INTRODUCTION

Cryptography comes from Greek word kryptos, meaning

"hidden or secret"; and gráphin means "writing".
Cryptography is the practice and study of hiding information.
Modern cryptography intersects the disciplines of mathematics,
computer science, and electrical engineering. Applications of
cryptography include ATM cards, computer passwords, and
electronic commerce.

Cryptology prior to the modern age was almost

synonymous with encryption, the conversion of information
from a readable state to apparent gibberish. The sender retained
the ability to decrypt the information and therefore avoid
unwanted persons being able to read it. Since First World War
and the advent of the computer, the methods used to carry out
cryptology have become increasingly complex and its
application more widespread.
Modern cryptography follows a strongly scientific
approach, and designs cryptographic algorithms around
computational hardness assumptions that are assumed hard to
break by an adversary. Such systems are not unbreakable in
theory but it is infeasible to do so for any practical adversary.
Information-theoretically secure schemes that provably cannot
be broken exist but they are less practical than computationally-
secure mechanisms. An example of such systems is the one-time
pad. Alongside the advancement in cryptology-related
technology, the practice has raised a number of legal issues,
some of which remain unresolved.
Until modern times cryptography referred almost
exclusively to encryption, which is the process of converting
ordinary information (called plaintext) into unintelligible
gibberish (called ciphertext). Decryption is the reverse, in other
words, moving from the unintelligible ciphertext back to
plaintext. A cipher (or cypher) is a pair of algorithms that create
the encryption and the reversing decryption. The detailed
operation of a cipher is controlled both by the algorithm and in
each instance by a key. This is a secret parameter (ideally known
only to the communicants) for a specific message exchange
context.

A "cryptosystem" is the ordered list of elements of finite

possible plaintexts, finite possible cyphertexts, finite possible
keys, and the encryption and decryption algorithms which
correspond to each key. Keys are important, as ciphers without
variable keys can be trivially broken with only the knowledge of
the cipher used and are therefore useless (or even counter-
productive) for most purposes. Historically, ciphers were often
used directly for encryption or decryption without additional
procedures such as authentication or integrity checks.
In colloquial use, the term "code" is often used to mean any
method of encryption or concealment of meaning. However, in
cryptography, code has a more specific meaning. It means the
replacement of a unit of plaintext (i.e., a meaningful word or
phrase) with a code word (for example, wallaby replaces attack
at dawn). Codes are no longer used in serious cryptography—
except incidentally for such things as unit designations (e.g.,
Bronco Flight or Operation Overlord)—since properly chosen
ciphers are both more practical and more secure than even the
best codes and also are better adapted to computers.
Cryptanalysis is the term used for the study of methods for
obtaining the meaning of encrypted information without access
to the key normally required to do so; i.e., it is the study of how
to crack encryption algorithms or their implementations.
Some use the terms cryptography and cryptology
interchangeably in English, while others (including US military
practice generally) use cryptography to refer specifically to the
use and practice of cryptographic techniques and cryptology to
refer to the combined study of cryptography and cryptanalysis.
English is more flexible than several other languages in which
cryptology (done by cryptologists) is always used in the second
sense above.
The study of characteristics of languages which have some
application in cryptography (or cryptology), i.e. frequency data,
letter combinations, universal patterns, etc., is called
cryptolinguistics.
 HISTORY
Before the modern era, cryptography was concerned solely
with message confidentiality (i.e., encryption)—conversion of
messages from a comprehensible form into an incomprehensible
one and back again at the other end, rendering it unreadable by
interceptors or eavesdroppers without secret knowledge (namely
the key needed for decryption of that message). Encryption was
used to (attempt to) ensure secrecy in communications, such as
those of spies, military leaders, and diplomats. In recent
decades, the field has expanded beyond confidentiality concerns
to include techniques for message integrity checking,
sender/receiver identity authentication, digital signatures,
interactive proofs and secure computation, among others.

