Cryptology is the art and science that deals with both cryptography and cryptanalysis. It used to be a branch of mathematics where only those from various law enforcement agencies and military powers would pursue it as a serious career, since it dealt mostly with the hiding of certain types of information, or with revealing others. Since ancient history it grew from multiple angles and adopted various other aspects to better protect itself, from linguistics to statistics, abstract algebra, combinatorics, number theories and so on.
Nowadays, it is widely spread among the IT community, more so in the cybersecurity arena. To understand cryptology we have to dive into its two main categories:
Cryptography represents the art and science of turning plain-text data into cipher-text data. Modern day cryptography is based on the notion that the algorithm itself is somewhat irrelevant and usually it is made public knowledge as long as the secret keys are kept private. There are two types of key-based encryption, symmetric algorithms and asymmetric.
Symmetric algorithms utilize the same key, both for encrypting and decrypting. This sometimes implies that the decryption key can be derived from the encryption key altogether. The algorithms are usually split into two categories: stream ciphers and block ciphers. Stream ciphers are capable of encrypting a single bit of plaintext at a time, while block ciphers take a number of bits (for example 64 bits), and they get encrypted as a single unit.
Plaintext -> (key/encryption) -> Ciphertext -> (key/decryption) -> Plaintext
Asymmetric algorithms are basically the exact opposite of the previous one, where each key is unique for both encryption and decryption. And the decryption key cannot be derived from the encryption key. These types of ciphers tend to act as the following: One user generates a public key and makes it available, all the while they keep the private key hidden. When the data is encrypted with the public key, you can only decrypt it by using the private key. This concept works both ways.
Examples of ciphers throughout history: Caesar Cipher, Playfair Cipher, Hill Cipher, Polyalphabetic Substitution, Vigenere Cipher.
An interesting and simple one that you can learn is the Kamasutra cipher. It is one of the oldest ciphers known. It involves randomly pairing letters from the alphabet and then substituting each letter in the plain-text message with its partner.
First stack: W Z V P O F D E A B R M Y
Second stack: N H G X K S I C J U T Q L
The key here is that each pairing (W & N for example) represent its counterpart. So if you are faced with an encrypted message such as "ekky", you can simply look up the letters that are paired up and decrypt the message. In this case, "e" is paired with "c", "k" is paired with "o" and "y" is paired with "l", which translated means "cool".
Terminology of words:
Cipher = The cipher is an algorithm that transforms intelligible messages into unintelligible ones by either transposition or substitution.
Key = The Key is an important piece of information passed down from the sender to the receiver in order to unlock the hidden message. (an example here would be the PGP key)
Encipher (encode) = Enciphering is the process of converting the plaintext to ciphertext
Decipher (decode) = Deciphering is the process of converting ciphertext back into plaintext
Code = The word "code" around here has a specific value and it means: an algorithm for transforming an intelligible message into an unintelligible one using a code-book
Steganography = Steganography is the art and science of concealing the existence of the message itself so that no one apart from the sender and receiver even knows the message exists
Cryptanalysis represents the art and science of turning cipher-text data into plain-text data. It is used to breach cryptographic systems and reach their content even without the knowledge of the crypto key. There are at least five main sections that best describe the types of attacks within cryptanalysis.
- Ciphertext-only attacks, where you just have access to the ciphertext. This type is rather hard to implement in more recent cryptosystems, since they are better protected.
- Known-plaintext attacks, where you have access to the ciphertext and a plaintext-ciphertext pair.
- Chosen-plaintext attacks, where you may choose a plaintext and learn its ciphertext in regards to how it was encrypted.
- Chosen-ciphertext attacks, the same as the previous one except that here you may pick ciphertexts and find out the appropriate plaintexts.
- Chosen-text attacks, where you have access to the plaintext and ciphertext, where the purpose of it is to find out the key.
Methods of code breaking:
In most languages letters are not equally common. In English for example, the letter "e" is the one most used alongside other tables of single, double of triple letter patterns. For example: A, B, C, D, E or TH, HE, IN, ER, RE, ON, AN, EN or THE, AND, TIO, ATI, FOR, THA, TER, RES, etc. So, when you have an encrypted message that has, let's say, an abundance of a certain type of character, we can guess that it's possible it might stand for "e". And if that's the case, then we can try to find a pattern of two or three groups of letters that have that letter and start replacing them with the ones we know. Z = e re = GZ res = GZQ, so if we have GZQYKZQQ, then we can simply replace them and get: resYKess. From that we can deduce that the word might be "restless", which would mean that Y stands for t and K for l. After that we can replace the others and see if this way of thinking is correct.
This is where it gets tricky. As the name states, it uses algorithms from numerical linear algebra to start up graphs and it determines the patterns used via rows and columns. Basically what we do here is split a certain equation and start attributing certain contexts to it until we reach a favorable answer. Now, there are some known algorithms out there, like the Jacobi method, Gauss-Seidel method that can be used.
Or also known as brute force search, it is the process of trying out all the possible candidates that would be used as the answer. This is a rather simple technique but can be time consuming when pressed by a certain size. It has a basic algorithm with four procedures: first, next, valid, output.
For example, let's use X as the encrypted data.
- first (X): generate a first candidate solution for X
- next (X, z): generate the next candidate for X after the current one z
- valid (X, z): check if the candidate z is a solution for X
- output (X, z): use the solution z of X as the answer for the encryption
In this situation, your script/program will need a function that will give out an error if there are no more candidates for X. You can also speed up the process by making certain restrictions to your search.
It is said to be the most powerful algorithm used to break substitution ciphers, although not much evidence has been put forward in recent time to prove it. It has however been tested and confirmed as being faster at breaking a transposition cipher compared to a brute force attack. How it's being done, is they use techniques such as the meta heuristic search. As a general concept, genetic algorithm is the method of solving problems to which no satisfactory or obvious solution exists. Instead it uses the idea of simulating (or emulating) the evolution of a species in nature, so the actions made here are roughly analogous towards aspects of real evolution.
Cryptology is one of the most important branches of information security, as it deals with both the encryption and decryption/breaking of data. It revolves around hiding important pieces of information, to acquiring them from various places. It is commonly a practice for spies in this digital age of ours, but it doesn't have to be exclusively for them, seeing as more and more people are concerned with their private data. Always be skeptical of the type of cryptography out there, as we have learned in recent years that even the RSA encryption ended up having a backdoor to it. When in doubt, create your own ciphers and learn from the mistakes of history if you want to better protect your intellectual property. Stay safe and good luck!