Cryptography for Dummies: Let’s Define the Terms
Why and who needs such an article?
This article presents the basic concepts that arise when talking about cryptography. We will try to explain them at a simple everyday level that is understandable to everyone.
Such an approach will certainly lead to some inaccuracies in wording, and we ask you to keep this in mind as you proceed with reading. However, it is always possible to understand something and clarify details if you know “where to dig.” Agree that it is much easier to search for information about a specific question than to try to navigate an abstract field of a completely new topic.
Who might find this interesting? For example:
managers and analysts for whom technical details are not important, but who need to understand what their developer colleagues are talking about
beginners who are about to dive into the world of cryptography
all the unfortunate people who have to listen to discussions about information security when meeting programmer friends
So, if after all the warnings and explanations you are still interested, we suggest moving on to the main point.
---
The Essence of the Article
What we will talk about:
Cryptography: what it is and why it is needed
Encryption: what types exist
Hashing: what the trick is
Message authentication codes: guarding integrity
Signatures: guarding integrity 2
Certificates: without paperwork you can’t… of course, be convincing
TLS/SSL: as an example of using everything mentioned above
---
Cryptography: What It Is and Why It Is Needed
Cryptography is the science of protecting information that solves the following tasks:
1. Confidentiality
Only those who are supposed to should be able to read your message; fraudsters should not understand it. It would not be very good if your passport number, which you sent to an airline to issue tickets to your dream destination, became known to someone who intercepted the message.
2. Data Integrity
The recipient must receive exactly the data that you sent. Fraudsters must not have the opportunity to change something in the transmitted message. Agree, it would be unpleasant if you sent your bank card details to receive lottery winnings and a fraudster replaced them with their own card details.
3. Authentication
The recipient must be sure that the message was sent by you. It would be a nightmare if someone other than you could give orders to a bank to transfer money from your account.
4. Non-repudiation
The sender must not have the ability to deny authorship of the message. It would be undesirable if an employer could contact the bank and say that they actually did not transfer your salary, that it was some mistake, and force the bank to recall the transferred money.
As can be seen from the examples, cryptography protects our personal data, finances, and privacy.
---
Encryption: What Types Exist
Encryption is the process of transforming the original data according to some algorithm in order to confuse it and make it unreadable to those who do not know the algorithm.
Encryption solves only the problem of confidentiality, but not the other three. That is, it is one of the components necessary for protecting information. Necessary, but not sufficient.
A brief digression: an interesting fact
According to open sources, the first encrypted messages date back to around 1900 BC and were discovered in Egypt and Mesopotamia. They used hieroglyphs with altered meanings.
Decryption is the reverse process of encryption — restoring the original data from the scrambled ones.
An encryption algorithm is a sequence of steps that transforms data. It takes a key and the original message as input and produces an encrypted message — ciphertext.
A key is secret information that determines exactly how the data will be encrypted. It is usually a string of bits.
If you encrypt the original message twice using the same encryption algorithm but two different keys, you will get two different ciphertexts. At the same time, if the key is the same in both cases, the two resulting ciphertexts will also be the same.
Keys are used both for encryption and for decryption.
---
A brief digression: a simple example
The most famous example is the Caesar cipher, invented, as the name suggests, by Julius Caesar.
Its idea is to shift letters forward in the alphabet by a certain step.
In this case, “shifting letters” is the encryption algorithm, and the “specific step” is the key.
For example, with a step (key) of 3 in the original message the letter P should be replaced with T.
So:
ПРИВЕТ → ТУЛЗИХ
If we take step (key) 1:
ПРИВЕТ → РСЙГЁУ
For fun you can try to decrypt the following ciphertext with key 3:
ЖСУСЁЦ РФЛОЛХ ЛЖЦЩЛМ
---
Symmetric Encryption
A symmetric encryption algorithm is an algorithm where the same key is used for both encryption and decryption.
Such algorithms are considered reliable and fast, and they are used to encrypt large texts.
If you see abbreviations such as AES, DES (obsolete), ChaCha20, know that these are names of symmetric encryption algorithms.
