Introduction to Cryptography

In 1943, the Allies broke the Nazi Enigma cipher at the secret Bletchley Park facility, and historians estimated this shortened World War II by 2 years, saving approximately 14 million lives. Cryptography decided the fates of wars, protected billions of financial transactions, and right now guards every message sent across the internet. It is the most influential branch of mathematics humanity has ever created.

• **HTTPS and TLS** - every time the padlock appears in a browser, cryptography is at work: AES encrypts traffic, RSA or Diffie-Hellman exchanges keys, SHA-256 verifies integrity - billions of connections every day
• **End-to-end encrypted messengers** - WhatsApp, Signal, Telegram (secret chats) use the Signal protocol with Double Ratchet: even the company's servers cannot read messages, because the encryption keys exist only at the endpoints
• **Banking systems and cryptocurrencies** - SWIFT transfers are protected by cryptography, and Bitcoin and Ethereum are built entirely on cryptographic primitives: hash functions, digital signatures, and Merkle trees

History of Cryptography

Cryptography is one of the oldest sciences of information protection. The earliest evidence of encryption was found in **Ancient Egypt (1900 BC)**: scribes replaced standard hieroglyphs with non-standard ones to give inscriptions an air of mystery. Since then, every great civilization has created its own methods of concealing messages - from military secrets to diplomatic correspondence.

The **scytale (7th century BC)** is one of the earliest known transposition ciphers. Spartan military commanders would wrap a strip of parchment around a wooden cylinder of a specific diameter and write the message along the cylinder. Without a cylinder of the same diameter, the letters on the strip looked meaningless. **Caesar's cipher** was simpler: each letter was replaced by the letter three positions further in the alphabet. A became D, B became E, and so on.

The turning point came in the **9th century**, when the Arab scholar **Al-Kindi** invented **frequency analysis** - a method for breaking substitution ciphers. The idea is brilliantly simple: in every language, letters appear with different frequencies. In English, the letter E occurs in about 13% of text, T in about 9%. If the symbol X appears in 13% of the ciphertext, then most likely X = E. This made all simple substitution ciphers vulnerable and launched the eternal arms race between cipher makers and codebreakers.

**1976** was a true revolution. Whitfield Diffie and Martin Hellman published a protocol for **key exchange over a public channel**. For the first time, two people could agree on a secret key while being overheard! The following year, Rivest, Shamir, and Adleman created **RSA** - the first practical algorithm with two keys: a public key for encryption (which can be shared with anyone) and a private key for decryption (kept secret). In **2001**, **AES (Advanced Encryption Standard)** was adopted - the symmetric encryption standard protecting data today: Wi-Fi, HTTPS, messengers, banking apps.

**Breaking Enigma - A Turning Point in History** The German Enigma cipher machine used a system of rotating rotors, creating an astronomical number of combinations. The Germans considered it unbreakable. But a team of cryptanalysts at Bletchley Park in England, including **Alan Turing**, found weaknesses in the usage protocol and built electromechanical machines (Bombes) to enumerate keys. Historians estimate that this shortened the war by 2 years and saved approximately 14 million lives.

Goals of Cryptography: CIA + Non-repudiation

Cryptography is not just about "hiding text". It has **four fundamental goals**, combined in the **CIA** model (Confidentiality, Integrity, Authentication) plus **Non-repudiation**. To understand each goal, let us meet the classic characters of cryptography: **Alice** (sender), **Bob** (receiver), **Eve** (eavesdropper), and **Mallory** (active malicious actor).

**1. Confidentiality** - only Alice and Bob can read the message. Eve intercepts the ciphertext but cannot understand its contents without the key. Example: a card number sent over HTTPS - even if the provider sees the traffic, they see only encrypted data. **2. Integrity** - Bob is certain the message was not altered in transit. Mallory cannot change "transfer 100 dollars" to "transfer 100000 dollars". Achieved through hash functions and MACs (Message Authentication Codes).

**3. Authentication** - Bob is certain the message came from Alice and not from Mallory impersonating Alice. Achieved through digital signatures and certificates. When a browser visits the bank's website, the SSL certificate confirms it is indeed the bank and not a phishing page. **4. Non-repudiation** - Alice cannot later claim "I did not send that". A digital signature proves authorship, like a signature on a paper document, only more reliably. Critical for contracts, financial transactions, and legal documents.

**Why all four goals must be achieved simultaneously?** Encryption without integrity is dangerous: Mallory cannot read the message but flips bits at random - and the bank transfer goes to a random account. Integrity without authentication is useless: Bob is certain the message was not altered, but does not know it was sent by Mallory rather than Alice. Authentication without non-repudiation is unreliable: Alice confirmed the transfer, but later claims "I was hacked". Only **all four properties together** provide complete protection.

Kerckhoffs's Principle

In 1883, the Dutch cryptographer **Auguste Kerckhoffs** formulated a principle that became one of the fundamental laws of cryptography: **"A cryptosystem's security must depend only on the secrecy of the key, not on the secrecy of the algorithm."** In other words, even if the adversary knows exactly HOW the cipher works, they should not be able to decrypt the message without the key.

The great mathematician **Claude Shannon** later reformulated this idea even more succinctly: **"The enemy knows the system."** This is not paranoia, but practical realism. An algorithm will sooner or later become known: through reverse engineering, a documentation leak, or a departing employee. The only thing that can realistically be changed quickly and cheaply is the key.

