Cryptographic Solutions

The goal of cybersecurity is not only to stop attackers, but also to ensure that systems maintain the three core security properties:

• Confidentiality → only authorized people can read data.
• Integrity → data cannot be altered unnoticed.
• Availability → systems and data remain accessible.

Cryptography is one of the strongest tools used to achieve these goals.

What is Cryptography?

Cryptography literally means “secret writing.”

It protects information by transforming readable data into an unreadable form unless someone has the correct method to decode it.

Unlike security through obscurity, cryptography does not rely on hiding the existence of the secret. Even if attackers see the encrypted data, they still cannot understand it without the proper key.

Basic Cryptographic Terminology

Before understanding encryption systems, you need to understand the common terms used in cryptography.

The Main Actors in Cryptography

Cryptography explanations often use fictional characters:

• Alice → sender
• Bob → intended receiver
• Mallory → malicious attacker

ASCII flow:

Alice  -------- Secure Message -------->  Bob
   \                                       ^
    \                                     /
     \---- Mallory tries to intercept ----/

This model helps explain how encryption protects communication even when attackers can observe the network.

Three Main Types of Cryptographic Algorithms

Cryptography is divided into three major categories:

                 Cryptography
                       |
    -----------------------------------
    |                |                |
Symmetric      Asymmetric          Hashing
Encryption      Encryption
    |                |                |
Confidentiality  Confidentiality   Integrity
                 Authentication
                 Non-repudiation

Each type solves different security problems.

Symmetric Encryption

Symmetric encryption uses one shared secret key for both encryption and decryption.

Encrypt + Decrypt = Same Key

How Symmetric Encryption Works

1. Alice and Bob agree on a secret key.
2. Alice encrypts the data using that key.
3. Alice sends ciphertext.
4. Bob uses the same key to decrypt it.

ASCII diagram:

		 Shared Secret Key
			  [KEY]

Alice                               Bob
  |                                   |
  |-- Encrypt with KEY -------------> |
  |      "Hello" -> "X8#2!"           |
  |                                   |
  |<-- Decrypt with SAME KEY -------- |

Why Symmetric Encryption is Important

Symmetric encryption is:

• Extremely fast
• Efficient for large files
• Used for bulk data encryption
• Common in:
• disk encryption
• VPNs
• HTTPS sessions
• Wi-Fi security

Main Weakness of Symmetric Encryption

The biggest problem is:

**How do Alice and Bob securely share the secret key?**

If Mallory steals the key:

Mallory gets KEY
        +
Ciphertext
        =
Plaintext exposed

So the security of symmetric encryption depends entirely on protecting the shared key.

Substitution and Transposition Ciphers

To understand modern encryption, it helps to see the older basic ideas behind it.

Substitution Cipher

A substitution cipher replaces characters with others.

Example: ROT13

A -> N
B -> O
C -> P

Example:

Hello World
   ↓
Uryyb Jbeyq

The letters are substituted according to a rule.

Transposition Cipher

A transposition cipher keeps the same characters but changes their order.

Example:

H E L L O W O R L D

Rearranged into:

HLOOLELWRD

ASCII visualization:

H L O O L
E L W R D

Modern ciphers combine substitution and transposition in highly complex mathematical operations.

Key Length and Keyspace

Encryption strength depends heavily on the key size.

A keyspace is the total number of possible keys.

For small ciphers like ROT13:

25 possible keys

Modern encryption uses astronomically larger keyspaces.

AES Encryption

The most common modern symmetric algorithm is:

Advanced Encryption Standard

AES supports different key lengths:

• AES-128
• AES-256

The larger the key:

• the harder brute force becomes
• but the more CPU power is needed

AES Keyspace Comparison

AES-128:

2^{128}

AES-256:

2^{256}

AES-256 is not “twice” as strong as AES-128.

It is trillions upon trillions of times harder to brute force.

Brute Force Attack

A brute force attack tries every possible key until plaintext appears.

ASCII concept:

Ciphertext
    |
Try KEY1 -> garbage
Try KEY2 -> garbage
Try KEY3 -> garbage
...
Try KEYN -> plaintext

Large keyspaces make brute force practically impossible.

Asymmetric Encryption

Symmetric encryption introduced the key-sharing problem.

Asymmetric encryption solves this using two related keys:

• Public key
• Private key

Public Key  -> Encrypt
Private Key -> Decrypt

How Asymmetric Encryption Works

1. Bob creates a key pair.
2. Bob shares the public key.
3. Alice encrypts using Bob’s public key.
4. Only Bob’s private key can decrypt it.

