When it comes to data security, the ancient art of cryptography has become a critical cornerstone of today’s digital age. From top-secret government intelligence to everyday personal messages, cryptography makes it possible to obscure our most sensitive information from unwanted onlookers. Whether shopping online or saving valuable trade secrets to disk, we can thank cryptography for any semblance of privacy we may have.
The main principles of cryptography establish trust when conducting business online. They include the following:
- Confidentiality: Encrypted information can only be accessed by the person for whom it is intended and no one else.
- Integrity: Encrypted information cannot be modified in storage or in transit between the sender and the intended receiver without any alterations being detected.
- Non-repudiation: The creator/sender of encrypted information cannot deny their intention to send the information.
- Authentication: The identities of the sender and receiver—as well as the origin and destination of the information—are confirmed.
- Key management: The keys used in encrypting and decrypting data and associated tasks like key length, distribution, generation, rotation, etc. are kept secure.
Before diving into cryptography’s many use cases, let’s review the basics of cryptography.
Understanding cryptography basics
Throughout history, cryptologists have used various methods for encoding private information and creating encrypted messages. While modern cryptographic algorithms are far more advanced, the fundamental steps remain very similar.
Basic cryptology takes the original, unencoded information (known as plaintext) and encodes it into a scrambled code (known as ciphertext) with the aid of a secret key or keys, which can also be used to decode the ciphertext back into plaintext.
Cryptographic algorithms
Cryptographic algorithms are the mathematical formulas used to encrypt and decrypt data. These algorithms create secret keys to determine how data is transformed from its original plaintext into ciphertext and vice versa. Some well-known cryptographic algorithms include RSA (Rivest-Shamir-Adleman), AES (Advanced Encryption Standard) and ECC (Elliptic Curve Cryptography).
At a basic level, most cryptographic algorithms create keys by multiplying large prime numbers. While multiplication is easy for modern computers, factoring large numbers back into two large primes requires so much computing power, it’s practically impossible. Cryptosystems that use smaller keys can be reverse-engineered rather easily, but even the fastest supercomputers would require hundreds to hundreds of thousands of years to brute-force attack today’s stronger cryptographic algorithms. Elliptic curve cryptography adds an additional level of security by using random numbers to create much stronger keys that even next-generation quantum computers can’t break.
Key management
Key management is an integral part of cryptography; every cryptosystem uses keys to both encrypt and decrypt data. Key management involves securely generating, storing and distributing encryption keys between users. Proper key management is crucial for maintaining the security of encrypted data, as weak or stolen keys can create critical vulnerabilities in any cryptosystem. Key sizes, randomness and storage are all crucial functions of key management.
Symmetric encryption
Also known as private-key cryptography or secret-key cryptography, symmetrical cryptosystems use only one key for both encryption and decrypting. For these types of systems to work, each user must already have access to the same private key. Private keys might be shared either through a previously established trusted communication channel (such as a private courier or secured line) or, more practically, a secure key exchange method (such as the Diffie-Hellman key agreement).
Despite vulnerabilities created by the use of only a single key, this type of encryption is faster and more efficient than alternative methods. Popular symmetric encryption algorithms include DES (Data Encryption Standard), 3DES (Triple DES) and AES.
Asymmetric encryption
Asymmetric encryption, also known as public-key encryption, uses a pair of keys—a public key and a private key. The public key is used for encryption, the private key is used for decryption and each user has their own key pair. The two encryption keys used in public-key cryptography add an additional layer of security, but this added protection comes at the cost of decreased efficiency. RSA, ECC and the Secure Shell Protocol (SSH) are common asymmetric cryptography algorithms.
Cryptography use cases
Secure communication
One of the most common use cases of cryptography is providing secure communication over the internet. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), use cryptographic protocols to establish protected connections between web browsers and servers. This secure channel ensures that data shared between a user’s browser and a website remains private and cannot be intercepted by malicious actors.
Cryptography is also used for common messaging applications like email and WhatsApp to provide end-to-end encryption (E2EE) and maintain the privacy of users’ conversations. With E2EE, only the sender and intended recipient can decrypt and read their messages, making it nearly impossible for third parties—including users’ own service providers—to access the content.
Data encryption
Data encryption is a widely used form of cryptography that protects sensitive information stored on various devices, such as hard drives, smartphones and cloud storage services. Strong encryption algorithms like AES effectively transform plaintext into ciphertext, ensuring that even if an unauthorized party gains access, they won’t be able to decrypt sensitive data without access to the authorized users’ encryption key.
