Estimated difficulty: 💜🤍🤍🤍🤍
Hey! This is a quick, simplified overview of some related terms for anyone who isn’t familiar with cryptography. I’ll add to this as time goes on to try and make sure it includes the terms used in other posts. 🥳
An algorithm specifies the method and application of cryptographic primitives – basically a list of instructions of what to do with different components to achieve an outcome.
Asymmetric (Public Key) Cryptography
Cryptography which uses different (public and private) keys to encrypt and decrypt data. It should be “computationally infeasible” to work out what the decryption (private) key is using the encryption (public) key.
Another word for algorithm – these terms are sometimes used interchangeably.
A security service – meaning data can’t be seen by an unauthorised party.
Cryptographic primitives are basic building blocks, functions, or processes that are used to provide security services. Examples include block and stream ciphers, hash functions, and message authentication codes (MACs).
The term we use to describe the design and study of the mathematical techniques or mechanisms that provide security services.
Refers to the application of cryptographic primitives and the environment or infrastructure they exist in.
A security service – providing assurance that data hasn’t been altered by an unauthorised party. Data integrity assurance applies from the last amendment by an authorised user.
Data Origin Authentication
A security service – data origin authentication provides assurance that a particular party was the original source of a piece of information.
A security service – an assurance that a particular party is currently actively involved in a communication session – entity authentication needs a freshness checking mechanism to ensure liveness.
Kerckhoff was a 19th century cryptographer who wrote six principles for designing ciphers. Paraphrasing and adapting slightly for modern context, the principles are:
- The system must be computationally expensive enough to solve that it can be considered indecipherable.
- The system shouldn’t require secrecy; given every piece of information about a cryptosystem besides the key, it should still be secure.
- Secure key establishment, rotation, and exchange must be possible as often as required.
- It must be possible to adapt the algorithm for use over different communication channels.
- The algorithm needs to be easy to implement, designed as simply as possible, and not be unnecessarily computationally expensive.
- The system needs to be user-friendly, intuitive, and straightforward to operate.
A security service – the assurance that a party can’t deny a prior action, for example that they sent a message or altered some data.
Security services are assurances or aims that we use cryptographic primitives to provide – for example, encryption can be used to provide confidentiality, or a message authentication code (MAC) can be used to provide data origin authentication.
Cryptography which uses either the same (or very similar/closely-related) keys to encrypt and decrypt data.