In an unsafe cyber world, here’s why you should study cryptology
What is cryptology? Historically, when did this start?
Cryptology is the art and science of secret writing. The word is derived from ‘Cryptos’ and ‘Logia,’ meaning ‘secret’ and ‘study’ respectively. Today, when the cyber world faces immense threat from hackers who are just lying in wait to steal valuable information you send over the internet, Dr. Somitra Kumar Sanadhya, associate professor, department of computer science and engineering, IIT Ropar, tells us why the study of cryptology assumes a lot of significance.
What is the relationship between cryptography and security?
Security is the all-encompassing term used to denote various goals to be achieved against various types of adversaries. For example, one could be worried by internal sabotage during an operation, or breach of access by an intruder to a secure facility etc. Digital security is concerned with protecting information against hackers and unintended recipients. Cryptography is the mathematical foundation on the basis of which the information can be protected. In this sense, it is the tool through which computer and digital security can be achieved.
Humans have needed some form of secret communication since the start of civilization. In the earliest days, people used invisible inks, writing with wax on paper, etc thus hiding even the information that some message is being communicated. During World War 2, spies used miniaturised photographs of sensitive documents and pasted them below the stamp on an envelope. In the Vietnam war, a captured American soldier transmitted information about his torture by his captors in a publicly televised interview by blinking his eyes (and using Morse code).
However, the above examples come under the study of ‘steganography’. In cryptology, the aim is to design and use a system of communication which prevents an adversary from understanding the intended message even when he has the ability to capture the transmitted message. Naturally, the transmission must be a modified form of the original message, using some secret. As an example, the earliest known example of a ‘cipher’ is Julius Caesar’s army’s use of shifted alphabets. Translated to English characters, they used ‘D’ whenever they wanted to send ‘A’, ‘E’ for ‘B’ etc. This shifted sequence was rolled back by three characters by the recipient to recover the message.
Historically, army and diplomatic missions have always used cryptography. The history of the subject goes back a few thousand years. But in its modern form, the subject received significant attention from around the world wars.
What is the stand of the Indian government on cryptography?
As far as I know, bitcoins are not yet legal in India. Apart from this, I am not aware of any law which prohibits anyone in India to not use cryptography for any specific purpose.
Please tell us about scope and future of research and development in cryptology?
As people become more security conscious, internet banking and online payments increase, there is bound to be demand of both security engineers as well as cryptologists. Blockchain technology(‘Blocks’ are lists of records and blockchain refers to a distributed database used for maintaining the continuously growing lists) is another area which has the potential to transform the financial world. It is already being used for smart-contracts, anonymous payments etc.
What are various disciplines in cryptography?
There has been tremendous research in the design of codes (encryption schemes). Design and implementation of efficient symmetric key encryption schemes as well as public key encryption schemes is an important area of research in the subject. Similarly, the design of schemes which could protect authenticity of the message or the sender is a related line of work.
The question of how to break the security guarantees offered by various cryptographic schemes is always relevant to the area. This is called cryptanalysis.
There are many interesting questions related to secure computations. For example, we might be interested in collating information across multiple computers and do some unified computation, even while knowing that some of the computers are compromised.
The implementation of various designs could leak information about the secrets. For example, a laptop with hidden secret key could be encrypting messages but the small sounds that the laptop is making during the encryption process could be enough for someone with a nearby listening device to recover the secret key. Study of such techniques leads to the study of ‘side channel attacks’ and their mitigation strategies during implementation.
Finally, as another concluding example, I present one more nice application of modern cryptology. I may possess some secret which I do not wish to share with anyone, but nonetheless, I may be interested in convincing the recipient that I indeed have that secret. More interestingly, the recipient should not learn anything more than the fact that I have the secret. This interesting aim can be achieved by what is known as ‘zero knowledge proof’.
Modern cryptography has become so vast that it is not possible to discuss all the major themes of the area here.
Which institutes in India are offering cryptology as a subject?
The RC Bose Centre for Cryptology and Security at Indian Statistical Institute Kolkata has a large number of cryptographers, and they offer PhD, MTech and some short term courses on cryptology. Among the IITs, the ones at Kanpur, Bombay, Madras, Kharagpur, Roorkee, Gandhinagar, Tirupati and Ropar have some cryptology experts in the faculty and most of them offer courses to their bachelors, masters and PhD students. Further, there are many good researchers at IISc Bangalore, IIIT Bangalore, IIIT Hyderabad, Microsoft Research and IBM research etc.
The Cryptology Research Society of India (CRSI) organises annual workshops and conferences for complete beginners to advanced researchers in India. The events are held at different locations every year.
How does one get to learn more about cryptology?
If you are interested in the area of cryptology then mathematics and theoretical computer science are very useful. If you have an electrical engineering, communications or hardware background then you could still work in attacking and securing implementations of cryptographic schemes. I suggest that young students and researchers attend cryptology events in the country, and register for online courses on the subject.