CLASSIC CRYPTOGRAPHY:
The earliest forms of secret writing required little more
than local pen and paper analogs, as most people could not read.
More literacy, or literate opponents, required actual
cryptography. The main classical cipher types are transposition
ciphers, which rearrange the order of letters in a message (e.g.,
'hello world' becomes 'ehlol owrdl' in a trivially simple
rearrangement scheme), and substitution ciphers, which
systematically replace letters or groups of letters with other
letters or groups of letters (e.g., 'fly at once' becomes 'gmz bu
podf' by replacing each letter with the one following it in the
Latin alphabet). Simple versions of either have never offered
much confidentiality from enterprising opponents.
 An early substitution cipher was the Caesar cipher, in
which each letter in the plaintext was replaced by a letter some
fixed number of positions further down the alphabet. It was
named after Julius Caesar who is reported to have used it, with
a shift of 3, to communicate with his generals during his military
campaigns, just like EXCESS-3 code in boolean algebra. There
is record of several early Hebrew ciphers as well. The earliest
known use of cryptography is some carved ciphertext on stone
in Egypt (ca 1900 BC), but this may have been done for the
amusement of literate observers. The next oldest is bakery
recipes from Mesopotamia. Cryptography is recommended in
the books as a way for lovers to communicate without
inconvenient discovery.
The Greeks of Classical times are said to have known of
ciphers (e.g., the scytale transposition cipher claimed to have
been used by the Spartan military). Steganography (i.e., hiding
even the existence of a message so as to keep it confidential)
was also first developed in ancient times. An early example,
from Herodotus, concealed a message—a tattoo on a slave's
shaved head—under the regrown hair. Another Greek method
was developed by Polybius (now called the "Polybius Square").
More modern examples of steganography include the use of
invisible ink, microdots, and digital watermarks to conceal
information.
Ciphertexts produced by a classical cipher (and some
modern ciphers) always reveal statistical information about the
plaintext, which can often be used to break them. After the
discovery of frequency analysis perhaps by the Arab
mathematician and polymath, Al-Kindi (also known as
Alkindus), in the 9th century, nearly all such ciphers became
more or less readily breakable by any informed attacker. Such
classical ciphers still enjoy popularity today, though mostly as
puzzles (see cryptogram). Al-Kindi wrote a book on
cryptography entitled Risalah fi Istikhraj al-Mu'amma
(Manuscript for the Deciphering Cryptographic Messages), in
which described the first cryptanalysis techniques.

Essentially all ciphers remained vulnerable to cryptanalysis

using the frequency analysis technique until the development of
the polyalphabetic cipher, most clearly by Leon Battista Alberti
around the year 1467, though there is some indication that it was
already known to Al-Kindi. Alberti's innovation was to use
different ciphers (i.e., substitution alphabets) for various parts of
a message (perhaps for each successive plaintext letter at the
limit). He also invented what was probably the first automatic
cipher device, a wheel which implemented a partial realization
of his invention. In the polyalphabetic Vigenère cipher,
encryption uses a key word, which controls letter substitution
depending on which letter of the key word is used. In the mid-
19th century Charles Babbage showed that polyalphabetic
ciphers of this type remained partially vulnerable to extended
frequency analysis techniques.
 Although frequency analysis is a powerful and general
technique against many ciphers, encryption has still been often
effective in practice; many a would-be cryptanalyst was unaware
of the technique. Breaking a message without using frequency
analysis essentially required knowledge of the cipher used and
perhaps of the key involved, thus making espionage, bribery,
burglary, defection, etc., more attractive approaches to the
cryptanalytically uninformed. It was finally explicitly
recognized in the 19th century that secrecy of a cipher's
algorithm is not a sensible or practical safeguard of message
security; in fact, it was further realized that any adequate
cryptographic scheme (including ciphers) should remain secure
even if the adversary fully understands the cipher algorithm
itself. Security of the key used should alone be sufficient for a
good cipher to maintain confidentiality under an attack. This
fundamental principle was first explicitly stated in 1883 by
Auguste Kerckhoffs and is generally called Kerckhoffs'
principle; alternatively and more bluntly, it was restated by
Claude Shannon, the inventor of information theory and the
fundamentals of theoretical cryptography, as Shannon's Maxim
—'the enemy knows the system'.
Different physical devices and aids have been used to assist
with ciphers. One of the earliest may have been the scytale of
ancient Greece, a rod supposedly used by the Spartans as an aid
for a transposition cipher. In medieval times, other aids were
invented such as the cipher grille, which was also used for a
kind of steganography. With the invention of polyalphabetic
ciphers came more sophisticated aids such as Alberti's own
cipher disk, Johannes Trithemius' tabula recta scheme, and
Thomas Jefferson's multi-cylinder. Many mechanical
encryption/decryption devices were invented early in the 20th
century, and several patented, among them rotor machines—
famously including the Enigma machine used by the German
government and military from the late '20s and during World
War II. The ciphers implemented by better quality examples of
these machine designs brought about a substantial increase
cryptanalytic difficulty after WWI.