A classic failure of "security through obscurity" was the **CSS (Content Scramble System)** for DVD protection. The algorithm was classified and licensed only to authorized manufacturers. But in 1999, a 15-year-old Norwegian teenager, Jon Lech Johansen (DVD Jon), reverse-engineered the algorithm and discovered that CSS used only a **40-bit key** - which can be brute-forced in seconds on an ordinary computer. The algorithm's secrecy masked a critical weakness.

**Why are open algorithms more reliable than closed ones?** 1. **Expert review** - AES went through a public NIST competition where hundreds of cryptographers from around the world attacked the candidates. Weak algorithms were found and eliminated. 2. **Linus's Law** - "Given enough eyes, all bugs are shallow." The more people analyze an algorithm, the higher the chance of finding a vulnerability BEFORE the adversary does. 3. **Simple key rotation** - if a key is compromised, it can be changed in seconds. If a secret algorithm is compromised, the entire system must be replaced. 4. **Trust** - a banking app can be trusted because AES has been vetted by the world community, not because the bank says "trust us, our secret cipher is reliable".

Kerckhoffs's principle is not merely a theoretical recommendation. It is a **mandatory requirement** for all modern cryptographic standards. AES, RSA, SHA-256, TLS - all of these algorithms are fully open and published. Anyone can study their source code, attack them, and try to find weaknesses. This is precisely what makes them reliable: if the global cryptography community has not found critical vulnerabilities in 20+ years, the algorithm deserves trust.

Basic Cryptography Terminology

To talk about cryptography in a common language, one must master the basic terminology. These terms appear in every textbook, every article, and every standard. **Plaintext** - the original message to be protected. **Ciphertext** - the result of encryption, an unreadable sequence of symbols. **Encryption** - the transformation of plaintext into ciphertext. **Decryption** - the reverse transformation of ciphertext into plaintext.

**Key** - a secret parameter that controls encryption and decryption. **Key space** - the set of all possible keys. The larger the key space, the harder it is to break the cipher by brute force. **Cipher** - the encryption/decryption algorithm. **Cryptosystem** - the complete system: algorithm + key management protocol + usage rules.

**Cryptanalysis** - the science of breaking ciphers. A cryptanalyst looks for ways to obtain plaintext from ciphertext without knowing the key. **Brute force** - the simplest method of cryptanalysis: trying all possible keys. The time to brute-force depends on the size of the key space.

**Glossary of Terms:** - **Plaintext** - open text (before encryption) - **Ciphertext** - encrypted text (after encryption) - **Encryption** - the process plaintext -> ciphertext - **Decryption** - the process ciphertext -> plaintext - **Key** - the secret encryption parameter - **Key space** - the set of all possible keys - **Cipher** - the encryption algorithm - **Cryptosystem** - cipher + key management + protocols - **Cryptanalysis** - the science of breaking ciphers - **Brute force** - trying all keys in the key space

Key Ideas

• **4000 years of evolution:** from Egyptian hieroglyphics and the Spartan scytale through Caesar's cipher and the breaking of Enigma to the revolution of 1976 (Diffie-Hellman) - cryptography has traveled from simple substitutions to mathematically proven systems
• **Four goals (CIA + Non-repudiation):** confidentiality (Eve cannot read), integrity (Mallory cannot modify), authentication (Mallory cannot impersonate Alice), non-repudiation (Alice cannot deny authorship) - all four are needed simultaneously
• **Kerckhoffs's principle:** security depends only on the key, not on the algorithm's secrecy - open algorithms (AES, RSA) are more reliable than closed ones, because they have been verified by the world community of experts
• **Key size determines everything:** 56-bit DES was broken in hours, 128-bit AES would require more time than the age of the Universe - and the cryptography that decided World War II now protects every message sent across the internet

Related Topics

An introduction to cryptography lays the foundation for understanding specific algorithms and protocols - from mathematical foundations to practical ciphers:

• Modular Arithmetic — The mathematical foundation of cryptography: modular operations underlie the Caesar cipher, RSA, Diffie-Hellman, and AES - without understanding modular arithmetic, it is impossible to understand any serious cipher
• Substitution Ciphers — Historical ciphers implementing the idea of symbol replacement: from the Caesar cipher to the polyalphabetic Vigenere cipher, and the method of breaking them - Al-Kindi's frequency analysis

Вопросы для размышления

• Why does Kerckhoffs's principle (1883) remain relevant 140 years later, despite technologies having changed beyond recognition? What fundamental properties of information make this principle timeless?
• If encryption does not provide absolute security but only protects within a threat model, how is the "sufficient" level of protection determined for a specific task?
• The arms race between cipher makers and codebreakers has been going on for thousands of years. Could a quantum computer finally upset this balance, or will cryptographers adapt again?

Связанные уроки

• crypto-02-modular-arithmetic — Modular arithmetic is the mathematical core of RSA, Diffie-Hellman, and all modern public-key cryptography
• prob-01-intro — Probability theory underpins Shannon entropy, randomness requirements, and cryptographic security proofs
• alg-01-big-o — Cryptographic hardness is complexity theory applied in reverse: choose algorithms that are exponentially hard to break
• sec-01 — Cryptography implements Confidentiality and Integrity from the CIA Triad
• st-01-feedback-loops — Kerckhoffs principle works via open feedback loops between algorithm designers and cryptanalysts
• ml-01
• nt-01