Cryptography’s three primary categories

Cryptography, from the Greek words meaning “hidden writing,” encrypts sent data so only the intended recipient can read it. Applications for cryptography are numerous. Cryptography is essential to our digital world and protects sensitive data from hackers and other cybercriminals, from WhatsApp’s end-to-end message authentication to legal form digital signatures to cryptocurrency mining’s CPU-draining ciphers.

One of the first cryptologists was Julius Caesar. Modern cryptosystems are more advanced yet work similarly. Most cryptosystems start with plaintext, which is encrypted into ciphertext using one or more encryption keys. The recipient receives this ciphertext. If the ciphertext is intercepted and the encryption algorithm is strong, unauthorized eavesdroppers cannot break the code. The targeted receiver can simply decipher the text with the correct decryption key.

Let’s start with robust cryptography frameworks’ key features:

• Confidentiality: Only the intended recipient can access encrypted information.
• Integrity: Encrypted data cannot be altered in storage or transit between sender and receiver without detection.
• Non-repudiation: Encrypted information cannot be denied transmission.
• Authentication: Sender, receiver, and information origin and destination are verified.
• Key management: Data encryption and decryption keys (and related duties like key length, distribution, generation, rotation, etc.) are secure.

Three encryption types

Hybrid systems like SSL exist, although most encryption methods are symmetric, asymmetric, or hash functions.

Key symmetric cryptography

Symmetric key encryption, also known as private key cryptography, secret key cryptography, or single key encryption, employs one key for encryption and decryption. These systems need users to share a private key. Private keys can be shared by a private courier, secured line, or Diffie-Hellman key agreement.

Two types of symmetric key algorithms:

Block cipher: The method works on a fixed-size data block. If the block size is 8, eight bytes of plaintext are encrypted. Encrypt/decrypt interfaces usually call the low-level cipher function repeatedly for data longer than the block size.

Stream cipher: Stream ciphers convert one bit (or byte) at a time. A stream cipher creates a keystream from a key. The produced keystream is XORed with plaintext.

Symmetrical cryptography examples:

DES: IBM developed the Data Encryption Standard (DES) in the early 1970s. While it is vulnerable to brute force assaults, its architecture remains relevant in modern cryptography. 

Triple DES: By 1999, computing advances made DES unsecure, however the DES cryptosystem built on the original DES basis provides protection that modern machines cannot break.

Blowfish: Bruce Schneer’s 1993 fast, free, public block cipher.

AES: The only publicly available encryption certified by the U.S. National Security Agency for top secret material is AES.

Asymmetric-key cryptography

One secret and one public key are used in asymmetric encryption. This is why these algorithms are called public key algorithms. Although one key is publicly available, only the intended recipient’s private key may decrypt a message, making public key cryptography more secure than symmetric encryption.

Examples of asymmetrical cryptography:

RSA: Founded in 1977 by Rivest, Shamier, and Adleman, the RSA algorithm is one of the oldest public key cryptosystems for secure data transfer.

ECC: ECC is a sophisticated kind of asymmetric encryption that uses elliptic curve algebraic structures to create very strong cryptographic keys.

One-way hash

Cryptographic hash algorithms convert variable-length input strings into fixed-length digests. The input is plaintext, and the output hash is cipher. Good hash functions for practical applications satisfy the following:

Collision-resistant: A new hash is generated anytime any data is updated, ensuring data integrity.

One-way: The function is irreversible. Thus, a digest cannot be traced back to its source, assuring data security.

Because hash algorithms directly encrypt data without keys, they create powerful cryptosystems. Plaintext is its own key.

Consider the security risk of a bank password database. Anyone with bank computer access, authorized or illegal, may see every password. To protect data, banks and other companies encrypt passwords into a hash value and save only that value in their database. Without the password, the hash value cannot be broken.

Future of cryptography

A quantum cryptography

Technological advances and more complex cyberattacks drive cryptography to evolve. Quantum cryptography, or quantum encryption, uses quantum physics’ natural and immutable laws to securely encrypt and transfer data for cybersecurity. Quantum encryption, albeit still developing, could be unhackable and more secure than earlier cryptographic systems.

Post-quantum crypto

Post-quantum cryptographic methods use mathematical cryptography to generate quantum computer-proof encryption, unlike quantum cryptography, which uses natural rules of physics. Quantum computing, a fast-growing discipline of computer science, might exponentially enhance processing power, dwarfing even the fastest super computers. Although theoretical, prototypes suggest that quantum computers might breach even the most secure public key cryptography schemes in 10 to 50 years.

NIST states that post-quantum cryptography (PQC) aims to “develop cryptographic systems that are secure against both quantum and classical computers, and [that] can interoperate with existing communications protocols and networks.”

The six main quantum-safe cryptography fields are:

• Lattice-based crypto
• Multivariate crypto
• Cryptography using hashes
• Code-based cryptography
• Cryptography using isogeny
• Key symmetry quantum resistance

IBM cryptography helps organizations protect crucial data

IBM cryptography solutions offer crypto agility, quantum-safety, and robust governance and risk policies through technology, consulting, systems integration, and managed security. End-to-end encryption tailored to your business needs protects data and mainframes with symmetric, asymmetric, hash, and other cryptography.