Fig: Enigma Machine

THE COMPUTER ERA:

The development of digital computers and electronics after
World War II made possible much more complex ciphers.
Furthermore, computers allowed for the encryption of any kind
of data representable in any binary format, unlike classical
ciphers which only encrypted written language texts; this was
new and significant. Computer use has thus supplanted linguistic
cryptography, both for cipher design and cryptanalysis. Many
computer ciphers can be characterized by their operation on
binary bit sequences (sometimes in groups or blocks), unlike
classical and mechanical schemes, which generally manipulate
traditional characters (i.e., letters and digits) directly.
 However, computers have also assisted cryptanalysis,
which has compensated to some extent for increased cipher
complexity. Nonetheless, good modern ciphers have stayed
ahead of cryptanalysis; it is typically the case that use of a
quality cipher is very efficient (i.e., fast and requiring few
resources, such as memory or CPU capability), while breaking it
requires an effort many orders of magnitude larger, and vastly
larger than that required for any classical cipher, making
cryptanalysis so inefficient and impractical as to be effectively
impossible. Alternate methods of attack (bribery, burglary,
threat, torture, ...) have become more attractive in consequence.
Credit card with smart-card capabilities. The 3-by-5-mm
chip embedded in the card is shown, enlarged. Smart cards
combine low cost and portability with the power to compute
cryptographic algorithms.

Extensive open academic research into cryptography is

relatively recent; it began only in the mid-1970s. In recent times,
IBM personnel designed the algorithm that became the Federal
(i.e., US) Data Encryption Standard; Whitfield Diffie and
Martin Hellman published their key agreement algorithm known
as Diffie-Hellman algorithm; and the RSA algorithm was
published in Martin Gardner's Scientific American column.
Since then, cryptography has become a widely used tool in
communications, computer networks, and computer security
generally. Some modern cryptographic techniques can only keep
their keys secret if certain mathematical problems are
intractable, such as the integer factorization or the discrete
logarithm problems, so there are deep connections with abstract
mathematics. There are no absolute proofs that a cryptographic
technique is secure (but see one-time pad); at best, there are
proofs that some techniques are secure if some computational
problem is difficult to solve, or this or that assumption about
implementation or practical use is met.
As well as being aware of cryptographic history,
cryptographic algorithm and system designers must also
sensibly consider probable future developments while working
on their designs. For instance, continuous improvements in
computer processing power have increased the scope of brute-
force attacks, thus when specifying key lengths, the required
key lengths are similarly advancing. The potential effects of
quantum computing are already being considered by some
cryptographic system designers; the announced imminence of
small implementations of these machines may be making the
need for this preemptive caution rather more than merely
speculative.
Essentially, prior to the early 20th century, cryptography
was chiefly concerned with linguistic and lexicographic
patterns. Since then the emphasis has shifted, and cryptography
now makes extensive use of mathematics, including aspects of
information theory, computational complexity, statistics,
combinatorics, abstract algebra, number theory, and finite
mathematics generally. Cryptography is, also, a branch of
engineering, but an unusual one as it deals with active,
intelligent, and malevolent opposition (see cryptographic
engineering and security engineering); other kinds of
engineering (e.g., civil or chemical engineering) need deal only
with neutral natural forces. There is also active research
examining the relationship between cryptographic problems and
quantum physics (see quantum cryptography and quantum
computing).
 A PROJECT
REPORT
ON

CRYPTOGRAP
HY
Where Complexity Finally Comes In
Handy….

