The 3 main types of cryptography

Derived from the Greek words for “hidden writing,” cryptography is the science of obscuring transmitted information so that it may only be read by the intended recipient. The applications of cryptography are endless. From the quotidian end-to-end message authentication on WhatsApp to the practical digital signatures on legal forms or even the CPU-draining ciphers that are used for mining cryptocurrency, cryptography became an essential aspect of the digital world and a critical cybersecurity component for protecting sensitive data from hackers and other cybercriminals.

The practice of cryptology dates back to ancient times, with one of the earliest examples being attributed to Julius Caesar himself. Modern cryptosystems are far more advanced but still function in similar ways. Most cryptosystems begin with an unencrypted message known as plaintext, which is then encrypted into an indecipherable code known as ciphertext by using one or more encryption keys.

This ciphertext is then transmitted to a recipient. If the ciphertext is intercepted and the encryption algorithm is strong, the ciphertext is useless to any unauthorized eavesdroppers because they will not be able to break the code. However, the intended recipient will easily be able to decipher the text, assuming that they have the correct decryption key. 

Before diving deeper, let’s look at the core features of strong cryptographic frameworks:

• Confidentiality: Encrypted information can only be accessed by the person for whom it is intended and no one else. 
  
  
• Integrity: Encrypted information cannot be modified in storage or in transit between the sender and the intended receiver without any alterations being detected.
  
  
• Nonrepudiation: The creator/sender of encrypted information cannot deny their intention to send the information.
  
  
• Authentication: The identities of the sender and receiver—as well as the origin and destination of the information—are confirmed.
  
  
• Key management: The keys that are used in encrypting and decrypting data (and associated tasks like key length, distribution, generation, rotation) are kept secure.

Although hybrid systems do exist (such as the SSL internet protocols), most encryption techniques fall into one of three main categories: symmetric cryptography algorithms, asymmetric cryptography algorithms or hash functions. 

Also known as private key cryptography, secret key cryptography or single-key encryption, symmetric key encryption uses only one key for both the encryption process and decryption process. For these types of systems, each user must have access to the same private key.

Private keys might be shared either through a previously established secure communication channel like a private courier or secured line or, more practically, a secure key exchange method like the Diffie-Hellman key agreement. 

There are 2 types of symmetric key algorithms:

• Block cipher: In a block cipher, the cipher algorithm works on a fixed-size block of data. For example, if the block size is eight, eight bytes of plaintext are encrypted at a time. Normally, the user’s interface to the encrypt/decrypt operation handles data longer than the block size by repeatedly calling the low-level cipher function.
  
  
• Stream cipher: Stream ciphers do not work on a block basis, but rather convert one bit (or one byte) of data at a time. Basically, a stream cipher generates a keystream based on the provided key. The generated keystream is then XORed with the plaintext data.

Some examples of symmetrical cryptography include the following:

• Data Encryption Standard: The Data Encryption Standard (DES) was developed by IBM in the early 1970’s, and while it is now considered to be susceptible to brute force attacks, its architecture remains highly influential in the field of modern cryptography.
  
  
• Triple DES: While advancements in computing made DES insecure by 1999, the DES cryptosystem built on the original DES foundation adds extra levels of security that cannot be broken by modern machines. 
  
  
• Blowfish: A fast, free, publicly available block cipher designed by Bruce Schneer in 1993.
  
  
• Advanced Encryption Standard: The Advanced Encryption Standard (AES) is the first and only publicly accessible cipher that is approved by the US National Security Agency for top secret information. 

In asymmetric encryption, a pair of keys is used: one secret key and one public key. For this reason, these algorithms are also referred to as public key algorithms. Public key cryptography is considered to be more secure than symmetric encryption techniques because even though one key is publicly available, an encrypted message can only be decrypted with the intended recipient’s private key.

Some examples of asymmetrical cryptography include the following:

• RSA: Named for its founders—Rivest, Shamier and Adleman—in 1977, the RSA algorithm is one of the oldest widely used public key cryptosystems used for secure data transmission. 
  
  
• ECC: Elliptic curve cryptography is an advanced form of asymmetric encryption that uses the algebraic structures of elliptic curves to create strong cryptographic keys. 

A cryptographic hash algorithm produces a fixed-length output string (often called a digest) from a variable-length input string. The input serves as the plaintext, and the output hash is the cipher. For all practical purposes, the following statements are true of a good hash function: 

• Collision resistant: If any portion of the data is modified, a different hash is generated, ensuring data integrity. 
  
  
• One-way: The function is irreversible. That is, given a digest, it is not possible to find the data that produces it, ensuring data security.

For these reasons, hash algorithms make for effective cryptosystems because the hash algorithm encrypts the data directly without the need for different keys. In essence, the plaintext is its own key.

Consider the security vulnerability of a database of stored bank account passwords. Anyone with either authorized or unauthorized access to the bank’s computer systems might potentially read every password.

To maintain data security, banks and other businesses encrypt sensitive information like passwords into a hash value and store only that encrypted value in their database. Without knowing the user’s password, the hash value cannot be broken. 

Keeping pace with advancing technology and increasingly sophisticated cyberattacks, the field of cryptography continues to evolve. Quantum cryptography or quantum encryption, refers to the applied science of securely encrypting and transmitting data based on the naturally occurring and immutable laws of quantum mechanics for use in cybersecurity.

While still in its early stages, quantum encryption has the potential to be far more secure than previous types of cryptographic algorithms and, theoretically, even unhackable.

Not to be confused with quantum cryptography, which relies on the natural laws of physics to produce secure cryptosystems, post-quantum cryptographic algorithms use different types of mathematical cryptography to create quantum computer-proof encryption.

Although not yet viable, quantum computing is a quickly developing field of computer science with the potential to exponentially increase processing power—dwarfing even the fastest super computers operating today. While still theoretical, prototypes have demonstrated that practical quantum computers might be expected to break even the most secure public key cryptography systems within the next 10 to 50 years.

According to the National Institute of Standards and Technology (NIST), the goal of post-quantum cryptography (also called quantum-resistant or quantum-safe cryptography) is to “develop cryptographic systems that are secure against both quantum and classical computers, and [that] can interoperate with existing communications protocols and networks.”

The 6 primary areas of quantum-safe cryptography are:

• Lattice-based cryptography
• Multivariate cryptography
• Hash-based cryptography
• Code-based cryptography
• Isogeny-based cryptography
• Symmetric key quantum resistance

IBM cryptography solutions combine technologies, consulting, systems integration and managed security services to help ensure crypto agility, quantum-safety and solid governance and risk policies. From symmetric to asymmetric cryptography to hash functions and beyond, ensure data and mainframe security with end-to-end encryption tailor made to meet your business needs.