🐉 neospace ~

📝 Latest Posts

Cryptography Basics

Jan 17, 202513 min read

Table of Content

Introduction

img

Ever wondered how your day to day whatsapp messages encrypted to third parties? only you and receiver can read it? Because of “Cryptography” this is possible.

Cryptography lays the foundation for our digital world. While networking protocols have made it possible for devices spread across the globe to communicate, cryptography has made it possible to trust this communication.Make it more secure

Learning Objectives

Upon completing this room, you will learn the following:

  • Cryptography key terms
  • Importance of cryptography
  • Caesar Cipher
  • Standard symmetric ciphers
  • Common asymmetric ciphers
  • Basic mathematics commonly used in cryptography

Importance of Cryptography

Definition

Cryptography is the practice and study of techniques for secure communication and data protection in environments where malicious actors and third parties are expected. Its aim is to prevent adversaries from disclosing or modifying message contents.

Core Purpose

Cryptography’s primary goal is to ensure secure communication, even when adversaries are present. “Secure” encompasses both the confidentiality (secrecy) and integrity (unalterability) of data.

Key Goals

  • Cryptography protects confidentiality, integrity, and authenticity.

  • Everyday Applications: We unknowingly use cryptography daily:

    • Secure Logins: Protecting usernames and passwords during logins (e.g., TryHackMe).
    • SSH Connections: Creating secure, encrypted connections for remote access.
    • Online Banking: Verifying the authenticity of bank servers to prevent impersonation.
    • File Downloads: Using hash functions to verify the integrity of downloaded files.

Regulatory Compliance

Cryptography is essential for complying with data security standards:

  • PCI DSS (Payment Card Industry Data Security Standard): Mandates encryption of credit card data both at rest (stored) and in motion (transmitted).
  • HIPAA (Health Insurance Portability and Accountability Act), HITECH (Health Information Technology for Economic and Clinical Health): U.S. regulations for protecting medical records.
  • GDPR (General Data Protection Regulation): EU regulation for data protection.
  • DPA (Data Protection Act): UK regulation for data protection.

Conclusion

Cryptography is a critical, often invisible, component of modern digital security, ensuring compliance with legal requirements and protecting sensitive information. While users rarely directly interact with the underlying cryptographic mechanisms, its impact is pervasive throughout the digital world.

Plaintext to Cipher text

before we dive into key terms, lets understand basic illustration of encryption and decryption. Lets say we wanna send msg to someone secretly and no one else could understand that even anyone saw it, this is where encryption comes in. as an example u wanna send “see you airport” to your friend as a message and u need to encrypt that. the text u wanna encrypt is called as plaintext,The plaintext is the readable data; it can be anything from a simple “hello”, a cat photo, credit card information, or medical health records. From a cryptography perspective, these are all “plaintext” messages waiting to be encrypted

Plaintext is passed through encryption function + key and function returns the Cipher text. The encryption function is part of the cipher; a cipher is an algorithm to convert a plaintext into a ciphertext and vice versa.

To recover the plaintext, we must pass the ciphertext along with the proper key via the decryption function, which would give us the original plaintext. This is shown in the illustration below.

Here’s a summary of the key terms in cryptography:

  • Plaintext: The original, readable message or data before encryption (e.g., text, images, files).

  • Ciphertext: The encrypted, unreadable version of the plaintext after encryption.

  • Cipher: The algorithm or method used to convert plaintext into ciphertext and vice versa.

  • Key: A secret string of bits used by the cipher to encrypt or decrypt data. It must remain secret (except in asymmetric encryption).

  • Encryption: The process of converting plaintext into ciphertext using a cipher and key.

  • Decryption: The reverse process of encryption, converting ciphertext back into plaintext using a cipher and key. The key is essential for decryption.

    Questions

    1. What do you call the encrypted plaintext?
    • ciphertext
  1. What do you call the process that returns the plaintext?
    • decryption

Historical Ciphers

Caesar Cipher

  • The Caesar Cipher is one of the oldest known ciphers, dating back to the first century BCE.

  • It is a substitution cipher, where each letter in the plaintext is shifted by a certain number (the key) to produce the ciphertext.

Encryption Process

  • To encrypt a message, each letter is shifted by a fixed number of positions in the alphabet.

Example:

  • Plaintext: TRYHACKME
  • Key: 3 (right shift of 3)
  • Ciphertext: WUBKDFNPH

The shifts:

• T → W • R → U • Y → B • H → K • A → D • C → F • K → N • M → P • E → H

Decryption Process

  • To decrypt the message, shift each letter back by the same number.

Example:

  • Ciphertext: WUBKDFNPH
  • Key: 3 (left shift of 3)
  • Plaintext: TRYHACKME

Security Considerations

  • The Caesar Cipher is not secure by modern standards.

  • There are only 25 possible keys (since shifting by 26 would return the original letter), making it vulnerable to brute force attacks.

  • This weakness makes it easy to decrypt a message by trying all possible shifts.