HIMANSHU BAJORIA
B.E.E -IV
ROLL- 000710801059
 CRYPTOGRAPHY
SERVICES
Any new design of Cryptographic technique must
accomplish the above requisites. Cryptography not only protects
data from theft or alteration, but can also be used for user
authentication.
Hence, the various security requirements for a Cryptographic
technique including:

Authentication: The process of proving one's identity.

(The primary forms of host-to-host authentication on the
Internet today are name-based or address-based, both of
which are notoriously weak.)

Privacy/confidentiality: Ensuring that no one can read the

message except the intended receiver.

Integrity: Assuring the receiver that the received message

has not been altered in any way from the original.

Non-repudiation: A mechanism to prove that the sender

really sent this message.

Access-control: A method in which the access to

unauthorized users is prohibited, i.e. only the authorized
user can have access to its documents.
Availability: This method guarantees that the system
services are always available when needed.

Security-Audit: With the help of this mechanism a record

of all the previous transactions are kept which may provide
useful information at a later stage.

Key-Management: This method allows negotiating, as

well as setup and maintaining keys between the
communicating entities.
 ATTACKS
According to the cryptanalyst Kent, there are many ways in
which the personal information shared between two peoples can
be interrupted with. Here an intermediate person, known as an
attacker, has an access to the information being transferred
called as passive attacker, and can even change the information
being exchanged with the help of some technology and is called
as an active attacker.

PASSIVE ATTACKS:

This kind of attacks is generally carried by a passive intruder

who only has an access to the information or message being
exchanged. Considering the trivial case of Bob and Alice where
Bob wants to send a message to Alice. Here the intruder has
access to the contents only i.e. he can read the message but
cannot tamper with it. So due to the inability to create any
changes the intruder is called as a passive attacker.

ACTIVE ATTACKS:

This kind of attacks is generally carried by an active intruder

who not only has an access to the information or message being
exchanged but can also tamper or manipulate the message being
exchanged. So due to the ability to create any changes the
intruder is called as an active attacker.
Some other types of attack can also be considered such as:

CIPHERTEXT ONLY ATTACK:

This is the situation where the attacker does not know anything
about the contents of the message, and must work from
ciphertext only. In practice it is quite often possible to make
guesses about the plaintext, as many types of messages have
fixed format headers. Even ordinary letters and documents begin
in a very predictable way. It may also be possible to guess that
some ciphertext block contains a common word.

KNOWN PLAINTEXT ATTACK:

The attacker knows or can guess the plaintext for some parts of
the ciphertext. The task is to decrypt the rest of the ciphertext
blocks using this information. This may be done by determining
the key used to encrypt the data, or via some shortcut.

CHOSEN PLAINTEXT ATTACK:

The attacker is able to have any text he likes encrypted with the
unknown key. The task is to determine the key used for
encryption. Some encryption methods, particularly RSA, are
extremely vulnerable to chosen-plaintext attacks. When such
algorithms are used, extreme care must be taken to design the
entire system so that an attacker can never have chosen plaintext
encrypted.
 CIPHER
A cipher is an algorithm for performing encryption or
decryption using a series of well-defined steps that can be
followed as a procedure.
For a cipher to be of practical value:
1. It must be difficult to be broken by enemy cryptanalyst.
2. It must be easy to encrypt decrypt with knowledge of secret
key.

