Introduction
Cryptographic algorithms are important for cybersecurity. Cryptographic algorithms are seen as something very complicated. This true in the sense that great mathematic skill is necessary to create cryptographic algorithms, but to understand how they are used in communication protocols may not be that complicated. This is like driving a car without understanding in detail how a car functions. In the following sections relevant cryptographic algorithm concepts are described.
Classes of cryptographic algorithms
There are two major classes of cryptographic algorithms:
- Symmetric algorithms, where the same cryptographic key used by the two communicating partners.
- Asymmetric algorithms, where have different, but related cryptographic keys are used by the two partners. One these keys is called private key that shall be kept secret and the other key one is called the public key.
Symmetric cryptographic algorithm
There symmetric cryptographic algorithm classes are:
- Hash algorithms. A hash function based on a hash algorithm converts an arbitrary bit string into a fixed length output called a digest. It is a one-way function. It is exceedingly difficult to find a bitstring that will hash to a presented hash digest. There are several different hash algorithms.
- Symmetric-key algorithms (or encryption algorithm). A symmetric-key algorithm specifies how a bit string is encrypted and decrypted using the same symmetric key. There are several different symmetric key algorithms. The advanced encryption standard (AES) is much used. It is available in three key sizes (128-, 192- and 256-bit key sizes). AES is considered unbreakable. Intruders will instead of breaking the encryption try to find the encryption key (it is easy to break into a house if you know the key is under the door mat). Efficient key management is essential for cybersecurity, but seldom mentioned. There are several symmetric key algorithms used in different part of the world. As an example, China uses an algorithm called SM4.
- Integrity check value (ICV) algorithms (or message authentication code (MAC) algorithms). An ICV is used to ensure integrity of transmitted messages and to provide some level of authentication. A sending entity will generate a ICV based on a symmetric key, the message to be sent and some form of hashing algorithm. The ICV is attached to message before sent. A receiving entity will verify the ICV, and the verification fails if the message has been changed during the transmission or the symmetric key used for the verification is different from the one used for ICV generation. When a verification succeeds, it indicates that the sender is in the position of the same symmetric key as the recipient providing some level of authentication and proves the message has not been changed. An ICV has much the same function as digital signature but requires less processing.
Asymmetric cryptographic algorithms
There asymmetric cryptographic algorithm classes are:
- Public-key algorithms. As discussed in section 2 above, in asymmetric cryptography the two partner in a communication have different but related cryptographic keys. One of partners has a private key and the other one is the public key. It part of a public-key algorithm how the two keys are generated. In several cases, but not all cases, the private key is generated as random bit string using a random number generator. The public key is then generated from the private using a one-way function that allows calculating the public key easily but the reverse process calculating the private key from the public-key is so difficult that is in praxis impossible with current computer technology.
Nogle public-key algorithms may be used for encryption and decryption. What is encrypted by one key of a key pair can be decrypted by the other key. Other public-key algorithms do not support encryption - Digital signature algorithms. The procedure for how a digital signature is created by one communicating entity and verified by the recipient entity is specified by digital signature algorithm. The algorithm determines the format of a digital signature algorithm. A digital signature algorithm typically requires a combination of public-key algorithm and a hash algorithm, but there are cases where a public-key algorithm alone is also digital signature algorithm.
- Key establishments methods (KEM):
- Key agreement algorithms: Key agreement algorithms: In key agreement the two partners exchange some information which in some way results in a shared secret even for an entity monitoring the information exchange. The so-called Diffie-Hellman method is widely used for this purpose.
- Key transport algorithms: One of the communication partners in key transport generates a symmetric key and in some way transport that key to its partner in a secure way. If the public-key algorithm supports encryption than the sender could just encrypt the key by using the recipient’s public key which the recipient can recover using its private key.