Cryptography Basics
Cryptography is the science of hiding information so that only intended recipients can read it. The word comes from the Greek words kryptos (hidden) and graphein (writing). Cryptography converts readable data into an unreadable format and back again. It is the backbone of secure communication on the internet.
Every time a password gets saved, a bank transaction processes, or a message sends over WhatsApp, cryptography works silently in the background to protect that data.
Core Concepts of Cryptography
CRYPTOGRAPHY VOCABULARY: Plaintext = Original readable data → "Hello Bank, transfer Rs. 5000" Ciphertext = Encrypted unreadable data → "#$4kLp@9!mZx..." Encryption = Process of converting plaintext → ciphertext Decryption = Process of converting ciphertext → plaintext Key = Secret value used to encrypt and decrypt data Algorithm = Mathematical formula used to encrypt/decrypt (cipher)
The Encryption Process
ENCRYPTION AND DECRYPTION FLOW: SENDER SIDE: Plaintext + Encryption Key + Algorithm ──► Ciphertext TRANSMISSION: Ciphertext travels across the network (Even if intercepted, attacker only sees gibberish) RECEIVER SIDE: Ciphertext + Decryption Key + Algorithm ──► Plaintext EXAMPLE: Original: "MEET AT NOON" Encrypted: "PHHW DW QRRQ" (simple Caesar cipher, shift 3) Decrypted: "MEET AT NOON" (using same shift-3 rule in reverse)
Types of Encryption
Symmetric Encryption
In symmetric encryption, the same key is used for both encryption and decryption. Both the sender and receiver must have the same secret key. This method is fast and efficient for large amounts of data, but it has one major challenge: how do you safely share the key with the other person without someone intercepting it?
SYMMETRIC ENCRYPTION:
Sender Receiver
│ │
│── uses KEY "ABC123" to encrypt ──► │── uses KEY "ABC123" to decrypt
│ │
"MEET AT NOON" ──► "#@!&9pqR" ──────► "MEET AT NOON"
PROBLEM: Both parties must share the same key.
How to send the key safely? If intercepted → all messages exposed.
Common symmetric algorithms: AES (Advanced Encryption Standard), DES, 3DES. AES is the current standard used by governments, banks, and most secure applications worldwide.
Asymmetric Encryption (Public Key Cryptography)
Asymmetric encryption uses two mathematically linked keys — a public key and a private key. The public key encrypts data. Only the matching private key can decrypt it. The public key can be freely shared with anyone. The private key must never leave the owner's possession.
ASYMMETRIC ENCRYPTION: Receiver generates a KEY PAIR: Public Key = Shared freely with everyone (like a padlock) Private Key = Kept secret by receiver only (like the key to the padlock) PROCESS: Sender ──► uses Receiver's PUBLIC KEY to encrypt message ──► Ciphertext Receiver ──► uses own PRIVATE KEY to decrypt ──► Original message ANALOGY: Public Key = Open padlock given to anyone who wants to send a secure message Private Key = The unique key only the owner has to open the padlock Even if the attacker intercepts the encrypted message, they need the private key to read it.
Common asymmetric algorithms: RSA, ECC (Elliptic Curve Cryptography), Diffie-Hellman. Asymmetric encryption solves the key distribution problem of symmetric encryption but is much slower. Most modern systems use both: asymmetric encryption to exchange a symmetric session key, then symmetric encryption for the actual data transfer.
Symmetric vs. Asymmetric: Key Differences
| Feature | Symmetric Encryption | Asymmetric Encryption |
|---|---|---|
| Keys used | One shared key | Two keys (public + private) |
| Speed | Fast | Slow |
| Key sharing problem | Yes (must share key securely) | No (public key can be shared openly) |
| Best for | Encrypting large data | Exchanging keys, digital signatures |
| Examples | AES, DES | RSA, ECC |
Hashing
Hashing is a one-way process. A hash function takes any input data and produces a fixed-length output (called a hash or digest). Unlike encryption, hashing cannot be reversed. The same input always produces the same hash. Even a tiny change in the input produces a completely different hash.