Data that can be read and understood without any special

measures is called plaintext or clear text. The method of
disguising plaintext in such a way as to hide its substance is
called encryption. Encrypting plaintext results in unreadable
gibberish called cipher text. You use encryption to make sure
that information is hidden from anyone for whom it is not
intended, even those who can see the encrypted data. The
process of reverting ciphertext to its original plaintext is called
decryption.

CLASSICAL CIPHER
 Historical pen and paper ciphers used in the past are
sometimes known as classical ciphers. They include simple
substitution ciphers or Caesar’s cipher and transposition
ciphers. For example “GOOD DOG” can be encrypted as
“PLLX XLP” where “L” substitutes for “O”, “P” for “G”, and
“X” for “D” in the message. Transposition of the letters “GOOD
DOG” can result in “DGOGDOO”. Julius Caesar used to
substitute each alphabet key characters down or up accordingly
and where the key used by him was 3.

Figure: Caesar Cipher

These simple ciphers and examples are easy to crack, even
without plaintext-ciphertext pairs. Simple ciphers were replaced
by polyalphabetic substitution ciphers which changed the
substitution alphabet for every letter. For example “GOOD
DOG” can be encrypted as “PLSX TWF” where “L”, “S”, and
“W” substitute for “O”. With even a small amount of known or
estimated plaintext, simple polyalphabetic substitution ciphers
and letter transposition ciphers designed for pen and paper
encryption are easy to crack. Another advancement in the theory
was the transposition cipher where the characters retain their
plaintext form but change their positions to create the cipher
text. Here the text is organized into two dimensional tables, and
the rows and columns are interchanged according to a key.
Consider the plaintext “attackatxdawn” and the ciphertext
obtained using the transposition algorithm is
“xtawxnattxadakc” as shown in the figure below. In the
following example the rows 1-5 and columns 1-3 are permutated
to give new set of rows (3,5,1,4,2) and columns (1,3,2).


Figure: Double Transposition

MODERN CIPHER
In cryptography several new ways of encrypting the message
was further devised. These algorithms were a bit more
complicated than the previous classical ciphers. Generally
modern ciphers are classified according to their input size based
or key based.
INPUT BASED CIPHERS:
The most common input size based ciphers are block cipher
and stream cipher and are described as follows.

BLOCK CIPHER:
In cryptography, a block cipher is a symmetric key cipher
operating on fixed-length groups of bits, called blocks, with an
unvarying transformation. A block cipher encryption algorithm
might take (for example) a 128-bit block of plaintext as input,
and output a corresponding 128-bit block of ciphertext. The
exact transformation is controlled using a second input — the
secret key. Decryption is similar: the decryption algorithm takes,
in this example, a 128-bit block of ciphertext together with the
secret key, and yields the original 128-bit block of plaintext.

A message longer than the block size (128 bits in the above
example) can still be encrypted with a block cipher by breaking
the message into blocks and encrypting each block individually.
However, in this method all blocks are encrypted with the same
key, which degrades security (because each repetition in the
plaintext becomes a repetition in the ciphertext). To overcome
this issue, modes of operation are used to make encryption
probabilistic.

STREAM CIPHER:
In cryptography, a stream cipher is a symmetric key cipher
where plaintext bits are combined with a pseudorandom cipher
bit stream (key stream), typically by an exclusive-or (xor)
operation. In a stream cipher the plaintext digits are encrypted
one at a time, and the transformation of successive digits varies
during the encryption. An alternative name is a state cipher, as
the encryption of each digit is dependent on the current state. In
practice, the digits are typically single bits or bytes.

Stream ciphers represent a different approach to symmetric

encryption from block ciphers. Block ciphers operate on large
blocks of digits with a fixed, unvarying transformation. This
distinction is not always clear-cut: in some modes of operation,
a block cipher primitive is used in such a way that it acts
effectively as a stream cipher. Stream ciphers typically execute
at a higher speed than block ciphers and have lower hardware
complexity. However, stream ciphers can be susceptible to
serious security problems if used incorrectly: see stream cipher
attacks — in particular, the same starting state must never be
used twice.

