So recently I got more into crypto. While screening my Feedly, I caught some crypto terms and because I will soon start an evolving journey to dig deeper into crypto, I wanted to share some basics for everyone who wants to join me while going deeper.

Let me break this down the way it finally clicked for me.

The Basics: What actually IS Cryptography?

When I want to learn a new topic, I always break it down into its fundamentals (Axiom-based learning) and for crypto what I've found is if you break it down it's the following:

A cryptographic algorithm is nothing more than a mathematical function that takes an input, does some math operation on it, and returns an output.

That's it. That's the whole game. (At least what i've understood – correct me if i'm wrong!)

The key is literally the most important thing to understand. If you understand the key, you can determine the output of the math function.

A simple but often used example for its simplicity is: ROT13 – by knowing that this function moves each character 13 places (13 is the key), you can now "decrypt" the encrypted text by reversing every character 13 letters back.

For example:

Original: H E L L O
ROT13:
(H) -> U
(E) -> R
(L) -> Y
(L) -> Y
(O) -> B

Each letter shifted 13 positions

Rule of thumb: The longer the key, the stronger the encryption.

Stage 1: Cryptographic Dichotomy

Every encryption cipher falls into one of two categories:

Symmetric (1 Key)

- One key to encrypt AND decrypt data
- Think of it like a physical lock: same key locks and unlocks

Asymmetric (2 Keys)

- Two different keys: one to encrypt, another to decrypt
- Examples: Diffie-Hellman, RSA, ECC

Stage 2: Processing Data, Stream vs. Cipher

Once you know if you're using symmetric or asymmetric, the next question is: how do you go through the data?

Stream Cipher (Bit-by-Bit)

The core operation: Keystream -> XOR -> Plaintext = Ciphertext

Let me show you how XOR works because this is crucial:

0 XOR 0 = 0
1 XOR 0 = 1
0 XOR 1 = 1
1 XOR 1 = 0

Rule: If bits are different → 1, if same → 0

Here's the actual process:

You have a character like 'A', in binary: `01000001`
A keystream gets generated: `10101011`
Then you XOR them bit by bit:

How keystream generation and finally getting your ciphertext works:

Important: The key itself is NOT encrypted! It stays secret and is only used as a SEED.

Block Cipher (Fixed-Size Chunks)

Processes data in fixed blocks (like 128 bits at a time).

Pros:

- Can process multiple blocks in PARALLEL
- Fast for large amounts of data

Cons:

- Creates latency overhead
- Needs padding if data doesn't fit perfectly into blocks

Important distinction: Both stream and block ciphers are SYMMETRIC (using 1 key)!

The Block Cipher Overview:

Let me quickly run through the main players:

• DES – 64-bit blocks (old, outdated)
• Triple DES – Uses three keys to encrypt, decrypt, then encrypt again
• AES – The modern standard.
• Blowfish
• Twofish

Stage 3: Asymmetric Encryption

This is where i got more curious. Asymmetric uses TWO keys:

- A Public Key: Open for everybody to see
- A Private Key: Your secret, never shared

The Question i asked myself:

"Wait, could someone just derive the private key from the public key?"

NO! Here's why:

Private key (n) = p × q
(where p and q are HUGE prime numbers)

To find n, you'd need to factor it back into p and q.
That's computationally impossible for large enough numbers.

This is called a one-way function. Easy to multiply, insanely hard to reverse.

How It Actually Works

For Encryption:

1. I encrypt with YOUR public key
2. Only YOU (with your private key) can decrypt it

For Digital Signatures (reverse operation):

1. I sign with MY private key
2. Anyone with my public key can verify it's really from me

The main asymmetric algorithms:

1. Diffie-Hellman – Mostly for key exchange (like VPN tunnels)
2. RSA – Factoring large primes (1024-4096 bits)
3. ECC – Elliptic curves, mostly used for mobile

Which one to use now?

Here's the thing: asymmetric encryption is SLOW. So in practice, nobody uses it for bulk data.

What most are doing is:

- Asymmetric for key exchange
- Symmetric for data encryption

Stage 4: Digital Signature - Proving the message is from you!

Ok, I thought to myself now everybody understands how to secure files and so on, but how can we verify if the data we receive is actually from our dear friend? So here comes the term digital signature or digital footprint as some would call it.

While encryption provides secrecy, digital signatures provide authenticity and integrity.

The key difference:

- Encryption: Public key encrypts → Private key decrypts
- Signatures: Private key signs → Public key verifies (reversed!)

How it works:

SIGNING (by sender):
1. Hash the message (e.g., SHA-256) - (Our Hash digest)
2. Encrypt hash digest with private key

VERIFYING (by receiver):
1. Decrypt signature with sender's public key
2. This decryption reveals original hash
3. Create new hash from received document
4. Compare both hashes
5. If hashes matches – Document is really from sender!

What this proves?

- Authenticity: Only the private key owner could create this signature
- Integrity: Any change to the message breaks the signature
- Non-repudiation: You can't deny you signed it

Ok, before we end the blog I just want to give a quick overview about hashing because I hear a lot of people are confusing the terms...

Stage 5: Hashing Deep Dive

A hash is a one-way cryptographic function (can't be reversed like encryption) that takes any input length and produces a fixed-length, unique output (hash digest)

Key properties:

- Output length is always the same (1 word or 10k words)
- Same input → Always same output
- Different input → Different output (ideally)

Why is it used: Digital fingerprint to verify file integrity.

The Hashing Algorithms

MD5 – 128-bit digest (vulnerable)
SHA family – SHA-256, SHA-512 (widely used)
RIPEMD
HMAC

Hashing Attacks You Should Know

Pass-the-Hash Attack: Attacker uses the hash itself instead of the password to authenticate

Birthday Attack: Finding two messages with the same hash (hash collision - will explain it later)

Dictionary Attack: Try every word from a predefined list

Rainbow Tables: Pre-computed tables for reversing hashes

Mitigation Techniques

Salting: Add random data to the hash. If two users have the same password, their hashes will differ. (Mitigation against Hash Collision Attacks)

User 1: password = "11223344qw"
User 2: password = "11223344qw"

---

WITHOUT SALT:
User 1 hash: e001260fc412b021c18460422c073e78
User 2 hash: e001260fc412b021c18460422c073e78
→ Identical!

So in order to get rid of this we use the salting method:

WITH SALT:

User 1: "11223344qw" + "f8a3b2c1" (random salt)
→ hash: 444dcef6128d495fb27277a578d2e251
User 2: "123456" + "9d2e1a7f" (different salt)
→ hash: bd26e22cb8de7c70f5b1aafec1cdef22

Nonce: "Number used once" – unique random number added to authentication

Rate limiting: Restrict login attempts

Hash Collisions

As already mentioned, there is a vulnerability here. Is it possible that two different inputs produce the same hash? Some would say no, but unfortunately that's the case...

Researchers found out that the MD5 hash could produce the same hash even if the inputs are different, and the problem was the short key length.

Why is this catastrophic?

Let's say I'm an attacker:

1. You sign a legit document
2. I create a malicious document with the SAME hash
3. Your signature is now valid for my malicious document too!
4. Game over.

So hash collisions do exist (e.g., in MD5 and SHA-1), but they can be avoided by using a stronger algorithm such as SHA-256.

Why Is It Important To Understand Cryptography

I hope that helped you get a basic understanding of crypto. Now, someone might say, “Why should I learn this? There’s math in it 😜” But these concepts and problems actually come from real life. I recently read an interesting article about how to achieve trust in decentralized systems and the Byzantine Generals Problem – and how it was actually solved through cryptography… but that’s a whole other topic for next time!