Cryptography

Cryptography

is the art of secret writing.

Cryptography

It is a way to hide messages so only the right people can understand them.

Ciphertext

Simple Example:

• Plain message: HELLO Plaintext

• Secret message: KHOOR (each letter moved 3 steps forward)

65

unsa nag start ang ASCII decimal number sa Alphabet / letter A?

90

unsa nag end ang ASCII decimal number sa Alphabet / Z ?

Cryptography

is the science of encrypting or decrypting of information to prevent unauthorized access, transform data so only the correct recepient can understand the message.”

• Keep messages safe

• Hide information from strangers

• Protect important things like passwords and money online

• Communicate safely

Why Do We Use Secret Codes?

We use codes to:

Ancient Egypt

Messages written with symbols

Julius Caesar

Shifted letters to hide secret war messages

World War II

Big machines called Enigma were used to code messages

keep people safe.

Cryptography was used to ?

Caesar cipher

Julius Caesar used a substitution cipher, appropriately named ? today.

Enigma

This is the exciting story of an ingenious machine for encrypting messages and the brilliant minds who cracked it-and thus crucially influenced the course of the Second World War, which ended 80 years ago.

Exclusive OR (XOR)

Combines plaintext and a key using the XOR logical operation, resulting in ciphertext. XOR is simple, efficient, and frequently used in modern cryptographic algorithms when paired with strong keys.

• Substitution Codes

• Reverse Codes

• Emoji or Picture Codes

Types of Secret Codes

Substitution Codes

You replace each letter with another letter.

Reverse Codes

You write the message backward.

Emoji or Picture Codes

Each letter is replaced with an emoji.

Symmetric

What category?
Wifi, VPN, Disk encryption

Asymmetric

What category?

HTTPS, secure chat

Hashing

What category?

Passwords, blockchain

Digital Signatures

What category?

Signed documents, blockchain

Data in transit

What category?

Browsing, online banking

Data at rest

What category?

Phones, Laptops

E2EE

What category?
Private messaging

Blockchain Crypto

What category?

Bitcoin, blockchain apps

Password-based

What category?

Account logins

Algorithm

The programmatic steps used to convert an unencrypted message into

an encrypted sequence of bits that represent the message; sometimes refers to the

programs that enable the cryptographic processes.

Cipher or Cryptosystem:

An encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.

The encoded message resulting from an encryption.

Ciphertext or Cryptogram

Code

The process of converting components (words or phrases) of an unencrypted message into encrypted components.

Decipher

To decrypt, decode, or convert ciphertext into the equivalent plaintext.

Encipher

To encrypt, encode, or convert plaintext into the equivalent ciphertext.

Key or Cryptovariable

• The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext; the key can be a series of bits used by a computer program, or

• it can be a passphrase used by humans that is then converted into a series of bits used by a computer program.

Keyspace

The entire range of values that can be used to construct an individual key.

Link Encryption

A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then re-encrypts it using different keys before sending it to the next neighbor. This process continues until the message reaches the final destination.

Plaintext or Cleartext

The original unencrypted message, or a message that has been successfully decrypted.

Steganography

The hiding of messages—for example, within the digital encoding of a picture or graphic.

Work Factor

The amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.

• Bit Stream Method

• Block Cipher Method:

Cipher Methods

Bit Stream Method

Encrypts data one bit at a time, transforming each plaintext bit into

a cipher bit, often using operations like XOR.

Block Cipher Method

Divides the plaintext into blocks (e.g., 8, 16, 32, or 64 bits) and

encrypts each block using an algorithm and a key. This method may involve substitution,

transposition, XOR, or a combination of these techniques.

Most encryption operates at the binary (bit) level, though some methods handle data at

the byte or character level.

Substitution Ciphers

Replace elements of plaintext with another set of symbols or values.

• Simple Substitution

• Caesar Cipher

• Polyalphabetic Substitution

• Polyalphabetic Substitution

Types of Substitution Ciphers

Simple Substitution

Each character in the plaintext is replaced by another character using a fixed rule.

▪ Example: If the rule shifts the alphabet by 3, “A” becomes “D,” and “B” becomes “E.”

Caesar Cipher

A substitution cipher that shifts the alphabet by a predetermined number of positions.

▪ Example: Using a shift of 2, “HELLO” becomes “JGNNQ.”

Monoalphabetic Substitution

Uses a single substitution alphabet, making patterns in plaintext detectable and vulnerable to frequency analysis.

▪ Example: A custom alphabet maps “A” to “M,” “B” to “N,” etc.