HASHING EXAMPLE: Input: "password123" SHA-256 Hash: ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f Input: "password124" (only last digit changed) SHA-256 Hash: 3d76b3ef52b50c63f41f285a64082c0aa99d08a5d9d32bbf7deb6745c0f2e0c9 Completely different hash → impossible to predict changes → tamper detection
Where Hashing Is Used
Password storage is the most important use of hashing. A well-designed system never stores a user's actual password. Instead, it stores the hash of the password. When the user logs in, the system hashes the typed password and compares the result with the stored hash. If they match, access is granted. The actual password is never stored anywhere.
PASSWORD STORAGE WITH HASHING: Registration: User sets password: "MyPass@99" System hashes it: "7a3b9c1d..." (stored in database) Login attempt: User types: "MyPass@99" System hashes input: "7a3b9c1d..." Compare with stored: "7a3b9c1d..." MATCH → Access Granted Attacker steals database → only sees "7a3b9c1d..." → cannot reverse to "MyPass@99"
Common hash algorithms: MD5 (outdated, insecure), SHA-1 (outdated), SHA-256, SHA-3. Always use SHA-256 or higher for modern applications.
Digital Signatures
A digital signature proves two things: the message came from a specific sender (authenticity), and the message was not changed in transit (integrity). It uses asymmetric cryptography in reverse — the sender uses their private key to sign, and anyone with the sender's public key can verify the signature.
DIGITAL SIGNATURE PROCESS: SIGNING (Sender): Document + Sender's PRIVATE KEY ──► Digital Signature attached to document VERIFICATION (Receiver): Document + Digital Signature + Sender's PUBLIC KEY ──► Verified (authentic + unchanged) OR Document + Digital Signature + Sender's PUBLIC KEY ──► Failed (tampered or fake sender)
Digital signatures are used in software distribution (to verify that a downloaded app is genuine), legal documents, and email authentication.
Digital Certificates and SSL/TLS
When a browser connects to a website using HTTPS, it uses SSL/TLS (Secure Sockets Layer / Transport Layer Security) — a protocol that combines asymmetric and symmetric encryption to create a secure channel. A digital certificate proves that a website is legitimate and not a fake copy.
HOW HTTPS WORKS (TLS HANDSHAKE): Step 1: Browser connects to bank.com Step 2: Bank.com sends its digital CERTIFICATE (contains public key, issued by trusted CA) Step 3: Browser verifies certificate with the Certificate Authority (CA) Step 4: Browser uses bank's public key to encrypt a random session key Step 5: Bank decrypts session key using its private key Step 6: Both browser and bank now share the same session key Step 7: All further communication encrypted with that session key (fast symmetric encryption) Result: Secure, fast, verified connection (padlock icon appears in browser)
Encryption in Everyday Life
| Scenario | Cryptography Used | What It Protects |
|---|---|---|
| Logging into Gmail | HTTPS (TLS) | Password in transit |
| WhatsApp messages | End-to-end encryption (Signal Protocol) | Message content |
| Online banking | TLS + AES | Transaction details |
| Storing passwords | SHA-256 hashing + salt | Password confidentiality |
| Downloading software | Digital signatures | Software authenticity |
| Laptop full disk encryption | AES (BitLocker, FileVault) | Data if device is stolen |
Common Cryptographic Attacks
| Attack | How It Works | Defense |
|---|---|---|
| Brute Force | Tries every possible key combination | Use long, strong encryption keys |
| Dictionary Attack | Tests common passwords against hashes | Use salted hashes |
| Rainbow Table Attack | Pre-computed table of hash values | Add random salt to each password before hashing |
| Man-in-the-Middle | Intercepts key exchange | Certificate pinning, verified certificates |
Cryptography protects data at rest and data in transit. The next layer of security focuses on who gets to access that data in the first place — which is the domain of authentication and access control.