When using symmetric algorithms, the sender and receiver must agree in advance on which key they will use. It is also important to keep it secret from outsiders.
There is a problem: some algorithms (AES, DES) can produce ciphertext that resembles the original message in structure. Looking at it, one may guess something about the original content.
A classic illustration of this problem is the ECB penguin.
To solve this problem, encryption modes were invented.
An encryption mode is an algorithm that transforms the original data in order to prepare it for encryption.
It takes the original message and an initialization vector (IV) as input.
The initialization vector is a secret code that determines how the data will be changed. It resembles a key but has several differences:
it changes with each encryption attempt
it is generated for each block separately
it is shorter than the key
If you see abbreviations like CBC, CTR, GCM, they refer to encryption modes.
For example:
AES-GCM means that the AES symmetric algorithm is used with the GCM encryption mode.
---
Asymmetric Encryption
An asymmetric encryption algorithm is an algorithm where different keys are used for encryption and decryption:
a public key for encryption
a private key for decryption
The private key must remain secret, while the public key is openly available.
Asymmetric algorithms work slower than symmetric ones, so they are not used for encrypting large texts.
The most common asymmetric algorithm is RSA.
The abbreviation ECC refers to elliptic curve cryptography algorithms such as ECDH and ECDSA.
Today there are many attacks capable of successfully decrypting ciphertext produced by asymmetric algorithms. To protect against such attacks, padding schemes were invented.
A padding scheme prepares the original message for encryption by adding random data.
Examples:
OAEP
PSS
For example:
RSA-OAEP
In practice, asymmetric encryption is mainly used for key exchange.
The key exchange problem is how to securely transfer a symmetric key between two parties over an insecure channel.
To combine the advantages of both methods, hybrid encryption is used:
1. asymmetric encryption is used to exchange keys
2. symmetric encryption is used to encrypt the actual data
---
Hashing: What the Trick Is
A hash function is a function that irreversibly transforms data into a string of seemingly random characters of fixed length.
The result is called a hash or digest.
Example:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Important properties:
Irreversibility — it is impossible to restore the original data from the hash
Determinism — the same input always produces the same hash
Uniqueness — even a small change in input changes the hash completely
Fixed length — the output length is always the same
Collision resistance
Hash functions are widely used, for example, for password storage.
Instead of storing passwords directly, systems store hashes of passwords.
However, attackers have collections of common passwords and their hashes called rainbow tables.
To mitigate this, salt is used.
Salt is additional data added to the input before hashing.
Examples of hash functions:
SHA-256
SHA-512
SHA-3
Keccak-256
BLAKE2
Argon2 (specialized for passwords)
---
Message Authentication Codes
A Message Authentication Code (MAC) is a mechanism for “sealing” a message.
It generates an authentication tag, which acts like a seal.
Examples:
HMAC
KMAC
CMAC-AES
Poly1305
MAC ensures data integrity.
---
Digital Signatures
A digital signature is the electronic equivalent of a handwritten signature.
To create a signature:
1. the message is hashed
2. the hash is encrypted with a private key
Examples:
RSA-PSS
ECDSA
Signatures ensure:
integrity
authentication
non-repudiation
---
Certificates
A certificate is a document that confirms that a public key belongs to a specific owner.
Examples of standards:
X.509
RFC 5280
Certificates are issued by Certification Authorities (CA).
Public Key Infrastructure (PKI) includes:
Certification Authority (CA)
Registration Authority (RA)
certificate storage and revocation lists (CRL)
Trust chains look like this:
Root CA → Intermediate CA → End-user certificate.
---
TLS/SSL: Example in Practice
TLS/SSL is a transport protocol that ensures secure communication on the Internet.
Originally the protocol was called SSL, later it evolved into TLS.
It works in two phases:
1. Handshake phase
The client and server:
negotiate algorithms
exchange keys
authenticate the server using certificates
2. Data transfer phase
Data is encrypted using symmetric encryption (for example AES-GCM) and protected with authentication tags.
For example, when you open a website like gmail.com, your browser performs the TLS handshake before sending your emails.
If a website does not have a certificate, browsers usually warn the user about reduced security.