Polyalphabetic Substitution

Employs multiple substitution alphabets to make frequency analysis more difficult (e.g., Vigenère Cipher).

▪ Example: Uses a keyword to determine the substitution rules for each letter.

Transposition Ciphers

Rearrange the order of characters in plaintext without changing the

actual characters themselves.

• Simple Columnar Transposition

• Complex Transposition

Types of transposition Ciphers

Simple Columnar Transposition

Rearranges characters by writing them into rows of a fixed length and reading them column by column.

▪ Example: Plaintext “HELLOWORLD” written in 3 columns becomes

“HOLELWRLOD” when read vertically.

Complex Transposition

Applies multiple stages of rearrangements for added complexity.

▪ Example: Perform a columnar transposition followed by reversing the string

order.

Exclusive OR (XOR)

Combines plaintext and a key using the XOR logical operation, resulting

in ciphertext. XOR is simple, efficient, and frequently used in modern cryptographic

algorithms when paired with strong keys.

Vernam Cipher

Also known as the one-time pad. It uses a random key that is as long as the

message. Each bit or character of the plaintext is XORed with the corresponding bit or

character of the key. When used correctly, it offers perfect secrecy.

o Example: Plaintext “HELLO” XOR Key “XMCKL” produces Ciphertext “ZEBBW.”

Hash Functions:

A one-way operation that creates a fixed-length hash value from input data,

ensuring data integrity. Hash functions are not reversible and are used in verifying data and

digital signatures.

o Example: Hashing “HELLO” with SHA-256 produces a unique 256-bit value.

Cryptographic algorithms

are the foundation of securing digital communications and data. They transform readable information (plaintext) into encrypted formats (ciphertext) using systematic and mathematical processes. These algorithms are broadly categorized into symmetric and asymmetric encryption, each with distinct features and use cases.

• Symmetric Encryption Algorithms

• Asymmetric Encryption Algorithms

Categories of Cryptographic Algorithms

Symmetric Encryption Algorithms

Description: Utilize the same key for both encryption and decryption processes.

They are fast and suitable for large volumes of data.

Symmetric Encryption Algorithms

Examples:

▪ DES (Data Encryption Standard): Uses a 56-bit key and encrypts data in

64-bit blocks. Though considered outdated, it laid the foundation for

modern encryption.

▪ 3DES (Triple DES): Improves on DES by applying the encryption process

three times, increasing security.

▪ AES (Advanced Encryption Standard): A robust and widely-used standard

offering key sizes of 128, 192, and 256 bits.

o Applications: File encryption, database security, and network communications.

Asymmetric Encryption Algorithms

Description: Use a pair of keys—a public key for encryption and a private key for

decryption. They are computationally intensive and ideal for securing small

amounts of data.

Asymmetric Encryption Algorithms

Examples:

▪ RSA (Rivest-Shamir-Adleman): Employs large integer factorization for

security, suitable for digital signatures and secure data exchange.

▪ Diffie-Hellman: Enables secure key exchange over unsecured networks.

▪ Elliptic Curve Cryptography (ECC): Provides equivalent security to RSA

with smaller key sizes, making it efficient for resource-constrained

devices.

o Applications: Email security, digital signatures, and secure key exchanges.

Hybrid Encryption Systems

o Description: Combine symmetric and asymmetric encryption to leverage the strengths of both. Symmetric keys are exchanged securely using asymmetric methods.

o Example: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols for securing web traffic.

Block Ciphers:

Encrypt data in fixed-size blocks (e.g., 128 bits in AES).

Stream Ciphers:

Encrypt data one bit or byte at a time, suitable for real-time

applications.

Public-Key Infrastructure (PKI)

• Purpose: Manage public and private keys and digital certificates.

• Components:

• Certificate Authorities (CAs): Issue and revoke digital certificates.

• Registration Authorities (RAs): Authenticate users requesting certificates.

• Digital Certificates: Bind public keys to entities, providing identity assurance.

• Applications:

• ▪ Enabling secure web communications through HTTPS.

• ▪ Authenticating users and devices in networks.

Digital Signatures

• Purpose: Authenticate the sender of a message and ensure its integrity.

• Features:

  • Use hashing and asymmetric encryption.

  • Provide non-repudiation by linking signatures to specific entities.

• Applications:

  • Signing software updates to verify authenticity.

  • Validating contracts and legal documents.

Digital Certificates

• Purpose: Certify the ownership of a public key by an entity.

• Key Features:

  • Include entity details, public key, and certificate validity dates.

  • Ensure secure exchange of public keys in communication protocols.