    Historical Context

  • Caesar Cipher was used by Julius Caesar for secure communication.

  • Over time, it has been replaced by more complex encryption methods.

Other Historical Ciphers

  • Vigenère Cipher (16th century): A more complex cipher that uses a keyword for shifting letters.

  • Enigma Machine (World War II): Used for encryption and considered highly secure until cracked by codebreakers.

  • One-Time Pad (Cold War): A theoretically unbreakable cipher when used correctly, relying on a key that is as long as the message.

Conclusion

The Caesar Cipher, while historically important, is insecure by today’s cryptographic standards and is primarily used for educational purposes or simple encoding tasks.

Caesar Cipher Brute forcer

def caesar_bruteforce(ciphertext):
    alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    decrypted_texts = []
    
    for shift in range(1, 26):
        decrypted_text = ""
        for char in ciphertext:
            if char.isalpha():
                char_index = alphabet.find(char.upper())
                new_index = (char_index - shift) % 26
                decrypted_text += alphabet[new_index] if char.isupper() else alphabet[new_index].lower()
            else:
                decrypted_text += char
        decrypted_texts.append((shift, decrypted_text))
    
    return decrypted_texts
 
# Cipher text
ciphertext = "XRPCTCRGNEI"
decrypted_texts = caesar_bruteforce(ciphertext)
 
# Print results
for shift, text in decrypted_texts:
    print(f"Shift {shift}: {text}")

Questions

  1. Knowing that XRPCTCRGNEI was encrypted using Caesar Cipher, what is the original plaintext?
    • ICANENCRYPT

Types of Encryptions

The two main categories of encryption are symmetric and asymmetric.

Symmetric Encryption

Example Scenario

Suppose you have a password-protected document that you want to share with your colleague. You can email the encrypted document, but sending the password via email as well would be risky. If anyone gains access to your colleague’s email, they would have access to both the encrypted file and the password. Therefore, you must consider a different communication channel to securely share the password. One secure solution might be to meet in person and convey the password directly.

Symmetric Encryption Overview

  • Same Key for Both Encryption and Decryption: The core idea of symmetric encryption is that both the sender and the recipient use the same key for encrypting and decrypting data.
  • Challenges: The main difficulty in symmetric encryption is secure key distribution. If the key is intercepted, the entire encryption system becomes compromised.

Examples of symmetric encryption are DES (Data Encryption Standard), 3DES (Triple DES) and AES (Advanced Encryption Standard).

  • DES was adopted as a standard in 1977 and uses a 56-bit key. With the advancement in computing power, in 1999, a DES key was successfully broken in less than 24 hours, motivating the shift to 3DES.
  • 3DES is DES applied three times; consequently, the key size is 168 bits, though the effective security is 112 bits. 3DES was more of an ad-hoc solution when DES was no longer considered secure. 3DES was deprecated in 2019 and should be replaced by AES; however, it may still be found in some legacy systems.
  • AES was adopted as a standard in 2001. Its key size can be 128, 192, or 256 bits.

There are many more symmetric encryption ciphers used in various applications; however, they have not been adopted as standards.

Asymmetric Encryption

Unlike symmetric encryption, which uses the same key for both encryption and decryption, asymmetric encryption uses a pair of keys: one for encryption and another for decryption. This type of encryption is also known as public key cryptography.

Encryption Process

  • Data is encrypted using the public key. (mostly)
  • The encrypted data can only be decrypted using the private key.
  • The private key must be kept secure, while the public key is shared.

Key Examples

  • RSA: Commonly uses 2048-bit, 3072-bit, or 4096-bit keys.
  • Diffie-Hellman: Uses similar key sizes to RSA (e.g., 2048-bit minimum, with higher keys for added security).
  • Elliptic Curve Cryptography (ECC): Uses shorter keys for the same security as RSA. For example, a 256-bit ECC key is comparable in security to a 3072-bit RSA key.

Performance

  • Asymmetric encryption tends to be slower than symmetric encryption.
  • The encryption relies on mathematical problems that are easy to compute in one direction but practically impossible to reverse. This provides security even with large numbers.

Asymmetric Scenario

Scenario: Secure Messaging with Asymmetric Encryption

Alice wants to send a secret message to Bob, ensuring only Bob can read it. This is how asymmetric encryption (also known as public-key cryptography) makes it possible:

  1. Key Generation: Bob generates a pair of keys: a public key and a private key. The public key can be freely shared, while the private key must remain secret. Think of it like a mailbox: everyone (including Alice) can drop a letter into the mailbox (public key), but only Bob has the key to open it (private key).

  2. Public Key Distribution: Bob makes his public key available to Alice (e.g., through a website, certificate, or secure channel).

  3. Encryption: Alice obtains Bob’s public key. She uses this key to encrypt her message. This is represented by the “Encryption with Alice’s Public Key” box in the diagram. Only Bob’s private key can decrypt the message.

  4. Transmission: Alice sends the encrypted message to Bob. Even if someone intercepts the message during transmission, they cannot decrypt it without Bob’s private key.

