Thursday, June 9, 2011

A Beginners Guide to Cryptography

A Little Introduction
Hello everyone, my name is Jacob (aka "Epic?") and I'm bringing you this little article on cryptography.

This article will span five parts, the first part is what you're currently in (a little introduction), the second part will cover the basics of cryptography, the third part will cover cryptographic cyphers and algorithms, the fourth part will cover cryptography applied to computer encryption, and the fifth and final part will be a short conclusion, and a guide on where you can lean more. Please note that I am writing this in the form of a paper/article, which means its going to be mostly text, however it should serve as a good learning resource for those interested in getting a brief understanding. I won't write it in a super formal way, and I'll try to make it funny/enjoyable to read, and easy to understand.

The Basics of Cryptography
Part One: An Introduction
The desire/need to protect information is as old as humanity itself. In fact, it even spans past that, it could be traced all the way back to the beginning of life as a whole. Think about it, let's say we have a brachiosaurus, as I'm sure you know, its a herbivorous dinosaur, we'll call him Brachy for short. Now, on this world of ours, everything is finite, everything from air, to water, and even the sun. We call them renewable, but there is a preset amount, and in theory, it could run out. Plants, would also be considered a finite resource, except for herbivorous dinosaurs like Brachy, its more than a resource - its food. Brachy depends on food to survive, therefore, if he finds a large amount of food, he won't want to share it with all the dinosaurs in the world, as he doesn't want his finite amount of food to run out quickly. He may want to share it with a few people, but certainly not everyone.
While dinosaurs may not have used cryptography to protect this information, and may not have shared the location of the food with his friends through encrypted data, its a similar concept to our desires today.

Here's another quick example. Let's say in ancient times, a Roman army has acquired a piece of valuable information about their enemy. Unfortunately, they can't just pick up a phone and call back to base, they could be miles away, and they didn't have phones back then. 
So they're forced to send a messenger, who will carry the message (perhaps on a paper - or even just in his mind) all the way back to base. 
Now let's think about that for a moment. All seems good, until you realize that you are miles into enemy territory, and that messenger could easily be captured. If the messenger is captured, the messenger could simply be killed (ruining the message). Or, the enemy could read the message, and then use that to plan against the Roman forces. Or, the enemy could force the messenger to take a different message, perhaps spreading false information. That, is a problem. Data intercepted ---> Data read ---> Data changed.
However, we (the Romans) could solve that simply by encrypting the message by applying some sort of encryption method to it. These "methods" are called ciphers. If we applied a cipher to the message, it would be unreadable for our enemy, and therefore our message remains concealed. So instead what may occur is Data intercepted ---> Data unable to be read ---> Data is useless to enemy

We can apply that in the modern world, to large cases, and to smaller identity theft cases. Think about it. A criminal intercepts some data online, tries to read it (tries to bypass/decrypt the encryption), and then hopefully, he fails.

Let's take another more realistic example. Let's look at a bank. Sometimes, bank records (including sensitive information) may have to be transferred back and forth, possibly through computers. On top of that, all these records have to be stored at some point (they can't just magically generate each time we want to access our bank account). These would be stored in large computer databases. 
Now think about it, this represents a major problem. For one, we will have to deal with identifying who people are. Online, we can do this through a simple password. But this presents another problem - what about people who want to break right through that password? What about.... hackers. And yes, here I am using the term "hacker" to describe a "cracker" - don't get mad at me.
Now, a hacker might start simply by trying to access the database, if its unencrypted, well, he/she is immediately in. That is very problematic. That is why we encrypt our data. 
That way, the hacker doesn't get in.
The messenger gets the message home safely.
And Brachy gets all the food for himself.

Part Two: Applying "Cryptography" - And a Glossary
Applying cryptography is simple, we do it through a cipher, which I mentioned before.

For example, look at this message:
So, our message is "Apples". 

Now, look at a regular alphabet:

Okay, we now have our plain text (or our message).

So, we could use a basic cipher of simply shifting each letter down one:

Now, we have encrypted our alphabet. We have our cipher.

Which means, if we plugged our plain text (Apples) into that cipher we get:

Wow, that looks nothing like Apples. However, its relatively easy to decrypt using our cipher:
starting value = encrypted value
a = b
b = c
c = d
d = e
e = f
f = g
g = h
h = i
i = j
j = k
k = l
l = m
m = n
n = o
o = p
p = q
q = r
r = s
s = t
t = u
u = v
v = w
w = x
x = y
y = z

And if we applied that cipher, we'd get our original message back.

Now, that's all I'm going to mention on ciphers for this part (although in the next part I'll have more to say), however, one thing I will leave you with is a glossary.
These are actually two glossaries, and if ever I use a word you don't understand that's related to cryptography, it'll be in one of those.

Also, its a good read if you're looking to become serious, as it is important to learn the crypto-jargon.


Part One: A Look at Ciphers
Now as you know, cryptography is the art and science of hiding (through encryption) sensitive information/data. It includes encryption (when the cipher is initially applied to raw "plain text") and decryption (when the cipher is used to bring data back into readable form). It of course deals with passwords, applications, and such.

Here are some examples of ciphers:

Its important to understand how ciphers work before continuing in cryptography, as they are the basis of all encryption. 

Stenography is the process of writing hidden messages, which is actually more just classic cryptography, as cryptography has now become synonymous with "computer security" - as you'll read in the next section.

Remember, a cipher can be simply swapping text for numbers, or rearranging text. A cipher generally should be two ways, and be able to be used multiple times without changing results. Unless you're building a polymorphic cipher. That means, its effectively a self-modifying cipher, which I'll cover... now.

Part Two: The Idea of Polymorphism
Polymorphism is a relatively advanced part of cryptography, and is most common in computers. In a situation like this, it would probably be outside the scope of this guide, yet I feel I should cover it anyways (as its becoming more and more common).

Polymorphism is a cipher that changes itself each use, so each time it is used it produces a different result. This is most common in cipher algorithms, which are used in computers.
This means that, if we were to encrypt the same data twice, each time it would produce a different encrypted result.

Think of a key, perhaps to a car. Nowadays, we all have small electronic remotes, that unlock our cars with just a push of a button. Here's something you might not think about every time you unlock your car: an amount of data is sent to your car, and this data is specific to your car, and if it matches, then your car unlocks.
The easy way to accomplish that is simply by putting each remote-unlocker on a different frequency, however, that is difficult to regulate. So instead, all are on the same frequency, and they use different algorithms for the data sent to the car. These algorithms are polymorphic.

This means the algorithms are harder to reverse engineer, as they change each time. Even if a thief discovered the algorithm (which is harder in the first place with a polymorphic algorithm), the thief would have to match it to the same set the car/key is on - a difficult task.

Computer Encryption


  1. Excellent guide. The way you have explained the entire concept of cryptography in five parts is worth appreciating. I enjoyed reading it and loved the information posted. Thanks.
    electronic signatures

  2. Very helpful and understandable. Thanks.

  3. This is a excellent guide to start cryptography. Can you please suggest some good or recommended books to learn cryptography in depth ?
    I know at same time a good knowledge on number theory is also required to master cryptography.

    Your suggestion would definitely help beginner to cryptography.

  4. IdentityForce - Fully Insured Identity Protection - 14 Days Free Trial and a 17% Discount.