• Issued By: Certificate Authorities (CAs).

Hybrid Cryptographic Systems

• Purpose: Combine symmetric and asymmetric encryption to leverage the strengths of both methods.

• Features:

  • ▪ Asymmetric encryption secures key exchanges.

  • ▪ Symmetric encryption provides fast and efficient data encryption.

• Applications:

  • ▪ SSL/TLS protocols for secure web browsing.

  • ▪ Securing email communications and file transfers.

Steganography

• Purpose: Conceal the existence of a message by embedding it within another medium, such as an image or audio file.

• Techniques:

  • ▪ Least Significant Bit (LSB) insertion: Embed data in the least significant bits of digital media

  • ▪ Spread Spectrum: Distribute data across a wide range of frequencies.

• Applications:

  • ▪ Covert communication.

  • ▪ Protecting sensitive information by hiding it within innocuous files.

Encryption Libraries

• Purpose: Provide developers with APIs to integrate cryptographic functionality.

• Examples:

  • ▪ OpenSSL: Offers tools for implementing TLS/SSL protocols.

  • ▪ Bouncy Castle: Supports encryption, hashing, and secure communication.

• Applications:

  • ▪ Implementing secure file storage and transfer systems.

  • ▪ Building secure network applications.

Key Management Tools

• Purpose: Safeguard the lifecycle of cryptographic keys, including generation, distribution, storage, and destruction.

• Features:

  • ▪ Secure storage mechanisms like Hardware Security Modules (HSMs).

  • ▪ Automatic key rotation and revocation.

• Applications:

  • ▪ Managing keys for enterprise-wide encryption systems.

  • ▪ Ensuring compliance with regulatory standards like GDPR and HIPAA.

Random Number Generators (RNGs)

• Purpose: Generate random values for cryptographic operations like key creation and

• initialization vectors.

• Types:

  • ▪ True Random Number Generators (TRNGs): Use physical phenomena for

• randomness.

  • ▪ Pseudo-Random Number Generators (PRNGs): Algorithm-based, less secure

• than TRNGs.

• Applications:

  • ▪ Generating session keys for encrypted communications.

  • ▪ Securing one-time pads and salts in cryptographic systems.

Secure communication protocols

ensure the confidentiality, integrity, and

authenticity of data transmitted across networks. These protocols employ cryptographic

techniques to safeguard information from interception and unauthorized access. This

material focuses on key protocols used for secure communications in various environments.

SSL (Secure Sockets Layer)

• Overview:

  • Developed by Netscape, SSL uses public key encryption to secure web

• communications.

  • It provides encryption, data integrity, server authentication, and optional

• client authentication.

• Key Features:

  • Ensures encrypted communication between client and server.

  • Offers a secure handshake for session initialization.

• Process:

1. A secure session begins with a handshake where cryptographic

parameters are exchanged.

S-HTTP (Secure Hypertext Transfer Protocol)

● Overview:

• S-HTTP encrypts individual messages rather than entire communication sessions.

• Complements HTTP for secure message transfer.

● Process:

1. Negotiates cryptographic parameters between client and server.

2. Generates a session key for secure communication.

Email Security Protocols

Email communication, a critical aspect of organizational workflows, is vulnerable to

interception and misuse. Secure email protocols address these challenges by ensuring

data confidentiality, authenticity, and integrity.

• S/MIME (Secure/Multipurpose Internet Mail Extensions):

• PGP (Pretty Good Privacy):

• PEM (Privacy Enhanced Mail):

Key Email Security Protocols

S/MIME (Secure/Multipurpose Internet Mail Extensions):

o Enables encryption and digital signatures for email.

o Widely supported by modern email clients.

PGP (Pretty Good Privacy):

o Provides end-to-end encryption for email.

o Uses a web-of-trust model for key management.

PEM (Privacy Enhanced Mail):

o A framework for securing email using cryptographic tools.

WEP (Wired Equivalent Privacy):

o An older protocol providing basic encryption for wireless communication.

o Largely deprecated due to vulnerabilities.

WPA/WPA2 (Wi-Fi Protected Access):

o Enhanced security features compared to WEP.

o WPA2 uses AES encryption for robust data protection.

IPSec (Internet Protocol Security)

● Overview:

o Protects data packets transmitted over IP networks.

o Ensures data confidentiality, integrity, and authentication.

● Applications:

o Frequently used for Virtual Private Networks (VPNs).

o Enables secure communication over public networks.

● Components:

1. Authentication Header (AH): Provides integrity and authentication.

2. Encapsulating Security Payload (ESP): Adds encryption for data

confidentiality.