One of the most accessible aspects of information security for students is the use of cryptography and ciphers. A cipher is a tool for encoding a message, and the history of the use of ciphers extends back thousands of years particularly with regard to military entities.

See the video on “Encryption and Public Keys” at **code.org** for a great introduction to cryptography.

**Some vocabulary**

The words **cryptography** (from the Greek for “hidden” and “writing”) and **cryptology** (from the Greek for “hidden” and “study”) are often used interchangeably for the study of code systems. The fields of study look at code systems.

- Before a message has been enciphered, it is known as the
**plaintext**. After it has been enciphered, it is known as the**ciphertext**. - Turning plaintext into ciphertext is known as
**encryption**, and turning ciphertext back into plaintext is known as**decryption**. - The method used for encryption is called the
**encryption****algorithm**, and the method used for decryption is called the**decryption****algorithm**. - Most encryption/decryption systems rely on a
**secret****key**. **Cryptanalysis**is the study of analyzing encryption systems to look for vulnerabilities to see what it would take to break them.

**Security Principles**

One major contributor to the field of cryptography was William Kerckhoff. He came up with an important cryptographic idea known today as **Kerckhoff’s** **Principle**. He said that *the security of an encryption system should only depend on the secrecy of the key and not on the secrecy of the encryption algorithm itself*. One reason for this is that good cryptographic systems are difficult to develop, and they need to be thoroughly tested. Making the algorithm public is one way to ensure that it is strong enough to resist common attacks.

It’s important to understand that “strong enough” does not mean “unbreakable.” Only one encryption scheme, the **One Time Pad**, has been proven to be unbreakable. Unfortunately, it is difficult to use commonly, so most cryptographic systems today settle for being “strong enough”-meaning they are able to resist most types of attacks given the computing power available. For example, a good cryptographic scheme today must be able to resist a **brute-force attack**, which means an attack that tests all possible keys until it finds the correct one. For example, the **alphabetic rotation cipher** has 26 possible keys, which is a very small number. A computer could check those keys in a very short amount of time. On the other hand, a ** simple substitution cipher** has 26! possible keys, which is far too many to be tested with today’s computing capabilities. Unfortunately, there are other kinds of attacks that can break a substitution cipher. (For more information about the ciphers mentioned above, see the link below for private-key encryption systems.)

**Private-key vs. public-key cryptography**

There are two main types of cryptographic systems used today. **Private-** or **symmetric-key encryption **is the most intuitive because it allows parties to communicate *using a shared secret key*. Alice encrypts a message with key K, and Bob decrypts the same message with the same key K. **Public-** or **asymmetric-key encryption** is a much newer, much more revolutionary idea because it does not rely on a shared secret key. Instead, each party has a pair of keys–one private, one public. Alice shares her public key with EVERYONE but her private key with NO ONE! See the links below for more discussion of private and public key cryptography, including examples.

#### Further Discussion and Examples

**Private-key encryption systems****Public-key encryption systems**

This post contains a discussion of several classic cryptographic systems, such as the Caesar and Vigenere ciphers, as well as a brief discussion of current private-key systems.

This post contains a discussion of public-key principles, including the concept of complexity and why it is important in public-key cryptography, as well as two examples of public-key cryptography in use today.