ASCII diagram:

             Bob's Public Key
                    ↓

Alice ----------------------------> Bob
Encrypt Message                 Decrypt Message
with Public Key                 with Private Key

Why Public Keys Can Be Shared

The public key is designed so that:

Public Key ≠ Ability to Decrypt

Even if Mallory intercepts:

• the ciphertext
• the public key

Mallory still cannot derive the private key.

Main Advantage of Asymmetric Encryption

It solves the secure key exchange problem.

Alice and Bob no longer need to secretly meet beforehand.

This is why asymmetric cryptography powers:

• HTTPS certificates
• SSH
• VPN authentication
• secure email
• digital signatures

Main Weakness of Asymmetric Encryption

Asymmetric encryption is computationally expensive.

It is much slower than symmetric encryption.

So modern systems combine both methods:

Asymmetric Encryption
        ↓
Securely exchange symmetric key
        ↓
Symmetric Encryption
handles bulk data

This hybrid approach is used in HTTPS/TLS.

RSA vs ECC

Two major asymmetric systems are:

• RSA
• Elliptic Curve Cryptography

ECC achieves equivalent security with much smaller keys.

Example:

Smaller keys mean:

• faster operations
• less bandwidth
• lower CPU usage

Hashing

Hashing is different from encryption.

Encryption is reversible.

Hashing is designed to be:

ONE-WAY

You can create a hash from data, but you cannot recover the original data from the hash.

How Hashing Works

A hashing algorithm converts any input into a fixed-size output.

Example:

"Hello"   ↓A94A8FE5CC...

No matter the input size, the hash size remains fixed.

Important Hashing Properties

Good hashing algorithms provide:

• One-way operation
• Fixed output size
• Collision resistance
• Fast computation

Collision

A collision happens when:

Different Inputs
        ↓
Same Hash

Strong hashing algorithms make collisions extremely unlikely.

Hashing for Passwords

Instead of storing passwords directly:

Store HASH(password)

Authentication flow:

User enters password
        ↓
System hashes input
        ↓
Compare with stored hash

If hashes match:

Correct password

This protects passwords even if the database leaks.

File Integrity Verification

Hashes are also used to verify downloads.

Example:

Vendor publishes:
setup.exe + SHA256 hash

User downloads the file and computes the hash.

If both hashes match:

File integrity verified

If Mallory modifies the file:

Modified file -> Different hash

The tampering becomes detectable.

SHA vs MD5

Two well-known hash algorithms:

Secure Hash Algorithm is the modern standard.

MD5 is mostly retained only for compatibility.

Digital Signatures

Now we combine:

• hashing
• asymmetric cryptography

to provide:

• integrity
• authentication
• non-repudiation

How Digital Signatures Work

Step 1 — Create Hash

Alice hashes the message.

Message -> SHA256 -> Digest

Step 2 — Sign the Hash

Alice encrypts the digest using her private key.

Digest + Private Key
        ↓
Digital Signature

Step 3 — Verification

Bob:

• decrypts the signature using Alice’s public key
• computes his own hash
• compares both hashes

ASCII flow:

Alice
  |
  |-- Hash Message
  |-- Sign Hash with Private Key
  |
  |------ Message + Signature ------>

Bob
  |
  |-- Verify using Alice Public Key
  |-- Hash Message Again
  |
Compare Hashes
  |
  +--> Match = Authentic + Intact

What Digital Signatures Guarantee

If hashes match:

• message was not modified
• sender is authenticated
• sender cannot deny sending it

This property is called:

Non-repudiation

Real-World Uses of Digital Signatures

Digital signatures are used in:

• HTTPS certificates
• software signing
• secure email
• banking systems
• code signing
• blockchain systems

Putting Everything Together

Modern secure systems combine all cryptographic primitives together.

Example: HTTPS/TLS

Asymmetric Encryption
        ↓
Secure Key Exchange
        ↓
Symmetric Encryption
for fast communication
        ↓
Hashing + Signatures
for integrity/authentication

This layered design provides:

• Confidentiality
• Integrity
• Authentication
• Non-repudiation

Final Big Picture

                 Cryptography
                        |
    ------------------------------------------------
    |                     |                        |
Symmetric            Asymmetric                 Hashing
Encryption           Encryption
    |                     |                        |
Fast                 Key Exchange              Integrity
Bulk Data            Authentication            Verification
Confidentiality      Digital Signatures        Password Storage

Cryptographic solutions are foundational to nearly every modern security technology, from secure websites and VPNs to password protection, software updates, and digital identity systems.