The Invisible Shield
Cryptography is the backbone of the modern internet. It is the reason you can trust your bank with a password, why your WhatsApp messages remain private, and how blockchain currencies exist. But many view “Crypto” as just “scrambling data”. It is much more than that.
Cryptography is the mathematical assurance of security properties. It transforms trust in people into trust in math.
The Three Pillars (CIA Triad)
Before diving into algorithms, we must understand what we are trying to protect.
- Confidentiality: Ensuring that unauthorized individuals cannot read the data. (e.g., Encryption)
- Integrity: Ensuring the data has not been altered during transit. (e.g., Hashing)
- Authentication: Verifying the identity of the sender. (e.g., Digital Signatures)
Pillar 1: Hashing (Integrity)
A hash function is a one-way mathematical process. It takes an input (of any size) and produces a fixed-size string of characters, called the “digest” or “hash”.
Key Characteristics:
- One-Way: You cannot reverse the hash to get the original data. It’s like baking a cake; you can’t turn the cake back into eggs and flour.
- Deterministic: The same input always produces the same output.
- Avalanche Effect: Changing a single comma in a massive file drastically changes the entire hash.
Use Case: When you download a file, the website provides a generic “checksum” (hash). After downloading, you hash your file. If the hashes match, the file is exactly what the author intended—no corruption, no tampering.
Note: Hashing is NOT encryption. You cannot “decrypt” a hash.
Pillar 2: Symmetric Encryption (Confidentiality)
This is the oldest form of encryption. It relies on a Shared Secret.
- Bob has a key.
- Alice has the same key.
- Bob locks the message with the key. Alice unlocks it with the key.
The Problem: How do Bob and Alice share the key securely in the first place? If they send it over the internet, an attacker can intercept it. This is the Key Distribution Problem.
- Common Algorithms: AES (Advanced Encryption Standard), DES (Obsolete), 3DES.
Pillar 3: Asymmetric Encryption (Authentication & Exchange)
To solve the Key Distribution Problem, we use Asymmetric (Public-Key) Cryptography. Here, every user has two keys:
- Public Key: Shared with the world. Anyone can use it to encrypt a message for you.
- Private Key: Kept secret. Only you can use it to decrypt messages sent to your public key.
Metaphor: The Public Key is like an open padlock you give to everyone. Anyone can put a message in a box and lock it with your padlock. But once locked, only you (with the Private Key/Key) can open it.
The Magic of Digital Signatures: We can reverse the process. If you encrypt something with your Private Key, anyone can decrypt it with your Public Key. Why do this? It proves Identity. Since only you have the private key, only you could have written that message.
- Common Algorithms: RSA, Elliptic Curve (ECC).
The Modern Workflow: Hybrid Cryptography
In the real world (like HTTPS), we use both.
- Asymmetric is slow but perfect for key exchange. We use it to securely agree on a key.
- Symmetric is fast. Once we have the shared key, we switch to Symmetric encryption for the actual data transfer.
What Lies Ahead?
We have barely scratched the surface. In this series, we will implement these algorithms, break weak ones, and explore the future of secure communication.
Next Part: We will break down AES (Advanced Encryption Standard), block cipher modes, and why ECB is dangerous.
Discussion