Data integrity
Cryptography is also used to ensure the integrity of data. Hash functions are a type of cryptographic algorithm that generate fixed-size hashes (also known as digests) of data–essentially transforming a set of data into a unique numerical hash number. These hashes are so unique that changing even a single character or space within the plaintext would produce a totally different numerical value. Recipients, applications or websites can verify data integrity by comparing the hash of received data to the expected hash, and they can confirm that data has not been altered during transmission.
Hash functions are also frequently used to verify user passwords without needing to create a vulnerable client-side database of private passwords. Instead, services like online banking portals will only collect and store the hashes of user passwords. Even if such a database was stolen, a malicious actor would not be able to deduce any user’s password from their hash alone.
Authentication
Verifying the authenticity of sent and received information is a critical function of cryptography used for conducting all manners of business, made possible by the use of digital signatures. Through asymmetric cryptography, documents can be amended with digital signatures, which can only be generated with the use of a private key. Recipients of digitally signed documents can use the sender’s public key to verify the signature’s authenticity and confirm that the document has not been tampered with during transmission.
Non-repudiation
Non-repudiation is a legal concept that ensures the authenticity of received messages and prevents a sender from potentially denying the validity of any given sent message. Digital signatures are a critical component of non-repudiation, as they prove that the sender, and no one else, signed the message or document. Cryptography-enabled non-repudiation, as established by data integrity protocols and digital signatures, provides a viable framework for verifying lawfully binding negotiations, contracts, and other types of legal dealings and business.
Key exchange
A major component of secure communication, key exchange is a critical aspect of establishing a secure connection, especially in asymmetric cryptosystems. Cryptography plays a valuable role in this preliminary step, as well. A landmark in the development of public-key cryptography, the Diffie-Hellman key exchange algorithm allows two parties to securely exchange encryption keys over an insecure channel. This method ensures that even if an eavesdropper intercepts the key exchange dialogue, they cannot decipher the encryption keys being exchanged. Through cryptography, algorithms like the Diffie-Hellman key exchange protocol allow parties to establish secure connections through public-key encryption, without the need for a previously established and potentially vulnerable alternative key exchange.
Securing API communication
A hallmark of Web 2.0 (and beyond), cooperative inter-app operability allows for various applications and web services to pull data from within their respected walled virtual ecosystems, enabling massively expanded functionality of all sorts of apps—from embedding social media posts into news articles to sharing critical systems analytics into advanced operational dashboards.
Known as application programming interfaces (APIs), these systems are designed to facilitate cross-program communication, and cryptography ensures that this sensitive data remains protected from intrusive eavesdropping or tampering, ensuring that only authorized parties can access the information. API keys and tokens are often used alongside encryption to protect sensitive data exchanged between applications, especially in situations where security is most critical, such as public works and infrastructure.
Quantum computing cybersecurity
The rise of quantum computing poses a significant threat to existing encryption methodologies and cybersecurity systems. Most modern cryptosystems are designed to withstand the potential computing power of traditional computers, which would simply require hundreds to hundreds of thousands of years to successfully brute-force attack today’s cryptographic algorithms. Quantum computers, however, could potentially increase the power of today’s computers by orders of magnitude, reducing the time it would take to crack even the strongest cryptographic keys from thousands of years to mere seconds.
While most modern cryptographic algorithms won’t be able to withstand theoretical quantum computer attacks, cryptologists are responding to these vulnerabilities with the development of quantum-resistant cryptography techniques. The use cases for quantum-resistant and post-quantum cryptography are as numerous as the cryptography use cases are in general. Although quantum computing is still considered to be in the prototyping stages at best, most computer scientists agree major breakthroughs within the next 10 to 50 years will make the development of quantum-resistant cryptography as critical as quantum computing itself.
Blockchain security
Blockchain technology relies heavily on cryptography to ensure the security and immutability of all on-chain transactions and updates. Cryptocurrencies like Bitcoin use cryptographic algorithms to mine and mint new coins, while cryptographic hash functions secure the integrity of blocks in the chain. When making transactions, public-key cryptography is used to create and verify digital signatures. Encompassing most of cryptography’s core tenets, blockchain technology uses encryption to create a trustless ecosystem where all actions can be easily authenticated and verified.
Learn how IBM cryptography solutions help businesses guard critical data
IBM cryptography solutions combine cutting-edge technology, consulting, systems integration and managed security services to help ensure crypto-agility, quantum-safety and solid governance and risk policies. From symmetric to asymmetric cryptography, to hash functions and beyond, ensure data and mainframe security with end-to-end encryption tailor-made to meet your business needs.
Explore IBM cryptography solutions