  5. Decryption: Bob receives the encrypted message. He uses his private key (which he keeps secret) to decrypt it, retrieving the original message. This is represented by the “Decryption with Alice’s Private Key” box.

Why Only Bob Can Decrypt: The mathematical properties of asymmetric encryption algorithms ensure that decrypting the message is computationally infeasible without the corresponding private key, even if you have the public key.

Answer to your question: Anyone can encrypt a message using Bob’s public key, but only Bob can decrypt it using his private key. The security relies on keeping the private key secret. 

sequenceDiagram
    participant Alice
    participant Bob

     Public Key Distribution
    Alice->>Bob: Requests Bob's public key (via website or secure channel)
    Bob->>Alice: Sends Bob's public key

     Transmission
    Note over Alice, Bob: The message is encrypted and sent over an insecure channel.
    Note over Alice, Bob: Even if intercepted, it cannot be decrypted without the private key.

     Final Security Assurance
    Note over Alice, Bob: Only Bob can decrypt the message, as the private key is secret and computationally infeasible to reverse-engineer.
    Note over Alice: Anyone can encrypt using Bob's public key, but only Bob can decrypt using his private key.

    %% Conclusion
    Alice->>Bob: Secure message successfully transmitted

Basic Math

Mathematical Operations in Cryptography

Two fundamental mathematical operations are crucial in cryptography: the XOR operation and the Modulo operation. These underpin many cryptographic algorithms.

XOR Operation (Exclusive OR)

Definition: XOR is a binary operation comparing two bits. It returns 1 if the bits are different and 0 if they are the same.

Truth Table:

ABA ⊕ B
000
011
101
110

Properties:

  • Commutative: A ⊕ B = B ⊕ A
  • Associative: (A ⊕ B) ⊕ C = A ⊕ (B ⊕ C)
  • Involutive: A ⊕ A = 0
  • Identity: A ⊕ 0 = A

Application in Cryptography:

XOR is used in symmetric encryption. Given plaintext (P) and a key (K):

  • Encryption: C = P ⊕ K
  • Decryption: P = C ⊕ K

Its reversibility makes it suitable for simple encryption algorithms.

In simple

Think of XOR like a magic switch that flips between two states, like “on” and “off.”

How XOR Works

  • If two things are the same, the switch says “off” (0).

  • If two things are different, the switch says “on” (1).

Here’s a simple rule:

  • Same = 0

  • Different = 1

For example:

  • 0 and 0 → Same → 0

  • 1 and 1 → Same → 0

  • 0 and 1 → Different → 1

  • 1 and 0 → Different → 1

Why is XOR Special in Cryptography?

Imagine you have a secret message (“P”) and a magic key (“K”). You use XOR to mix them up, creating a scrambled message (“C”).

Now, here’s the cool part:

To get the secret message back, you just need to mix the scrambled message (“C”) with the same magic key (“K”) again! It’s like undoing the magic.

Example:

  1. Secret message: P = 1010
  2. Magic key: K = 1100

Use XOR to mix them:

  • 1010 ⊕ 1100 = 0110 (scrambled message C).
  1. To get the secret message back: Scrambled message C = 0110 Magic key K = 1100 0110 ⊕ 1100 = 1010 (your original message P)!

Why Does It Work?

Because XOR is like a magic lock:

  • If you mix something twice with the same key, you get back what you started with!

  • It’s like opening a door with the same key you used to lock it.

That’s how XOR helps keep messages safe—it scrambles them in a way that only someone with the key can understand. 🎩✨

Modulo Operation (Modulus)

Definition

The modulo operation (X % Y) returns the remainder when X is divided by Y.

Examples:

  • 25 % 5 = 0
  • 23 % 6 = 5
  • 23 % 7 = 2

Properties

  • The result of X % Y is always between 0 and Y-1.
  • Modulo is not reversible: Knowing x % 5 = 4 doesn’t uniquely determine x.

Application in Cryptography

The modulo operation is vital in algorithms involving large numbers (like RSA). It keeps results within a specific range and manages computational complexity during encryption/decryption.

Conclusion

XOR and Modulo operations provide the mathematical foundation for many cryptographic systems, contributing significantly to data confidentiality and security.

Questions

  1. What’s 1001 ⊕ 1010?
    • 0011
  2. What’s 118613842%9091?
    • 3565
  3. What’s 60%12?
    • 0

Conclusion

This TryHackMe room provided a solid introduction to the fundamentals of cryptography. It effectively covered the core concepts, including the importance of cryptography in securing digital communications, the definitions of key terms (plaintext, ciphertext, cipher, key, encryption, decryption), and a comparison of symmetric and asymmetric encryption methods. The use of the Caesar cipher as a simple illustrative example, followed by a discussion of more robust algorithms, was helpful in building understanding. The explanation of XOR and modulo operations provided valuable insight into the mathematical underpinnings of cryptographic techniques. Overall, the room successfully laid a foundation for further learning in cryptography.

Graph View

Backlinks