# Cryptography

## Introduction to Cryptography

**What is cryptography?**
> **Cryptography** is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as **data confidentiality**, **data integrity**, **authentication**, and **non-repudiation** are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons from doing the same. The cryptography literature often uses the name Alice ("A") for the sender, Bob ("B") for the intended recipient, and Eve ("eavesdropper") for the adversary. 

**History of Cryptography:**
- Refer to the History segment inside the following PDF: Blockchain/CryptographyI/LectureNotes/Week1/Introduction.pdf
- [History of Cryptography](https://www.tutorialspoint.com/cryptography/origin_of_cryptography.htm)

**Modern Cryptography:**
>Modern cryptography is heavily based on mathematical theory and computer science practice; **cryptographic algorithms are designed around computational hardness assumptions**, making such algorithms hard to break in practice by any adversary. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means. These schemes are therefore termed computationally secure; theoretical advances, e.g., improvements in integer factorization algorithms, and faster computing technology require these solutions to be continually adapted. There exist **information-theoretically secure** schemes that probably cannot be broken even with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to implement than the best theoretically breakable but computationally secure mechanisms.

More on: [Modern Cryptography](https://www.tutorialspoint.com/cryptography/modern_cryptography.htm)

**Cryptology:**<br>
The art of devising ciphers (i.e cryptography) and breaking them i.e., cryptanalysis) is collectively known as cryptology.

**Cryptanalysis:**<br>
Cryptanalysis is the study of analyzing information systems in order to study the hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

In addition to mathematical analysis of cryptographic algorithms, cryptanalysis includes the study of side-channel attacks that do not target weaknesses in the cryptographic algorithms themselves, but instead exploit weaknesses in their implementation.

>Cryptanalysis is the sister branch of Cryptography and they both co-exist. The cryptographic process results in the cipher text for transmission or storage. It involves the study of cryptographic mechanism with the intention to break them. Cryptanalysis is also used during the design of the new cryptographic techniques to test their security strengths.

### Security Services of Cryptography

The primary objective of using cryptography is to provide the following **four fundamental information security services:**

**Confidentiality**

Confidentiality is the fundamental security service provided by cryptography. It is a security service that keeps the information from an unauthorized person. It is sometimes referred to as privacy or secrecy. 

Confidentiality can be achieved through numerous means starting from physically securing to the use of mathematical algorithms for data encryption.

**Data Integrity**

It is security service that deals with identifying any alteration to the data. The data may get modified by an unauthorized entity intentionally or accidentally. Integrity service confirms that whether data is intact or not since it was last created, transmitted, or stored by an authorized user.

Data integrity cannot prevent the alteration of data, but provides a means for detecting whether data has been manipulated in an unauthorized manner.

**Authentication**

Authentication provides the identification of the originator. It confirms to the receiver that the data received has been sent only by an identified and verified sender.

>Authentication service has two variants:
- Message authentication identifies the originator of the message without any regard router or system that has sent the message.
- Entity authentication is assurance that data has been received from a specific entity, say a particular website.

Apart from the originator, authentication may also provide assurance about other parameters related to data such as the date and time of creation/transmission.

**Non-repudiation**

It is a security service that ensures that an entity cannot refuse the ownership of a previous commitment or an action. It is an assurance that the original creator of the data cannot deny the creation or transmission of the said data to a recipient or third party.

Non-repudiation is a property that is most desirable in situations where there are chances of a dispute over the exchange of data. For example, once an order is placed electronically, a purchaser cannot deny the purchase order, if non-repudiation service was enabled in this transaction.

### Cryptography Primitives

Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. Alternatively, cryptography primitives can be defined as the tools and techniques in Cryptography that can be selectively used to provide a set of desired security services. 

Following are some cryptography primitives:
- Encryption
- Hash functions
- Message Authentication codes (MAC)
- Digital Signatures

When creating cryptographic systems, designers use cryptographic primitives as their most basic building blocks. Because of this, cryptographic primitives are designed to do one very specific task in a highly reliable fashion.


The following table shows the primitives that can achieve a particular security service on their own.

![](./Images/CryptoPrimitives.png "Crypto Primitives and thier corresponding security service")

Note: Cryptographic primitives are intricately related and they are often combined to achieve a set of desired security services from a cryptosystem.

**The three steps in cryptography:**
>When we introduce/devise a new primitive these 3 steps have to be rigorously followed:
1. **Precisely specify threat model:** Threat model basically is knowing the capabilities of the adversaries, i.e., what can an adversarial do to attack the primitive and what is his goal in forging the primitive. In order to show that the primitive or cryptographic protocol is secure we need to prove that an adversary with the following capabilities would not be able to break the primitive/protocol. More on [Threat Model](https://www.youtube.com/watch?v=f4tk2pnOUos)
2. **Propose a construction**
3. **Prove that breaking construction under threat model will solve an underlying hard problem**: A basic example would be, it is easy to multiply to large prime to get a value N, but it's hard to recover the factors given the value N. So, if our prime works on that concept than if an adversary breaks our primitive/protocol than it would land a solution to solving that hard problem.

