Unlocking Cybersecurity: The Math Behind Cryptography and Data Protection

Cryptography stands as the bedrock of data security, acting as a safeguard for information across various industries. This blog post delves into how mathematical principles fuel cryptographic systems, ensuring robust data protection through efficient algorithmic designs, such as RSA and elliptic curve cryptography.

Cryptography in Data Protection

Cryptography protects data by ensuring its confidentiality, integrity, and availability. By encoding data, cryptography prevents unauthorized access; by signing data, it ensures that any tampering is detectable. This dual functionality is essential in areas such as:

ü  Financial transactions: Ensuring that sensitive data, such as credit card information, is encrypted and secure during online transactions.

ü  Confidential communications: Allowing for private conversations over public networks, such as the Internet, through end-to-end encryption.

ü  Data integrity: Verifying that data has not been altered during storage or transmission by using cryptographic hash functions.

Concept of cryptography

At its core, cryptography is the science of encoding and decoding information. It involves two primary types of cryptographic systems:

• Symmetric-key: Here, the same key is used for both encryption and decryption of the message. While efficient, the key must be shared between the communicating parties in a secure manner.

• Asymmetric-key: This system uses a pair of keys – a public key, which anyone can use to encrypt a message, and a private key, which is kept secret by the recipient and used to decrypt the message. This method helps solve the problem of key distribution that plagues symmetric cryptography.

The intersection of mathematics and computer science in cryptography provides a framework for developing secure communication systems in an otherwise vulnerable digital landscape. These channels are designed to be impenetrable by unauthorized parties, ensuring that only intended recipients can access the encrypted information. Let's explore the key mathematical disciplines that empower cryptographic algorithms:

• Number Theory: Essential to the architecture of public-key cryptosystems, number theory applies properties of integers, especially primes, to create complex encryption keys. For example, the RSA algorithm, one of the most widely used public-key systems, relies on the properties of large prime numbers and their resistance to factorization. The strength of RSA lies in the computational difficulty of factoring the product of these primes, which secures the encryption against all but the most sophisticated attacks.

• Abstract Algebra: Cryptography uses algebraic structures such as groups, rings, and fields to formulate algorithms that are not only secure but also efficient. For instance, elliptic curve cryptography (ECC), a public-key system, uses the algebraic structure of elliptic curves over finite fields for high-security encryption with relatively small key sizes, enhancing both security and performance. The security of ECC derives from the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which is significantly harder to solve compared to the discrete logarithm problems used in other cryptographic systems. This inherent hardness allows for smaller key sizes, reducing processing power and storage requirements, which is particularly beneficial for mobile devices and environments with limited resources. ECC is now widely used in various secure communication protocols, including SSL/TLS and mobile telephony, providing strong security without compromising performance.

• Algorithm Analysis: To ensure both security and practicality, cryptographic algorithms undergo thorough analysis. This involves evaluating their complexity to understand their efficiency and resilience against attacks, ensuring they are both secure and performant under various conditions

RSA algorithm

RSA Algorithm is named after its creators Ron Rivest, Adi Shamir and Leonard Adleman, who published the algorithm in 1977. RSA Algorithm relies on factorization of large number and modular arithmetic for encrypting and decrypting data. It consists of three main stages:

• Key Generation: Creating Asymmetric key.

• Encryption: Sender encrypts the data using Public Key to get cipher text.

• Decryption: Decrypting the cipher text using Private Key to get the original data.

Key Generation

1. Choose two distinct prime numbers p and q.

For a strong encryption, these numbers should be large and randomly chosen.

1. Compute n = p × q.

n is the modulus for both the public and private keys and its length, usually expressed in bits, is the key length.

3. Calculate the Euler's totient function ϕ(n) = (p−1)(q−1).

This value is used to ensure that the chosen eee and the computed ddd are coprime to ϕ(n).

4. Choose an integer e such that:

1 < e < Φ(n), and

The Greatest Common Divisor gcd(e, Φ(n)) = 1, that is e should be co-prime with Φ(n).

5. Determine d where 𝑑 ⋅ 𝑒 ≡ 1 (mod 𝜙(𝑛)) 

meaning that 𝜙(𝑛) divides the difference 𝑑⋅𝑒 −1.

Encryption and Decryption

• Encryption:  c ≡ m e (mod n)  

o   Where m is the plaintext message converted to an integer using ASCI, and c is the cipher text.

• Decryption: m ≡ c d (mod  n)

Security Consideration

• The security of RSA depends on the practical difficulty of factoring the large number n. As of today, no efficient algorithm is known to factor large integers quickly, which is what makes RSA secure against attacks.

Simplified Example of RSA Encryption

1. Key Generation: Think of RSA key generation like creating a secure lockbox.

   • Your friend chooses two prime numbers (let’s say 61 and 53) and multiplies them to get a number n (which equals 3233). This number is part of the public key.

   • They calculate ϕ(n) (which equals 3120 in this case) and choose a smaller number e (say 17) that has no common factors with ϕ(n) other than 1. This e is also part of the public key.

   • They then calculate the private key d (2753 in this case) which is kept secret.

2. Encryption: When you encrypt the message, you convert the message to a number (let's say your message is "HELLO" which converts to 448378203247). Using your friend’s public key (n = 3233, e = 17), you perform some mathematical to transform this number into another number (the cipher text).

3. Decryption: To decrypt your message, your friend uses their private key to reverse the transformation and convert the cipher text back into the original number representing "HELLO".

This process ensures that even if someone intercepts your encrypted message, they cannot understand it without the private key.

Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) uses the algebraic structure of elliptic curves over finite fields. It offers a higher degree of security with smaller key sizes compared to RSA, making it more efficient. For example, a 256-bit elliptic curve public key should provide comparable security to a 3072-bit RSA public key.

Key Generation

1. Select a finite field and define the elliptic curve equation over it, generally 

y2 = x3 + ax + b mod p, where a, b, p are constants defining the curve.

Ø  The curve parameters must satisfy the condition 4a3+27b2≠0 (to avoid singular curves).

2. Choose a base point G on the curve, which is publicly known.

3. Select a private key d, a randomly chosen number from the field.

4. Compute the public key Q as Q = dG.

Encryption and Decryption

• ECC typically uses mechanisms like ECIES (Elliptic Curve Integrated Encryption Scheme) or ECDH (Elliptic Curve Diffie-Hellman) for encryption and key exchange, rather than direct encryption of data like RSA. This blog does not go in-depth into these methods, as exceeds its purpose.

Security Consideration

• ECC's security relies on the difficulty of the Elliptic Curve Discrete Logarithm Problem (ECDLP), which is finding k  given P and kP for a point P on the curve. The problem is computationally infeasible to solve efficiently, which secures ECC against attacks.

Practical Example

• A common example is using ECC for SSL/TLS handshakes, where the efficiency and strength of ECC ensure secure key exchanges even over constrained environments.

Continuous Evolution of Cryptographic Practices

As digital threats evolve, so too shall cryptographic techniques. This constant need for advancement compels professionals in the field to engage with cutting-edge mathematical research and algorithm development. The future of cryptography lies in balancing the scalability of these algorithms with increasing security demands, particularly as quantum computing becomes more prevalent.