Definition:

Cryptography is the practice and study of techniques for secure communication in the presence of third parties. - Wikipedia

Plaintext or cleartext is the raw message that needs to be hidden and transmitted. A cryptographic algorithm, or cipher, is used to convert the plaintext to ciphertext in a process called encryption. Cryptography allows you to secure data and internet communication as it is sent through the network, so that it cannot be read by anyone except the recipient. Once the ciphertext has been received, it can then be decrypted back to the original, readable plaintext.

This process can also be written as: C = Ek(P) and P = Dk(C), where P = plaintext, C = ciphertext, E = the encryption method, D = the decryption method, and k = the key.

Ciphers are complex mathematical functions that use a key to obscure the plaintext. The key is used to encrypt and either that same key or a complementary key is used to decrypt the ciphertext. The larger the size of the keys, the more secure the cipher will be because the algorithm will be more difficult to crack. The tradeoff is that a larger key requires more computing time and power to encrypt and decrypt.

The five primary goals of cryptography:

1. Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
2. Authentication: The process of proving one’s identity.
3. Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
4. Non-repudiation: A mechanism to prove that the sender really sent this message.
5. Key exchange: The method by which crypto keys are shared between sender and receiver.

Symmetric vs. Asymmetric Encryption

In symmetric encryption, or Secret Key Cryptography (SKC), the sender and receiver use a separate instance of the same key to encrypt and decrypt messages. Symmetric encryption heavily relies on the fact that the keys must be kept secret. It accomplishes privacy and confidentiality. But the drawback is the key distribution problem: it is difficult to securely send the key from one party to another so that encrypted messages can be exchanged between them.

In asymmetric encryption, commonly known as Public Key Cryptography (PKC), the sender and the receiver use different keys to encrypt and decrypt messages. The public key is used to encrypt the message, and the private key is used to decrypt the message. The two keys are generated together and thus mathematically related. Note that due to the keys’ mathematical link, ciphertext encrypted by the private key can only be decrypted by the corresponding public key. However, one will not be able to calculate the private key even if the public key is known. Disregarding quantum computing, it would take the combined computing power of the world longer than the heat death of the universe to brute force a strong encryption such as 2048-bit RSA. In asymmetric cryptography, the public keys are widely known (hence the name) - whereas the private key is kept protected. It accomplishes the goals of authenticity, key exchange, and non-repudiation. One of its main disadvantages over SKC is that it is slower.

In the context of CTF challenges, Crypto will take the form of cracking cipher text to find the flag. Some of the most common ciphers are Caesar Cipher and Vigenere Cipher. There are several online tools that can be used to encrypt/decrypt these.

Caesar Cipher is an extremely simple (and insecure) substitution cipher that uses a shift in the alphabet to encrypt words. For instance, a key value of 4 would offset the alphabet so that “E” would be the first letter.

ABCDEFGHIJKLMNOPQRSTUVWXYZ => EFGHIJKLMNOPQRSTUVWXYZABCD

So every A in the cleartext would be replaced by an E, every B with F, and so on.

Here is an online tool to help crack a Caesar Cipher.