KEY BASED CIPHER:

Apart from the block and stream ciphers a more enhanced
methods were developed involving the usage of a public and
private key. The most widely used amongst them are described
as follows.
SYMMETRIC KEY CRYPTOGRAPHY:
With secret key cryptography, a single key is used for both
encryption and decryption. As shown in figure, the sender uses
the key (or some set of rules) to encrypt the plaintext and sends
the cipher text to the receiver. The receiver applies the same key
(or rule set) to decrypt the message and recover the plaintext.
Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption. Secret key
cryptography schemes are generally categorized as being either
stream ciphers or block ciphers. Stream ciphers operate on a
single bit (byte or computer word) at a time and implement
some form of feedback mechanism so that the key is constantly
changing. A block cipher is so called because the scheme
encrypts one block of data at a time using the same key on each
block. In general, the same plaintext block will always encrypt
to the same cipher text when using the same key in a block
cipher whereas the same plaintext will encrypt to different
cipher text in a stream cipher.

Figure: Symmetric Key Cryptography

It can be seen that symmetric key cryptography requires less
time to encrypt a message so its efficiency is high but on the
other hand it must also be noted that each pair of users must
have a unique key, so N users need N(N-1)/2 keys. As a result
the key distribution becomes difficult.
The most commonly used algorithms in symmetric key
cryptography to encrypt the message are:
• DES (Data Encryption Standard) and derivatives:
double DES and triple DES
• IDEA (International Data Encryption Algorithm)
• Blowfish
• RC5 (Rivest Cipher #5)
• AES (Advance Encryption Standard)

PUBLIC KEY CRYPTOGRAPHY:

Public-key cryptography has been said to be the most
significant new development in secure communication over a
non-secure communications channel without having to share a
secret key. Public Key Cryptography or Asymmetric
cryptography provides the same message security guarantees as
symmetric cryptography, but additionally provides the non-
repudiation guarantee. ‘Asymmetric’ refers to the fact that
different keys are used for encryption and decryption. One key
is kept secret (‘secret key’) and the other is made public (‘public
key’), and are both unique. The recipient’s public key should be
used during the encryption process to ensure message
confidentiality as only the recipient has the necessary secret key
to decrypt the message. If, however, the message is encrypted
using the sender’s private key the sender cannot deny sending
the message as his private key is unique and is only known to
him. Asymmetric cryptography is extremely powerful, but this
comes at a cost. Especially for longer messages and keys, it is
much slower than its symmetric cryptography counterparts. This
is due in part to the fact that, in order to achieve comparable
security, asymmetric keys are generally around an order of
magnitude longer than symmetric keys.

Figure: Public Key Encryption

Typically used asymmetric key algorithm includes:
• RSA (Rivest, Shamir, Adleman)
• DH (Diffie-Hellman Key Agreement Algorithm)
• ECDH (Elliptic Curve Diffie-Hellman Key Agreement
Algorithm)
 • RPK (Raike Public Key)

