Derived from the Greek words for “hidden writing,” cryptography is the science of obscuring transmitted information so that it may only be read by the intended recipient. The applications of cryptography are endless. From the quotidian end-to-end message authentication on WhatsApp to the practical digital signatures on legal forms or even the CPU-draining ciphers used for mining cryptocurrency, cryptography has become an essential aspect of our digital world and a critical cybersecurity component for protecting sensitive data from hackers and other cybercriminals.

The practice of cryptology dates back to ancient times, with one of the earliest examples being attributed to Julius Caesar himself. Modern cryptosystems are far more advanced but still function in similar ways. Most cryptosystems begin with an unencrypted message known as plaintext, which is then encrypted into an indecipherable code known as ciphertext using one or more encryption keys. This ciphertext is then transmitted to a recipient. If the ciphertext is intercepted and the encryption algorithm is strong, the ciphertext will be useless to any unauthorized eavesdroppers because they won’t be able to break the code. The intended recipient, however, will easily be able to decipher the text, assuming they have the correct decryption key. 

Before diving deeper, let’s take a look at the core features of strong cryptographic frameworks:

• Confidentiality: Encrypted information can only be accessed by the person for whom it is intended and no one else. 
• Integrity: Encrypted information cannot be modified in storage or in transit between the sender and the intended receiver without any alterations being detected.
• Non-repudiation: The creator/sender of encrypted information cannot deny their intention to send the information.
• Authentication: The identities of the sender and receiver—as well as the origin and destination of the information—are confirmed.
• Key management: The keys used in encrypting and decrypting data (and associated tasks like key length, distribution, generation, rotation, etc.) are kept secure.

Three categories of encryption

Although hybrid systems do exist (such as the SSL internet protocols), most encryption techniques fall into one of three main categories: symmetric cryptography algorithms, asymmetric cryptography algorithms, or hash functions. 

Symmetric key cryptography

Also known as private key cryptography, secret key cryptography or single key encryption, symmetric key encryption uses only one key for both the encryption process and decryption process. For these types of systems, each user must have access to the same private key. Private keys might be shared either through a previously established secure communication channel like a private courier or secured line or, more practically, a secure key exchange method like the Diffie-Hellman key agreement. 

There are two types of symmetric key algorithms:

• Block cipher: In a block cipher, the cipher algorithm works on a fixed-size block of data. For example, if the block size is eight, eight bytes of plaintext are encrypted at a time. Normally, the user’s interface to the encrypt/decrypt operation handles data longer than the block size by repeatedly calling the low-level cipher function.
• Stream cipher: Stream ciphers do not work on a block basis, but rather convert one bit (or one byte) of data at a time. Basically, a stream cipher generates a keystream based on the provided key. The generated keystream is then XORed with the plaintext data.

Some examples of symmetrical cryptography include the following:

• DES: The Data Encryption Standard (DES) was developed by IBM in the early 1970’s, and while it is now considered to be susceptible to brute force attacks, its architecture remains highly influential in the field of modern cryptography.  
• Triple DES: While advancements in computing made DES insecure by 1999, the DES cryptosystem built on the original DES foundation adds additional levels of security which cannot be broken by modern machines. 
• Blowfish: A fast, free, publicly available block cipher designed by Bruce Schneer in 1993.
• AES: The Advanced Encryption Standard (AES) is the first and only publicly accessible cipher approved by the U.S. National Security Agency for top secret information. 

Asymmetric key cryptography

In asymmetric encryption, a pair of keys is used: one secret key and one public key. For this reason, these algorithms are also referred to as public key algorithms (PKA). Public key cryptography is generally considered to be more secure than symmetric encryption techniques because even though one key is publicly available, an encrypted message can only be decrypted with the intended recipient’s private key.

Some examples of asymmetrical cryptography include the following:

• RSA: Named for its founders—Rivest, Shamier and Adleman—in 1977, the RSA algorithm is one of the oldest widely used public key cryptosystems used for secure data transmission. 
• ECC: Elliptic curve cryptography is an advanced form of asymmetric encryption that uses the algebraic structures of elliptic curves to create extremely strong cryptographic keys. 

One-way hash algorithms

A cryptographic hash algorithm produces a fixed-length output string (often called a digest) from a variable-length input string. The input serves as the plaintext, and the output hash is the cipher. For all practical purposes, the following statements are true of a good hash function: 

• Collision resistant: If any portion of the data is modified, a different hash will be generated, ensuring data integrity. 
• One-way: The function is irreversible. That is, given a digest, it is not possible to find the data that produces it, ensuring data security.

For these reasons, hash algorithms make for very effective cryptosystems because the hash algorithmencrypts the data directly without the need for different keys. In essence, the plaintext is its own key.

Consider the security vulnerability of a database of stored bank account passwords. Anyone with either authorized or unauthorized access to the bank’s computer systems could potentially read every password. To maintain data security, banks and other businesses will encrypt sensitive information like passwords into a hash value and store only that encrypted value in their database. Without knowing the user’s password, the hash value cannot be broken. 

The future of cryptography

Quantum cryptography

Keeping pace with advancing technology and increasingly more sophisticated cyberattacks, the field of cryptography continues to evolve. Quantum cryptography, or quantum encryption, refers to the applied science of securely encrypting and transmitting data based on the naturally occurring and immutable laws of quantum mechanics for use in cybersecurity. While still in its early stages, quantum encryption has the potential to be far more secure than previous types of cryptographic algorithms and, theoretically, even unhackable. 

Post-quantum cryptography

Not to be confused with quantum cryptography, which relies on the natural laws of physics to produce secure cryptosystems, post-quantum cryptographic algorithms use different types of mathematical cryptography to create quantum computer-proof encryption. Although not yet viable, quantum computing is a quickly developing field of computer science with the potential to exponentially increase processing power—dwarfing even the fastest super computers operating today. While still theoretical, prototypes have demonstrated that practical quantum computers might be expected to break even the most secure public key cryptographysystems within the next 10 to 50 years.

According to the National Institute of Standards and Technology (NIST) (link resides outside ibm.com), the goal of post-quantum cryptography (PQC) (also called quantum-resistant or quantum-safe cryptography) is to “develop cryptographic systems that are secure against both quantum and classical computers, and [that] can interoperate with existing communications protocols and networks.”

The six primary areas of quantum-safe cryptography are:

• Lattice-based cryptography
• Multivariate cryptography
• Hash-based cryptography
• Code-based cryptography
• Isogeny-based cryptography
• Symmetric key quantum resistance

Learn how IBM cryptography solutions help businesses guard critical data

IBM cryptography solutions combine technologies, consulting, systems integration and managed security services to help ensure crypto agility, quantum-safety, and solid governance and risk policies. From symmetric to asymmetric cryptography to hash functions and beyond, ensure data and mainframe security with end-to-end encryption tailor made to meet your business needs.