Secrets

Imagine Alice and Bob have a secret that no one else knows (curiously, every crypto and blockchain story begins with Alice and Bob). They have to physically separate and communicate from afar. Lisa wants to listen in and intercept the message. So Alice “encrypts” the message by using a secret code, puts the message in a box, and uses a physical lock for which only she and Bob have the combination. Then Alice sends the box to Bob. Bob uses the same combination to unlock the box and “decrypts” the message. They are essentially using “ciphers” to scramble and unscramble messages so they are meaningless to Lisa even if she intercepts them.

Cryptography uses ciphers to scramble or unscramble messages using algorithms. The Caesar Cipher is named after the legendary Roman Emperor Julius Caesar who sent encrypted messages to his military commanders by shifting letters by three (A becoming D when encrypting, and D becoming A when decrypting). This “shift” methodology seems unsophisticated to us now especially since only 25 shifts are possible in English but it serves as a starting point of more complex schemes used today. Though cryptography has been around for as long as there have been secrets, the primary objective has remained the same; confidentiality, integrity, and authentication. 

Fundamentals of Cryptography

Whether in Ancient Rome or modern day, users and receivers want assurances that the information transmitted is Confidential, that is, not publicly accessed without proof that only the intended person received the information. A “key” is required to lock and unlock the data through encryption. Remember Alice and Bob have a secret…

Next, Integrity means that the information is not altered while being sent from the sender to the receiver. For example, blockchain technology uses a “hash algorithm” which is a one-way encryption of a digital signature (it can’t be un-hashed). When Alice sends a message to Bob, she wants to make sure that the message he receives is actually the same message she sent and not something Lisa altered if it was intercepted. 

Authentication is the guarantee that the message Alice sent to Bob is really received by Alice and not someone posing as her. Lisa perhaps?…Validation such as a “certificate” is needed to confirm “Alice” is not some malicious interloper! 

So if the fundamentals of cryptography haven’t changed, what’s different today? The various methodologies and sophistication by which we ensure confidentiality, integrity, and authentication has advanced with digital technology and the frequency by which encryption is performed. The seemingly mundane actions we do are riddled with algorithms, keys, and certificates whether you know it or not. Ciphers are used in so many tasks we perform on an hourly basis from text messaging, cash withdrawals from ATMs, sending emails, using credit cards, facial recognition, bank transfers, and web browsing. The amount of personal, financial, and social data that is transmitted digitally today is unprecedented. We use passwords, pins, and biometric scans which all provide safeguards to activities that we perform in our IoT (Internet of Things) connected world, but do we know what happens to that information? The data being encrypted and the privacy it brings is being debated as a fundamental human right. 

Safeguard your Activity

Have you ever searched yourself on the web? Your digital footprint can include things you’ve long forgotten; traffic tickets, cars purchases, charitable donations, old embarrassing high school photos, and maybe more private transactions. Encrypting information is standard these days but the issue is more about selective privacy and permission. Check privacy settings on your mobile, email accounts, and web browser. Use products such as Opera browser and free VPN (virtual private network) to keep your activity safe and secret in transit between the browser and the proxy, especially when you are performing financial transactions on an open internet service provider, for example, when you are at the airport or cafe. Check for email breaches (https://haveibeenpwned.com/), use password manager tools, and turn on 2FA (two-factor authentication). Some providers have these offerings built into their products so research before you start auto filling on a public network or with an easily hacked email address. By understanding the basics of cryptography you have a general sense of why data is encrypted and how enabling privacy settings on your devices and platforms will help safeguard your data and keep those “Lisas” out of your business. 

---