In an unsafe cyber world, here’s why you should study cryptology
Demand for security and cryptologists will increase as safeguarding data and documents in the age of internet banking and online payments assumes great importanceeducation Updated: Jun 28, 2017 18:15 IST
What is cryptology? Historically, when did this start?
Cryptology is the art and science of secret writing. The word is derived from ‘Cryptos’ and ‘Logia,’ meaning ‘secret’ and ‘study’ respectively. Today, when the cyber world faces immense threat from hackers who are just lying in wait to steal valuable information you send over the internet, Dr. Somitra Kumar Sanadhya, associate professor, department of computer science and engineering, IIT Ropar, tells us why the study of cryptology assumes a lot of significance.
What is the relationship between cryptography and security?
Security is the all-encompassing term used to denote various goals to be achieved against various types of adversaries. For example, one could be worried by internal sabotage during an operation, or breach of access by an intruder to a secure facility etc. Digital security is concerned with protecting information against hackers and unintended recipients. Cryptography is the mathematical foundation on the basis of which the information can be protected. In this sense, it is the tool through which computer and digital security can be achieved.
Humans have needed some form of secret communication since the start of civilization. In the earliest days, people used invisible inks, writing with wax on paper, etc thus hiding even the information that some message is being communicated. During World War 2, spies used miniaturised photographs of sensitive documents and pasted them below the stamp on an envelope. In the Vietnam war, a captured American soldier transmitted information about his torture by his captors in a publicly televised interview by blinking his eyes (and using Morse code).
However, the above examples come under the study of ‘steganography’. In cryptology, the aim is to design and use a system of communication which prevents an adversary from understanding the intended message even when he has the ability to capture the transmitted message. Naturally, the transmission must be a modified form of the original message, using some secret. As an example, the earliest known example of a ‘cipher’ is Julius Caesar’s army’s use of shifted alphabets. Translated to English characters, they used ‘D’ whenever they wanted to send ‘A’, ‘E’ for ‘B’ etc. This shifted sequence was rolled back by three characters by the recipient to recover the message.
Historically, army and diplomatic missions have always used cryptography. The history of the subject goes back a few thousand years. But in its modern form, the subject received significant attention from around the world wars.
What is the stand of the Indian government on cryptography?
As far as I know, bitcoins are not yet legal in India. Apart from this, I am not aware of any law which prohibits anyone in India to not use cryptography for any specific purpose.
Please tell us about scope and future of research and development in cryptology?
As people become more security conscious, internet banking and online payments increase, there is bound to be demand of both security engineers as well as cryptologists. Blockchain technology(‘Blocks’ are lists of records and blockchain refers to a distributed database used for maintaining the continuously growing lists) is another area which has the potential to transform the financial world. It is already being used for smart-contracts, anonymous payments etc.
- Plaintext: The original message which is to be communicated to the recipient
- Encryption: The process of transforming the plain text to something that is which cannot be deciphered. Only the intended recipient, who has a secret pre-shared with the sender, can recover the original message from this text.
- Ciphertext: The transformed message (the indecipherable text which is actually transmitted)
- Decryption: The reverse process of encryption, employed by the recipient to recover the message from the ciphertext.
- Secret key: The secret data which is shared between the sender and the receiver. This is used in both the encryption and the decryption process, first to transform the message and later to recover the message from ciphertext.
Cryptology = Cryptography + cryptanalysis
- Cryptography: The art and science of designing secure methods of encryption and decryption
- Cryptanalysis: The art and science of ‘breaking’ the codes (either to recover secret information, which was not intended for anyone other than the recipient or to breach some security goal which was sought to be achieved by cryptography).
- Symmetric key: When the sender and receiver use the same secret during the encryption and decryption process, this secret is called the symmetric key. Till the 70’s all cryptography was only of this type.
- Public key (Assymetric key): It is possible to encrypt a message with one key (public key) such that the ciphertext can be decrypted using another key (private key) belonging to the recipient. This was a new idea discovered first in 1976. The advantage of this system is that one need not first share a key with someone with whom he wants to have secret communication. One could simply publish his public key and everyone could encrypt messages using this public key. However, only the person holding the corresponding private key can decrypt these ciphertexts.
- Authenticity: Encryption process ensures that any intruder will not be able to get the message from the ciphertext. However, an attacker could modify the ciphertext while it is transmitting (possible by using a rouge router). Now, the recipient may be fooled into believing that the sender sent something else. Authenticity guarantees that the ciphertext was not compromised during transmission and is indeed the same as the one sent. It can also guarantee that the sender is indeed who he claims to be, and not some impostor.
- Privacy: It is a general term meaning that an individual has the right to seclude his information from being public, and thereby selectively expressing himself.
What are various disciplines in cryptography?
There has been tremendous research in the design of codes (encryption schemes). Design and implementation of efficient symmetric key encryption schemes as well as public key encryption schemes is an important area of research in the subject. Similarly, the design of schemes which could protect authenticity of the message or the sender is a related line of work.
The question of how to break the security guarantees offered by various cryptographic schemes is always relevant to the area. This is called cryptanalysis.
There are many interesting questions related to secure computations. For example, we might be interested in collating information across multiple computers and do some unified computation, even while knowing that some of the computers are compromised.
The implementation of various designs could leak information about the secrets. For example, a laptop with hidden secret key could be encrypting messages but the small sounds that the laptop is making during the encryption process could be enough for someone with a nearby listening device to recover the secret key. Study of such techniques leads to the study of ‘side channel attacks’ and their mitigation strategies during implementation.
Finally, as another concluding example, I present one more nice application of modern cryptology. I may possess some secret which I do not wish to share with anyone, but nonetheless, I may be interested in convincing the recipient that I indeed have that secret. More interestingly, the recipient should not learn anything more than the fact that I have the secret. This interesting aim can be achieved by what is known as ‘zero knowledge proof’.
Modern cryptography has become so vast that it is not possible to discuss all the major themes of the area here.
Which institutes in India are offering cryptology as a subject?
The RC Bose Centre for Cryptology and Security at Indian Statistical Institute Kolkata has a large number of cryptographers, and they offer PhD, MTech and some short term courses on cryptology. Among the IITs, the ones at Kanpur, Bombay, Madras, Kharagpur, Roorkee, Gandhinagar, Tirupati and Ropar have some cryptology experts in the faculty and most of them offer courses to their bachelors, masters and PhD students. Further, there are many good researchers at IISc Bangalore, IIIT Bangalore, IIIT Hyderabad, Microsoft Research and IBM research etc.
The Cryptology Research Society of India (CRSI) organises annual workshops and conferences for complete beginners to advanced researchers in India. The events are held at different locations every year.
How does one get to learn more about cryptology?
If you are interested in the area of cryptology then mathematics and theoretical computer science are very useful. If you have an electrical engineering, communications or hardware background then you could still work in attacking and securing implementations of cryptographic schemes. I suggest that young students and researchers attend cryptology events in the country, and register for online courses on the subject.