5 min read
Derived from the Greek words for “hidden writing,” cryptography is the science of obscuring transmitted information so that it may only be read by the intended recipient. The applications of cryptography are endless. From the quotidian end-to-end message authentication on WhatsApp to the practical digital signatures on legal forms or even the CPU-draining ciphers that are used for mining cryptocurrency, cryptography became an essential aspect of the digital world and a critical cybersecurity component for protecting sensitive data from hackers and other cybercriminals.
The practice of cryptology dates back to ancient times, with one of the earliest examples being attributed to Julius Caesar himself. Modern cryptosystems are far more advanced but still function in similar ways. Most cryptosystems begin with an unencrypted message known as plaintext, which is then encrypted into an indecipherable code known as ciphertext by using one or more encryption keys.
This ciphertext is then transmitted to a recipient. If the ciphertext is intercepted and the encryption algorithm is strong, the ciphertext is useless to any unauthorized eavesdroppers because they will not be able to break the code. However, the intended recipient will easily be able to decipher the text, assuming that they have the correct decryption key.
Before diving deeper, let’s look at the core features of strong cryptographic frameworks:
Although hybrid systems do exist (such as the SSL internet protocols), most encryption techniques fall into one of three main categories: symmetric cryptography algorithms, asymmetric cryptography algorithms or hash functions.
Also known as private key cryptography, secret key cryptography or single-key encryption, symmetric key encryption uses only one key for both the encryption process and decryption process. For these types of systems, each user must have access to the same private key.
Private keys might be shared either through a previously established secure communication channel like a private courier or secured line or, more practically, a secure key exchange method like the Diffie-Hellman key agreement.
There are 2 types of symmetric key algorithms:
Some examples of symmetrical cryptography include the following:
In asymmetric encryption, a pair of keys is used: one secret key and one public key. For this reason, these algorithms are also referred to as public key algorithms. Public key cryptography is considered to be more secure than symmetric encryption techniques because even though one key is publicly available, an encrypted message can only be decrypted with the intended recipient’s private key.
Some examples of asymmetrical cryptography include the following:
A cryptographic hash algorithm produces a fixed-length output string (often called a digest) from a variable-length input string. The input serves as the plaintext, and the output hash is the cipher. For all practical purposes, the following statements are true of a good hash function:
For these reasons, hash algorithms make for effective cryptosystems because the hash algorithm encrypts the data directly without the need for different keys. In essence, the plaintext is its own key.
Consider the security vulnerability of a database of stored bank account passwords. Anyone with either authorized or unauthorized access to the bank’s computer systems might potentially read every password.
To maintain data security, banks and other businesses encrypt sensitive information like passwords into a hash value and store only that encrypted value in their database. Without knowing the user’s password, the hash value cannot be broken.
Keeping pace with advancing technology and increasingly sophisticated cyberattacks, the field of cryptography continues to evolve. Quantum cryptography or quantum encryption, refers to the applied science of securely encrypting and transmitting data based on the naturally occurring and immutable laws of quantum mechanics for use in cybersecurity.
While still in its early stages, quantum encryption has the potential to be far more secure than previous types of cryptographic algorithms and, theoretically, even unhackable.
Not to be confused with quantum cryptography, which relies on the natural laws of physics to produce secure cryptosystems, post-quantum cryptographic algorithms use different types of mathematical cryptography to create quantum computer-proof encryption.
Although not yet viable, quantum computing is a quickly developing field of computer science with the potential to exponentially increase processing power—dwarfing even the fastest super computers operating today. While still theoretical, prototypes have demonstrated that practical quantum computers might be expected to break even the most secure public key cryptography systems within the next 10 to 50 years.
According to the National Institute of Standards and Technology (link resides outside ibm.com), the goal of post-quantum cryptography (also called quantum-resistant or quantum-safe cryptography) is to “develop cryptographic systems that are secure against both quantum and classical computers, and [that] can interoperate with existing communications protocols and networks.”
The 6 primary areas of quantum-safe cryptography are:
IBM cryptography solutions combine technologies, consulting, systems integration and managed security services to help ensure crypto agility, quantum-safety and solid governance and risk policies. From symmetric to asymmetric cryptography to hash functions and beyond, ensure data and mainframe security with end-to-end encryption tailor made to meet your business needs.
Learn how to navigate the challenges and tap into the resilience of generative AI in cybersecurity.
Understand the latest threats and strengthen your cloud defenses with the IBM X-Force Cloud Threat Landscape Report.
Find out how data security helps protect digital information from unauthorized access, corruption or theft throughout its entire lifecycle.
A cyberattack is an intentional effort to steal, expose, alter, disable or destroy data, applications or other assets through unauthorized access.
Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM X-Force Threat Intelligence Index.
Stay up to date with the latest trends and news about security.