Home ESIC Approval Services Blog Contact Us

Go back

Why cryptography is critical to cybersecurity

published by James Olsen. 09:22:03GMT+10 Monday, February 17

The world wide web is founded on transferring trillions of packets of data across the internet every day. Each packet of data exists in the open, available to potentially be read by millions or billions of people. As the old adage goes, you can never count on anything ever truly being deleted from the internet.

So if any data on the internet exists so openly, how can this data be protected? This is the critical question that cryptography exists to solve. By providing data not only with confidentiality, but also guarantees of who is sending it (integrity), cryptography provides the entire foundation of cybersecurity. In this article we will also explore how CyberDefence Advisory supports research and development in this critical field.

Confidentiality

Ensuring the confidentiality of data is both as incredibly simple as it is important. For millennia prior to computers, the basic concept of using some secret key to encrypt your message has been prevalent. Think of the Caesar Cipher - "I love chocolate" becomes "J mpwf dipdpmbuf" by moving each letter 1 position in the alphabet. Here "J mpwf dipdpmbuf" is your encrypted message, and "+1" is your secret key. Anyone who knows both can find the original message. School children across the world recreate this form of cryptography for fun each day.

But, computers can also find the original message with just the encrypted message. Even faster than a human who knows the secret key can [1]. Computers have allowed the sending of more data than ever thought imaginable but they have also necessitated the creation of much stronger forms of cryptography.

So how are stronger forms of cryptography found? Using incredibly complex mathematical functions known as 'trapdoor functions' [2]. What these functions all share in common are 3 principles:

• Easy to encrypt: taking fractions of a second to convert a message into an encrypted message.
• Hard to decrypt (without the secret key): taking much longer than encryption.
• Easy to decrypt (with the secret key): taking only a bit longer (typically) than encryption.

One of the more famous examples of a 'trapdoor function' is the RSA algorithm, which takes note of the fact that it is far easier to multiply 2 large prime numbers, than it is to receive a number and find which 2 large prime numbers were multiplied together to give that result [3].

Integrity

In a world of nearly endless data arriving from countless sources all around, how can you ever be sure who sent you the data you see in front of you? The example of Caesar's Cipher before encrypts data, but doesn't provide any genuinely safe way to discern who the sender was. You could always add a "from Alice" at the end of the message... but anyone can say that.

This is another problem that cryptography aims to solve. This time though the aim isn't to make it hard to decrypt, but to make it hard to encrypt without knowing the secret key. Digital Signatures are the best known implementation of this, where one can easily decrypt the signature to confirm it matches the encrypted message [4]. However, the decryption will only match the encrypted message if it was decrypted with a public key (a key known to everyone) that matches the secret key which created the signature. Otherwise it will be clear that someone else tried to create the signature to pretend to be who they say they are.

What is CyberDefence Advisory doing?

Cryptography is always an active area of research and development as each year that passes more and more solutions are found for functions that were once thought to be unsolvable 'trapdoor function'. In fact, there exists no proof yet to suggest any function is truly a 'trapdoor function', meaning that it is possible that there is no cryptography that can't be broken eventually [2][5].

What we can continue to do though is find more cryptographic functions and further protect the intricately connected world of data that we live in. At CyberDefence Advisory we are working every day towards pushing forward this research and development. We are working towards building forms of cryptography that will hold up in a more challenging world and that will continue to stay ahead of the curve of emerging threats.

If you are interested in finding out more and what CyberDefence Advisory is up to and how your organisation can contribute, contact us here or click here.