HASH FUNCTIONS:
The system described above has some problems. It is slow,
and it produces an enormous volume of data—at least double the
size of the original information. An improvement on the above
scheme is the addition of a one-way hash function in the
process. A one-way hash function takes variable-length input in
this case, a message of any length, even thousands or millions of
bits—and produces a fixed-length output; say, 160 bits.
 The hash function ensures that, if the information is changed
in any way—even by just one bit—an entirely different output
value is produced. PGP uses a cryptographically strong hash
function on the plaintext the user is signing. This generates a
fixed-length data item known as a message digest. Then PGP
uses the digest and the private key to create the “signature.”
PGP transmits the signature and the plaintext together. Upon
receipt of the message, the recipient uses PGP to recompute the
digest, thus verifying the signature. PGP can encrypt the
plaintext or not; signing plaintext is useful if some of the
recipients are not interested in or capable of verifying the
signature. As long as a secure hash function is used, there is no
way to take someone’s signature from one document and attach
it to another, or to alter a signed message in any way. The
slightest change to a signed document will cause the digital
signature verification process to fail. Digital signatures play a
major role in authenticating and validating the keys of other
PGP users.
 ENCRYPTION MODES
The ciphers in use are generally following these four encryption
modes:
ELECTRONIC CODEBOOK (EBC):
Electronic Codebook (ECB) mode is the simplest, most
obvious application: the secret key is used to encrypt the
plaintext block to form a cipher text block. Two identical
plaintext blocks, then, will always generate the same cipher
text block. Although this is the most common mode of block
ciphers, it is susceptible to a variety of brute-force attacks
CIPHER BLOCK CHAINING:
Cipher Block Chaining (CBC) mode adds a feedback
mechanism to the encryption scheme. In CBC, the plaintext is
exclusively-O Red (XORed) with the previous cipher text
block prior to encryption. In this mode, two identical blocks
of plaintext never encrypt to the same cipher text.
 CIPHER FEEDBACK (CFB):
Cipher Feedback (CFB) mode is a block cipher
implementation as a self synchronizing stream cipher. CFB
mode allows data to be encrypted in units smaller than the
block size, which might be useful in some applications such
as encrypting interactive terminal input. If we were using 1-
byte CFB mode, for example, each incoming character is
placed into a shift register the same size as the block,
encrypted, and the block transmitted. At the receiving side,
the cipher text is decrypted and the extra bits in the block (i.e.,
everything above and beyond the one byte) are discarded.

OUTPUT FEEDBACK (OFB):

Output Feedback (OFB) mode is a block cipher

implementation conceptually similar to a synchronous stream
cipher. OFB prevents the same plaintext block from
generating the same cipher text block by using an internal
feedback mechanism that is independent of both the plaintext
and cipher text bit streams.
 APPLICATIONS
Cryptography is best known as a way of keeping the
contents of a message secret. Confidentiality of network
communications, for example, is of great importance for e-
commerce and other network applications. However, the
applications of cryptography go far beyond simple
confidentiality. In particular, cryptography allows the network
business and customer to verify the authenticity and integrity of
their transactions. If the trend to a global electronic marketplace
continues, better cryptographic techniques will have to be
developed to protect business transactions.
Sensitive information sent over an open network may be
scrambled into a form that cannot be understood by a hacker or
eavesdropper. This is done using a mathematical formula,
known as an encryption algorithm, which transforms the bits of
the message into an unintelligible form. The intended recipient
has a decryption algorithm for extracting the original message.
There are many examples of information on open networks,
which need to be protected in this way, for instance, bank
account details, credit card transactions, or confidential health or
tax records.

In order to allow different users to use the same algorithm,

the algorithm is used in conjunction with a secret key, a long
sequence of binary numbers, as shown in the illustration, which
is known only by the legitimate users. Only users sharing the
same key will be able to decrypt each other's encrypted
messages. Since the key allows access to the encrypted
information, it is of paramount importance that it is kept secret
and is frequently changed.
Before two parties can send information securely, they
must first exchange a secret key. This however presents a
dilemma, sometimes called the ‘Catch 22 of Cryptography’ —
how can the two parties exchange a key secretly before they can
communicate in secret? Even if the sender and receiver found a
channel that they believed to be secure, in the past there has
been no way to test the secrecy of each key. Quantum
cryptography solves this problem. It allows the sender and
receiver to test and guarantee the secrecy of each individual key.
 CONCLUSION
Cryptography is a particularly interesting field because of
the amount of work that is, by necessity, done in secret. The
irony is that today, secrecy is not the key to the goodness of a
cryptographic algorithm. Regardless of the mathematical theory
behind an algorithm, the best algorithms are those that are well-
known and well-documented because they are also well-tested
and well-studied! In fact, time is the only true test of good
cryptography; any cryptographic scheme that stays in use year
after year is most likely a good one. The strength of
cryptography lies in the choice (and management) of the keys;
longer keys will resist attack better than shorter keys.