As part of Easter Explore Connect, we met role model Deirdre, a product engineer at Evervault. She shared with us her knowledge of cryptography: what it is, how it works and why it’s so important:
What is cryptography?
Cryptography, from the Greek ‘kryptos’ meaning secret and ‘graphia’ meaning writing, is the science of using maths to encrypt and decrypt data. It helps us to lead more secure digital lives: from conducting online bank transactions to helping us safely join video calls for education or work. Not only this, it’s been used to keep messages safe for millenia; there’s even an encryption method named after one of its most notable users: Roman emperor Julius Caesar!
The four principal benefits of cryptography are confidentiality, integrity, authentication, and non-repudiation. Confidentiality means only intended parties can read the message sent; integrity means we know the message hasn’t been altered in any way. Authentication is to establish identity and finally, non-repudiation means proving that the sender actually sent the message, not someone else.
The encryption process: in a nutshell
You encrypt data so that only you and your intended audience, and no one else, can read it.
When encrypting, you start with ‘plain text’, sometimes also known as cleartext. Plain text is any kind of readable text, whether written as we would read it or in binary.
The next step is to encrypt this into ciphertext, which can’t be understood by a human or computer without additional information. Therefore, to anyone reading it, it should appear random.
To access your data again, it then must be decrypted to plaintext.
Types of encryption
There are two types of encryption: symmetric and asymmetric.
If something has been encrypted symmetrically, the same technique has been used to encrypt and decrypt the message. In these situations, a ‘private key’ is used, meaning only the person sending and the person receiving the data know-how the encryption has been done.
Transposition ciphers and substitution ciphers are two of the most well-known symmetric encryption methods. In a substitution cipher, each letter is substituted for a symbol or a different letter.
For example, in a shift cipher, each character is replaced by another using a specific pattern. The caesar cipher is one of these and is named after the famous Roman emperor who used it in his personal correspondence. For this cipher, each letter is shifted a certain number along in the alphabet. In this way, a caesar shift of three would mean the letter ‘A’ would be replaced by ‘D’, and ‘B’ by ‘E’, etc.
In a transposition cipher, the letters in a word or phrase are shifted around. For instance, you could write out a sentence in a grid, and encrypt it by copying out the columns. This is known as the rail fence technique.
Computers have become quite fast at decoding symmetric encryption techniques (without first knowing the key) through frequency analysis, which links how often letters or symbols come up in an encrypted piece of data, and how common they are in the language of the original message.
In contrast, asymmetric encryption is harder for an outsider to crack; it uses a public key, available to anyone, to encrypt and a private key, only available to the desired receiver, to decrypt. In these situations, everyone can encrypt data but only certain people, those to whom the data is intended, can decrypt. This tends to be a more secure encryption type and takes longer for a computer to crack; this is called computational intractability.
The Diffie-Hellman key exchange method, for example, is based on the idea of modular arithmetic, which is an area of maths which involves finding the remainder after a division.
In this context, 11 modulo 10 = 1 as 11 divided by 10 has one as a remainder, and 10 modulo 4 = 2 as 10 divided by four has a remainder of two.
This is really useful in encryption because it makes it hard to reverse engineer to find the original number; both 11 modulo 10 and 21 modulo 10 result in 1!
End-to-end encryption on messaging apps and accessing https sites (where the s stands for secure) are just two of the many examples of encryption that come up in our everyday lives. It’s a powerful tool that helps keep you and your data safe online. Would you like to work in this field and champion data security too?
This article was written by Eve Sherratt-Cross, a member of the Stemette Society