Cryptography: What Is It & Why Do We Need It?

Cryptography has been a key part of digital security, and it forms the core of securing all data in transit and in storage. The science/ art is centuries old, and it started with ancient Roman ciphers. Today, cryptography has become quite sophisticated, and it forms a huge chunk of digital security research.

In this article, we’ll dive deeper into the technology and see how it relates to VPNs.

What is Cryptography?

The word “cryptography” was derived from two Greek words; kryptos, meaning hidden, and graphene, meaning writing. Essentially, it was a way of communicating in writing while at the same time concealing the message to increase secrecy. The art was born as the evolution of civilization led to the formation of tribes and kingdoms and eventually power/ supremacy battles and politics.

The first form of cryptography is associated with the Egyptian practice of hieroglyphs (Greek for “sacred words”) and is usually dated to about 1900 B.C. Hieroglyphic writing basically involved pictorial representations of words, which were then substituted to form a ciphertext.

The first known use of modern cryptography was by Julius Caesar (100 B.C. to 44 B.C.). The Roman general did not trust his messengers, so he created a cipher that could only be deciphered by his governors. The cipher, known today as the Caeser cipher, involved shifting three letters of the alphabet forward when encrypting. For example, A would become D after encryption, and D would become A after decryption.

Over time, the ciphers used were improved upon, and better encryption methods were invented. New mathematical techniques and concepts have also been invented, which has led to the creation of complex forms of cryptography.

Modern Day Cryptography

Today, cryptography is more of a science than an art. The best minds battle out trying to create more secure, faster, and lighter ciphers than the existing ones.

The cryptographic techniques used today still basically involve converting plain text to ciphertext using a cipher. To ensure maximum security, the cipher used is made as complex as possible to make decryption hard.

Why use Cryptography?

Modern-day cryptography aims to accomplish five primary goals:

• Privacy/ confidentiality: This is a way of ensuring that only the intended recipient can read the contents of a particular message.
• Authentication: This is the process of ensuring that the receiver’s identity matches that of the intended recipient. It’s basically a proof of identity.
• Integrity: This involves assuring the receiver that the original message has not been altered in any way.
• Non-repudiation: This is a mechanism of proving that the supposed sender sent the message.
• Key exchange: This is a method of sharing crypto keys securely between one party and another.

The cryptography techniques used vary depending on the intention, with most modern communications combining up to 3 cryptography techniques.

Types of Cryptographic Algorithms

There are three main types of cryptographic algorithms.

Secret Key Cryptography

Also known as symmetric encryption, secret key cryptography is an encryption technique that uses a single key for both encryption and description. To send a message, the sender uses a key to convert plaintext to ciphertext. This key is then shared securely with the recipient so that they can use it to decrypt the message.

The fact that the same key is used raises some concerns in the distribution as it has to remain private, hence the name secret.

Symmetric encryption schemes can be categorized into two:

• Stream ciphers: These ciphers break down a plaintext message into single bits before applying the keys.
• Block ciphers:  These ciphers break down a plaintext message into fixed-size blocks, such as 64-bit blocks or 128-bit blocks, before applying the keys.

Due to the nature of their operation, stream ciphers are more efficient when encrypting data of unknown size or continually flowing data, e.g., when streaming a video/ audio. On the other hand, block ciphers are more efficient when the size of the data is known, e.g., when encrypting a particular file.

Some popular, secret key algorithms include:

• Data Encryption Standard (DES)
• Advanced Encryption Standard (AES)
• Blowfish
• Rivest Ciphers (RC1 to RC6)
• Salsa and ChaCha
• Skipjack
• Tiny Encryption Algorithm (TEA)

The above ciphers are mostly used for providing privacy and confidentiality. AES is the highlight of the lot, and it’s the most recommended standard. The algorithm uses a variable block length and key length, allowing any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.

Public Key Cryptography

Also known as asymmetric encryption, public-key cryptography uses two mathematically related keys to encrypt and decrypt data. The technique relies on mathematical functions that are easy to compute, whereas the inverse function is relatively difficult to compute.

One of the keys used is private, while the other is public. The public key is available to anyone, and it is the key used to encrypt data. The other isn’t shared with anybody, and it is the key used to decrypt received messages.

Apart from privacy and confidentiality, public-key cryptography is also used for authentication and non-repudiation. For example, if person A wants to prove that person B sent the message, person B can encrypt a message using their private key. Person A can then decrypt it using person B’s public key. Person A will also not be able to deny that they sent the message (non-repudiation).

Popular public-key algorithms include:

• RSA (Rivest, Shamir, Adelman)
• Diffie-Hellman
• Digital Signature Algorithm (DSA)
• Elliptic Curve Cryptography (ECC)
• ElGamal
• Identity-Based Encryption (IBE)

The above algorithms are mostly used for the exchange of keys and digital signatures.

Hash Functions

Hash functions are also called message digests or one-way encryption techniques. As the latter suggests, these algorithms require no decryption, and they don’t use a key either. They operate by computing fixed-length hash values based on provided plaintext.

The point of hash functions is to act as an authenticator of sorts, and they are used to provide a digital fingerprint for a particular file. When data is converted into a hash value, this value is then checked against an original stored value of the same file. If the hash values match, the file is confirmed as unaltered. Each file has a unique hash value.

Popular hash functions include:

• Message Digest (M.D.) algorithms – MD2, MD4, & MD5
• Secure Hash Algorithm (SHA)
• RIPEMD
• HAVAL (HAsh of VAriable Length)
• The Skein Hash Function Family
• Whirlpool

All the above algorithms are used for ensuring data integrity since a change in the original text/ file results in a change in the hash value.

Cryptography & VPNs

Virtual Private Networks (VPNs) were developed to ensure the security of data being transmitted, and cryptography is the core part of that security. The services operate by encrypting user data and then transmitting it to a remote server through a secure tunnel. This server then decrypts the data and forwards user data to the internet.

The whole encryption process uses multiple algorithms from all three cryptographic types. 256-bit AES is the most recommended standard for data encryption, and most VPNs use it in a block cipher mode known as Cipher Block Chaining (CBC). This encryption mechanism is usually represented as AES-256-CBC.

RSA is the most common public-key cipher used in VPNs, and it is used in the control channel for the handshake process, while SHA-256 (hash function) is used for data authentication. Diffie Hellman Key Exchange (DHE) is then used to implement Perfect Forward Secrecy.

The encryption standards used vary per VPN, and they also depend on the protocol you choose. For example, while OpenVPN (the most recommended protocol) uses the above combinations, WireGuard (a newer, faster, and still secure protocol) uses a combination of Chacha20 for symmetric encryption, Poly1305 for authentication, and Curve25519 for ECDH. BLAKE2s is used for hashing, and HKDF is used for key derivation. NordVPN is one of the VPNs that have already implemented WireGuard.

It’s important to consider the security standards and protocols offered by a particular VPN as they determine the level of data security that you get.

Wrap up

Cryptography forms a key part of network security as it ensures that neither hackers nor government institutions can intercept the data you sent. A VPN can help you implement such security by encrypting your traffic to make it impossible for any third party to snoop, decipher, or intercept.

To help readers make a good decision, we usually review some of the best VPN services, so check out our VPN section for comparison. If you are not sure which way to go, ExpressVPN is a choice as good as any.