What Is Cryptography?

Cryptography Fundamentals

Chapter 1 · What Is Cryptography? Goals, Terminology & Kerckhoffs's Principle

The HTTPS/TLS Fundamentals course introduced enough cryptography to explain how a browser padlock actually works — symmetric/asymmetric crypto, hashing, and key exchange, covered just deeply enough to get through a TLS handshake (https1-2, https1-3). This course goes underneath that: the primitives themselves, why they're built the way they are, and — because it's genuinely a great story with real technical substance — a proper look at classical cryptography's most famous machine, the Enigma, and how it was broken.

The Four Goals of Cryptography

"Cryptography" is often shorthand for just one thing — keeping messages secret. That's only a quarter of the picture. Every cryptographic system exists to provide some combination of four distinct guarantees:

GoalQuestion it answersTypical tool
ConfidentialityCan anyone but the intended recipient read this?Encryption (Ch.5, Ch.9)
IntegrityWas this message altered in transit?Hash functions, MACs (Ch.7, Ch.8)
AuthenticityDid it really come from who it claims to?Digital signatures, MACs (Ch.8, Ch.10)
Non-repudiationCan the sender later deny sending it?Digital signatures specifically (Ch.10)
Encryption alone only buys you one of these four
Encrypting a message keeps it confidential — but an attacker who can't read a message can often still tamper with it, and a recipient decrypting it has no guarantee it actually came from the claimed sender. Confusing "encrypted" with "secure" is one of the most common real-world cryptography mistakes; a genuinely secure system almost always needs confidentiality, integrity, and authenticity working together, not encryption standing in for all three.

The Vocabulary You'll Need

  • Plaintext — the original, readable message before any transformation.
  • Ciphertext — the transformed, unreadable-without-the-key output.
  • Cipher — the algorithm that transforms plaintext into ciphertext and back.
  • Key — the secret input that controls exactly how a cipher transforms the data; the same cipher with a different key produces completely different ciphertext.
  • Encrypt / decrypt — apply the cipher forward (plaintext → ciphertext) or in reverse (ciphertext → plaintext).
  • Cryptography — the practice of designing these systems; cryptanalysis — the practice of breaking them; cryptology — the umbrella term covering both.

That last distinction matters more than it looks — Chapter 4's entire subject is cryptanalysis, not cryptography: how a well-designed cipher's real-world implementation and operation, not its underlying mathematics, ended up being its weakness.

Kerckhoffs's Principle — The Algorithm Isn't the Secret

Formulated by Auguste Kerckhoffs in 1883, the principle states: a cryptographic system should remain secure even if everything about it — except the key — is public knowledge. Only the key is secret; the algorithm itself can be published, studied, and attacked by the entire world without that alone breaking the system.

This runs directly against instinct. Surely keeping the algorithm itself secret adds a layer of protection? In practice, the opposite holds:

  • A secret algorithm has never been reviewed by anyone outside the small group that built it — flaws go unnoticed until an attacker finds them first.
  • A public algorithm like AES (Ch.5) has been attacked for decades by the world's best cryptanalysts and has held up — that scrutiny is the evidence of its strength.
  • Relying on secrecy of design rather than secrecy of key is called security through obscurity, and it's considered a red flag rather than a defence in modern cryptographic engineering.
This is why Chapter 3 matters for more than history
The Enigma machine's design was not secret — the Allies had working replica machines. What stayed secret, and what actually mattered, was the daily key settings (rotor order, starting positions, plugboard wiring). Kerckhoffs's Principle, formulated over 50 years before Enigma was ever built, predicts exactly this outcome: the machine's fall came from key-management and operational failures (Ch.4), not from anyone reverse-engineering its mechanism.

Symmetric vs. Asymmetric — A First Look

Two fundamentally different approaches to using a key, both covered in real depth later in this course:

SymmetricAsymmetric (public-key)
Keys involvedOne shared key, used for both encrypt and decryptA key pair — public key encrypts, private key decrypts (or vice versa for signing)
SpeedFast — used for the bulk of real dataMuch slower — used sparingly, often just to exchange a symmetric key
The hard problemGetting the shared key to both parties securelyNo shared secret ever needs to travel at all
Covered in depthChapter 5 (AES), Chapter 6 (modes)Chapter 9 (RSA, Diffie-Hellman, ECC)

Every classical cipher this course covers next — including Enigma — is symmetric: the same setting that encrypts a message also decrypts it. Asymmetric cryptography is a 20th-century invention (Chapter 9), and understanding why it took so long to invent is itself a genuinely interesting question, revisited once Chapter 9 lays out the "hard problem" symmetric crypto never solved.

Where This Course Is Headed

ChapterTopic
2Classical Ciphers — Substitution, Transposition & Frequency Analysis
3The Enigma Machine — Mechanism & Daily Operation
4Breaking Enigma — Cribs, the Bombe & the Fatal Flaw
5Symmetric-Key Cryptography — Block & Stream Ciphers, AES
6Modes of Operation — ECB, CBC, CTR/GCM
7Hash Functions
8Message Authentication — MACs, HMAC & AEAD
9Public-Key Cryptography — RSA, Diffie-Hellman & Elliptic Curves
10Digital Signatures & the Trust Chain
11Key Management in Practice
12Capstone: Cryptography in the Real World
This course's throughline
Every chapter answers a version of the same question: what actually breaks a cryptographic system in practice? Rarely is it the underlying mathematics — it's almost always key management, implementation choices, or operational discipline. That thread runs from Enigma's daily settings (Ch.3–4) all the way to Chapter 11's real-world key management, and it's worth watching for throughout.

Hands-On Exercises

Exercise 1

A colleague says "we encrypted the data, so it's secure." Using this chapter's four goals, explain what encryption alone does and doesn't guarantee, and give a concrete scenario where encrypted data is still successfully attacked.

📄 View solution
Exercise 2

A company builds its own secret, unpublished encryption algorithm and refuses to disclose how it works, arguing that keeping the algorithm secret makes it stronger. Explain, using Kerckhoffs's Principle, why this reasoning is considered a red flag rather than good practice.

📄 View solution
Exercise 3

Classify each of the following as primarily a confidentiality, integrity, authenticity, or non-repudiation problem: (a) an attacker reads a private email in transit, (b) a signed software update is altered after signing without detection, (c) an attacker forges a message that appears to come from your bank, (d) a sender later claims they never sent a message they actually did send.

📄 View solution

Chapter 1 Quick Reference

  • Four goals: confidentiality, integrity, authenticity, non-repudiation — encryption alone only covers the first
  • Vocabulary: plaintext/ciphertext/cipher/key; cryptography (build) vs. cryptanalysis (break) vs. cryptology (both)
  • Kerckhoffs's Principle: security must come from the secrecy of the key, not the secrecy of the algorithm — "security through obscurity" is a red flag
  • Symmetric = one shared key, fast, hard problem is key distribution; asymmetric = key pair, slower, no shared secret needs to travel
  • This course's throughline: real-world breaks are almost always about key management and operational discipline, not the underlying math
  • Next chapter: Classical Ciphers — substitution and transposition ciphers, and why frequency analysis eventually defeats all of them