What Is Cryptography?
Cryptography Fundamentals
Chapter 1 · What Is Cryptography? Goals, Terminology & Kerckhoffs's Principle
The HTTPS/TLS Fundamentals course introduced enough cryptography to explain how a browser padlock actually works — symmetric/asymmetric crypto, hashing, and key exchange, covered just deeply enough to get through a TLS handshake (https1-2, https1-3). This course goes underneath that: the primitives themselves, why they're built the way they are, and — because it's genuinely a great story with real technical substance — a proper look at classical cryptography's most famous machine, the Enigma, and how it was broken.
The Four Goals of Cryptography
"Cryptography" is often shorthand for just one thing — keeping messages secret. That's only a quarter of the picture. Every cryptographic system exists to provide some combination of four distinct guarantees:
| Goal | Question it answers | Typical tool |
|---|---|---|
| Confidentiality | Can anyone but the intended recipient read this? | Encryption (Ch.5, Ch.9) |
| Integrity | Was this message altered in transit? | Hash functions, MACs (Ch.7, Ch.8) |
| Authenticity | Did it really come from who it claims to? | Digital signatures, MACs (Ch.8, Ch.10) |
| Non-repudiation | Can the sender later deny sending it? | Digital signatures specifically (Ch.10) |
The Vocabulary You'll Need
- Plaintext — the original, readable message before any transformation.
- Ciphertext — the transformed, unreadable-without-the-key output.
- Cipher — the algorithm that transforms plaintext into ciphertext and back.
- Key — the secret input that controls exactly how a cipher transforms the data; the same cipher with a different key produces completely different ciphertext.
- Encrypt / decrypt — apply the cipher forward (plaintext → ciphertext) or in reverse (ciphertext → plaintext).
- Cryptography — the practice of designing these systems; cryptanalysis — the practice of breaking them; cryptology — the umbrella term covering both.
That last distinction matters more than it looks — Chapter 4's entire subject is cryptanalysis, not cryptography: how a well-designed cipher's real-world implementation and operation, not its underlying mathematics, ended up being its weakness.
Kerckhoffs's Principle — The Algorithm Isn't the Secret
Formulated by Auguste Kerckhoffs in 1883, the principle states: a cryptographic system should remain secure even if everything about it — except the key — is public knowledge. Only the key is secret; the algorithm itself can be published, studied, and attacked by the entire world without that alone breaking the system.
This runs directly against instinct. Surely keeping the algorithm itself secret adds a layer of protection? In practice, the opposite holds:
- A secret algorithm has never been reviewed by anyone outside the small group that built it — flaws go unnoticed until an attacker finds them first.
- A public algorithm like AES (Ch.5) has been attacked for decades by the world's best cryptanalysts and has held up — that scrutiny is the evidence of its strength.
- Relying on secrecy of design rather than secrecy of key is called security through obscurity, and it's considered a red flag rather than a defence in modern cryptographic engineering.
Symmetric vs. Asymmetric — A First Look
Two fundamentally different approaches to using a key, both covered in real depth later in this course:
| Symmetric | Asymmetric (public-key) | |
|---|---|---|
| Keys involved | One shared key, used for both encrypt and decrypt | A key pair — public key encrypts, private key decrypts (or vice versa for signing) |
| Speed | Fast — used for the bulk of real data | Much slower — used sparingly, often just to exchange a symmetric key |
| The hard problem | Getting the shared key to both parties securely | No shared secret ever needs to travel at all |
| Covered in depth | Chapter 5 (AES), Chapter 6 (modes) | Chapter 9 (RSA, Diffie-Hellman, ECC) |
Every classical cipher this course covers next — including Enigma — is symmetric: the same setting that encrypts a message also decrypts it. Asymmetric cryptography is a 20th-century invention (Chapter 9), and understanding why it took so long to invent is itself a genuinely interesting question, revisited once Chapter 9 lays out the "hard problem" symmetric crypto never solved.
Where This Course Is Headed
| Chapter | Topic |
|---|---|
| 2 | Classical Ciphers — Substitution, Transposition & Frequency Analysis |
| 3 | The Enigma Machine — Mechanism & Daily Operation |
| 4 | Breaking Enigma — Cribs, the Bombe & the Fatal Flaw |
| 5 | Symmetric-Key Cryptography — Block & Stream Ciphers, AES |
| 6 | Modes of Operation — ECB, CBC, CTR/GCM |
| 7 | Hash Functions |
| 8 | Message Authentication — MACs, HMAC & AEAD |
| 9 | Public-Key Cryptography — RSA, Diffie-Hellman & Elliptic Curves |
| 10 | Digital Signatures & the Trust Chain |
| 11 | Key Management in Practice |
| 12 | Capstone: Cryptography in the Real World |
Hands-On Exercises
A colleague says "we encrypted the data, so it's secure." Using this chapter's four goals, explain what encryption alone does and doesn't guarantee, and give a concrete scenario where encrypted data is still successfully attacked.
📄 View solutionA company builds its own secret, unpublished encryption algorithm and refuses to disclose how it works, arguing that keeping the algorithm secret makes it stronger. Explain, using Kerckhoffs's Principle, why this reasoning is considered a red flag rather than good practice.
📄 View solutionClassify each of the following as primarily a confidentiality, integrity, authenticity, or non-repudiation problem: (a) an attacker reads a private email in transit, (b) a signed software update is altered after signing without detection, (c) an attacker forges a message that appears to come from your bank, (d) a sender later claims they never sent a message they actually did send.
📄 View solutionChapter 1 Quick Reference
- Four goals: confidentiality, integrity, authenticity, non-repudiation — encryption alone only covers the first
- Vocabulary: plaintext/ciphertext/cipher/key; cryptography (build) vs. cryptanalysis (break) vs. cryptology (both)
- Kerckhoffs's Principle: security must come from the secrecy of the key, not the secrecy of the algorithm — "security through obscurity" is a red flag
- Symmetric = one shared key, fast, hard problem is key distribution; asymmetric = key pair, slower, no shared secret needs to travel
- This course's throughline: real-world breaks are almost always about key management and operational discipline, not the underlying math
- Next chapter: Classical Ciphers — substitution and transposition ciphers, and why frequency analysis eventually defeats all of them