Why and who needs such an article?
This article presents the basic concepts that arise when talking about cryptography. We will try to explain them at a simple everyday level that is understandable to everyone.
Such an approach will certainly lead to some inaccuracies in wording, and we ask you to keep this in mind as you proceed with reading. However, it is always possible to understand something and clarify details if you know “where to dig.” Agree that it is much easier to search for information about a specific question than to try to navigate an abstract field of a completely new topic.
Who might find this interesting? For example:
managers and analysts for whom technical details are not important, but who need to understand what their developer colleagues are talking about
beginners who are about to dive into the world of cryptography
all the unfortunate people who have to listen to discussions about information security when meeting programmer friends
So, if after all the warnings and explanations you are still interested, we suggest moving on to the main point.
---
The Essence of the Article
What we will talk about:
Cryptography: what it is and why it is needed
Encryption: what types exist
Hashing: what the trick is
Message authentication codes: guarding integrity
Signatures: guarding integrity 2
Certificates: without paperwork you can’t… of course, be convincing
TLS/SSL: as an example of using everything mentioned above
---
Cryptography: What It Is and Why It Is Needed
Cryptography is the science of protecting information that solves the following tasks:
1. Confidentiality
Only those who are supposed to should be able to read your message; fraudsters should not understand it. It would not be very good if your passport number, which you sent to an airline to issue tickets to your dream destination, became known to someone who intercepted the message.
2. Data Integrity
The recipient must receive exactly the data that you sent. Fraudsters must not have the opportunity to change something in the transmitted message. Agree, it would be unpleasant if you sent your bank card details to receive lottery winnings and a fraudster replaced them with their own card details.
3. Authentication
The recipient must be sure that the message was sent by you. It would be a nightmare if someone other than you could give orders to a bank to transfer money from your account.
4. Non-repudiation
The sender must not have the ability to deny authorship of the message. It would be undesirable if an employer could contact the bank and say that they actually did not transfer your salary, that it was some mistake, and force the bank to recall the transferred money.
As can be seen from the examples, cryptography protects our personal data, finances, and privacy.
---
Encryption: What Types Exist
Encryption is the process of transforming the original data according to some algorithm in order to confuse it and make it unreadable to those who do not know the algorithm.
Encryption solves only the problem of confidentiality, but not the other three. That is, it is one of the components necessary for protecting information. Necessary, but not sufficient.
A brief digression: an interesting fact
According to open sources, the first encrypted messages date back to around 1900 BC and were discovered in Egypt and Mesopotamia. They used hieroglyphs with altered meanings.
Decryption is the reverse process of encryption — restoring the original data from the scrambled ones.
An encryption algorithm is a sequence of steps that transforms data. It takes a key and the original message as input and produces an encrypted message — ciphertext.
A key is secret information that determines exactly how the data will be encrypted. It is usually a string of bits.
If you encrypt the original message twice using the same encryption algorithm but two different keys, you will get two different ciphertexts. At the same time, if the key is the same in both cases, the two resulting ciphertexts will also be the same.
Keys are used both for encryption and for decryption.
---
A brief digression: a simple example
The most famous example is the Caesar cipher, invented, as the name suggests, by Julius Caesar.
Its idea is to shift letters forward in the alphabet by a certain step.
In this case, “shifting letters” is the encryption algorithm, and the “specific step” is the key.
For example, with a step (key) of 3 in the original message the letter P should be replaced with T.
So:
ПРИВЕТ → ТУЛЗИХ
If we take step (key) 1:
ПРИВЕТ → РСЙГЁУ
For fun you can try to decrypt the following ciphertext with key 3:
ЖСУСЁЦ РФЛОЛХ ЛЖЦЩЛМ
---
Symmetric Encryption
A symmetric encryption algorithm is an algorithm where the same key is used for both encryption and decryption.
Such algorithms are considered reliable and fast, and they are used to encrypt large texts.
If you see abbreviations such as AES, DES (obsolete), ChaCha20, know that these are names of symmetric encryption algorithms.