**Key Note:** For production system usage, never ever use your own implementation of the primitive or any cryptographic algorithm (as aside from the implementation errors there could be many side channels which could potentially result in easy breaching of your implementation). It is always recommended to use a trusted library for applying ciphering to production level data/information. [Explanatory Video](https://www.youtube.com/watch?v=3Re5xlEjC8w)

## Crash Course on Discrete Probability

Why Discrete Probability?
> Over the years many natural cryptographic constructions were found to be insecure. In response, modern cryptography was developed as a rigorous science where constructions are always accompanied by a proof of security. The language used to describe security relies on discreet probability.<br>

Reference Reads: 
- **Highly recommended (Easy to Digest and Preferable read to get it all):** [Discrete Probability](https://en.wikibooks.org/wiki/High_School_Mathematics_Extensions/Discrete_Probability)
-  Refer to the Discrete Probability Crash Course segment inside the following PDF: Blockchain/CryptographyI/LectureNotes/Week1/Introduction.pdf
- [Discrete vs Continuous Random Variables](http://www.henry.k12.ga.us/ugh/apstat/chapternotes/7supplement.html)
- [Random Variable vs Events](https://www.quora.com/What-is-the-difference-between-an-event-and-a-random-variable)

Reference Videos: 
- [Discrete Probability Crash Course [Part 1]](https://www.coursera.org/learn/crypto/lecture/qaEcL/discrete-probability-crash-course)
- [Discrete Probability Crash Course [Part 2]](https://www.coursera.org/learn/crypto/lecture/JkDRg/discrete-probability-crash-course-cont)
- [Probability Distribution for Random Variable X](https://www.youtube.com/watch?v=cqK3uRoPtk0)

**Deterministic vs Randomized Algorithms:**
> It's due to Discrete Probability that cryptographic algorithms took a leap from being deterministic, producing same output for a given input each time, in nature to being randomized algorithms that we use today. <br><br>
>**Randomized Algorithms:** are those which produce different outputs given the same input, i.e., even though the input to the randomized algorithm is the same, it will produce different output each time, as Random Algorithm have an implicit argument, say r, which is sampled anew, from it's give universe, every time the algorithm is run therefore making the outcome different.<br><br>
The output of this Random Algorithm is basically a random variable which is a distribution over the set of all possible encryption of message m under a  uniform key r.

More on Randomized Algorithm: Refer to the Randomized Algorithms topic undert Discrete Probability segment inside the following PDF: Blockchain/CryptographyI/LectureNotes/Week1/Introduction.pdf

**XOR:**
XOR is very important when it comes to cryptography. Review: XOR of two bit string is their bitwise addition mod 2. 
[Why XOR is imp in cryptography?](https://www.quora.com/Why-is-XOR-important-in-cryptography).

![](./Images/XOR-Property.png "The Important Property of XOR")

Note: Review the following video [Discrete Probability Crash Course [Part 2]](https://www.coursera.org/learn/crypto/lecture/JkDRg/discrete-probability-crash-course-cont), watch it from 6:19 where description of the important property of XOR is explained which makes it so useful in cryptography.


## Cryptosystems

A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure to provide information security services. A cryptosystem is also referred to as a cipher system.

### Components of a Cryptosystem

The various components of a basic cryptosystem are as follows:

- **Plaintext:** It is the data to be protected during transmission.

- **Encryption Algorithm:** It is a mathematical process that produces a ciphertext for any given plaintext and encryption key. It is a cryptographic algorithm that takes plaintext and an encryption key as input and produces a ciphertext.

- **Ciphertext:** It is the scrambled version of the plaintext produced by the encryption algorithm using a specific the encryption key. The ciphertext is not guarded. It flows on public channel. It can be intercepted or compromised by anyone who has access to the communication channel.

- **Decryption Algorithm:** It is a mathematical process, that produces a unique plaintext for any given ciphertext and decryption key. It is a cryptographic algorithm that takes a ciphertext and a decryption key as input, and outputs a plaintext. The decryption algorithm essentially reverses the encryption algorithm and is thus closely related to it.

- **Encryption Key:** It is a value that is known to the sender. The sender inputs the encryption key into the encryption algorithm along with the plaintext in order to compute the ciphertext.

- **Decryption Key:** It is a value that is known to the receiver. The decryption key is related to the encryption key, but is not always identical to it. The receiver inputs the decryption key into the decryption algorithm along with the ciphertext in order to compute the plaintext.

For a given cryptosystem, a collection of all possible decryption keys is called a **key space**.

An interceptor (an attacker) is an unauthorized entity who attempts to determine the plaintext. He can see the ciphertext and may know the decryption algorithm. He, however, must never know the decryption key.

Note: In cryptography, a **cipher** (or cypher) is an algorithm for performing encryption or decryption.

### Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which encryption-decryption is carried out in the system:

- Symmetric Key Encryption
- Asymmetric Key Encryption

The main difference between these cryptosystems is the relationship between the encryption and the decryption key. Logically, in any cryptosystem, both the keys are closely associated. It is practically impossible to decrypt the ciphertext with the key that is unrelated to the encryption key.