the use of public and private keys.
There's much more to be discussed on this topic. My tutorial, "Cryptography: Fundamentals on the Modern Approach," provides more detail on:
- How symmetric and asymmetric key algorithms approach the identification and authentication process
- How symmetric and asymmetric algorithms compare in terms of key usage
- How the two algorithms preserve message integrity
- Non-repudiation of exchanged messages
In case you missed it, a previously published post, "What's All the Fuss About Cryptography?" provides an overview of how modern cryptography works.