When using symmetric algorithms, the sender and receiver must agree in advance on which key they will use. It is also important to keep it secret from outsiders.
There is a problem: some algorithms (AES, DES) can produce ciphertext that resembles the original message in structure. Looking at it, one may guess something about the original content.
A classic illustration of this problem is the ECB penguin.
To solve this problem, encryption modes were invented.
An encryption mode is an algorithm that transforms the original data in order to prepare it for encryption.
It takes the original message and an initialization vector (IV) as input.
The initialization vector is a secret code that determines how the data will be changed. It resembles a key but has several differences:
it changes with each encryption attempt
it is generated for each block separately
it is shorter than the key
If you see abbreviations like CBC, CTR, GCM, they refer to encryption modes.
For example:
AES-GCM means that the AES symmetric algorithm is used with the GCM encryption mode.
---
Asymmetric Encryption
An asymmetric encryption algorithm is an algorithm where different keys are used for encryption and decryption:
a public key for encryption
a private key for decryption
The private key must remain secret, while the public key is openly available.
Asymmetric algorithms work slower than symmetric ones, so they are not used for encrypting large texts.
The most common asymmetric algorithm is RSA.
The abbreviation ECC refers to elliptic curve cryptography algorithms such as ECDH and ECDSA.
Today there are many attacks capable of successfully decrypting ciphertext produced by asymmetric algorithms. To protect against such attacks, padding schemes were invented.
A padding scheme prepares the original message for encryption by adding random data.
Examples:
OAEP
PSS
For example:
RSA-OAEP
In practice, asymmetric encryption is mainly used for key exchange.
The key exchange problem is how to securely transfer a symmetric key between two parties over an insecure channel.
To combine the advantages of both methods, hybrid encryption is used:
1. asymmetric encryption is used to exchange keys
2. symmetric encryption is used to encrypt the actual data
---
Hashing: What the Trick Is
A hash function is a function that irreversibly transforms data into a string of seemingly random characters of fixed length.
The result is called a hash or digest.
Example:
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Important properties:
Irreversibility — it is impossible to restore the original data from the hash
Determinism — the same input always produces the same hash
Uniqueness — even a small change in input changes the hash completely
Fixed length — the output length is always the same
Collision resistance
Hash functions are widely used, for example, for password storage.
Instead of storing passwords directly, systems store hashes of passwords.
However, attackers have collections of common passwords and their hashes called rainbow tables.
To mitigate this, salt is used.
Salt is additional data added to the input before hashing.
Examples of hash functions:
SHA-256
SHA-512
SHA-3
Keccak-256
BLAKE2
Argon2 (specialized for passwords)
---
Message Authentication Codes
A Message Authentication Code (MAC) is a mechanism for “sealing” a message.
It generates an authentication tag, which acts like a seal.
Examples:
HMAC
KMAC
CMAC-AES
Poly1305
MAC ensures data integrity.
---
Digital Signatures
A digital signature is the electronic equivalent of a handwritten signature.
To create a signature:
1. the message is hashed
2. the hash is encrypted with a private key
Examples:
RSA-PSS
ECDSA
Signatures ensure:
integrity
authentication
non-repudiation
---
Certificates
A certificate is a document that confirms that a public key belongs to a specific owner.
Examples of standards:
X.509
RFC 5280
Certificates are issued by Certification Authorities (CA).
Public Key Infrastructure (PKI) includes:
Certification Authority (CA)
Registration Authority (RA)
certificate storage and revocation lists (CRL)
Trust chains look like this:
Root CA → Intermediate CA → End-user certificate.
---
TLS/SSL: Example in Practice
TLS/SSL is a transport protocol that ensures secure communication on the Internet.
Originally the protocol was called SSL, later it evolved into TLS.
It works in two phases:
1. Handshake phase
The client and server:
negotiate algorithms
exchange keys
authenticate the server using certificates
2. Data transfer phase
Data is encrypted using symmetric encryption (for example AES-GCM) and protected with authentication tags.
For example, when you open a website like gmail.com, your browser performs the TLS handshake before sending your emails.
If a website does not have a certificate, browsers usually warn the user about reduced security.
