See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/334418542

A Review Paper on Cryptography

Conference Paper · June 2019

DOI: 10.1109/ISDFS.2019.8757514

CITATIONS READS

2 5,902

2 authors, including:

Abdalbasit Mohammed
Firat University
3 PUBLICATIONS   2 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Abdalbasit Mohammed on 23 October 2019.

The user has requested enhancement of the downloaded file.

 A Review Paper on Cryptography

Abdalbasit Mohammed Qadir Nurhayat Varol

Software Engineering Department TBMYO
Firat University Firat University
Elazig, Turkey Elazig, Turkey
[email protected] [email protected]

Abstract — With the internet having reached a level that They discussed that in our age, i.e. the age of information,
merges with our lives, growing explosively during the last several communication has contributed to the growth of technology
decades, data security has become a main concern for anyone and therefore has an important role that requires privacy to be
connected to the web. Data security ensures that our data is only protected and assured when data is sent through the medium of
accessible by the intended receiver and prevents any communication.
modification or alteration of data. In order to achieve this level
of security, various algorithms and methods have been Nitin Jirwan et al. [6] referred to data communication as
developed. Cryptography can be defined as techniques that depending mainly on digital data communication, in which
cipher data, depending on specific algorithms that make the data data security has the highest priority when using encryption
unreadable to the human eye unless decrypted by algorithms algorithms in order for data to reach the intended users safely
that are predefined by the sender. without being compromised. They also demonstrated the
various cryptographic techniques that are used in the process
Keywords — Cryptography, Security, Algorithm, Cipher, of data communication, such as symmetric and asymmetric
Decryption, Data Security. methods.
I. INTRODUCTION In a review on network security and cryptography, Sandeep
Cryptography is a technique to achieve confidentiality of Tayal et al. [7] mentioned that with the emergence of social
messages. The term has a specific meaning in Greek: “secret networks and commerce applications, huge amounts of data
writing”. Nowadays, however, the privacy of individuals and are produced daily by organizations across the world. This
organizations is provided through cryptography at a high level, makes information security a huge issue in terms of ensuring
making sure that information sent is secure in a way that the that the transfer of data through the web is guaranteed. With
authorized receiver can access this information [1]. With more users connecting to the internet, this issue further
historical roots, cryptography can be considered an old demonstrates the necessity of cryptography techniques. This
technique that is still being developed. Examples reach back to paper provides an overview of the various techniques used by
2000 B.C., when the ancient Egyptians used “secret” networks to enhance security, such as cryptography.
hieroglyphics, as well as other evidence in the form of secret Anjula Gupta et al. [8] showcased the origins and meaning
writings in ancient Greece or the famous Caesar cipher of of cryptography as well as how information security has
ancient Rome [2]. become a challenging issue in the fields of computers and
Billions of people around the globe use cryptography on a communications. In addition to demonstrating cryptography as
daily basis to protect data and information, although most do a way to ensure identification, availability, integrity,
not know that they are using it. In addition to being extremely authentication, and confidentiality of users and their data by
useful, it is also considered highly brittle, as cryptographic providing security and privacy, this paper also provides various
systems can become compromised due to a single asymmetric algorithms that have given us the ability to protect
programming or specification error [3]. and secure data.
A study conducted by Callas, J. [9] referred to topics such
II. LITERATURE REVIEW
as cryptography, privacy enhancing technologies, legal
Susan et al. [4] pointed out that network and computer changes concerned with cryptography, reliability, and
security is a new and fast-moving technology within the technologies used in privacy enhancement. He noted that it is
computer science field, with computer security teaching to be how society uses cryptography that will determine the future
a target that never stops moving. Algorithmic and mathematic of cryptography, which depends on regulations, current laws,
aspects, such as hashing techniques and encryption, are the and customs as well as what society expects it to achieve. He
main focus of security courses. As crackers find ways to hack indicated that there are many gaps in the field of cryptography
network systems, new courses are created that cover the latest for future researchers to fill. Additionally, the future of
type of attacks, but each of these attacks become outdated daily cryptography relies on a management system generating strong
due to the responses from new security software. With the keys to ensure that only the right people with the right keys can
continuous maturity of security terminology, security gain access, while others without the keys cannot. Finally,
techniques and skills continue to emerge in the practice of Callas indicated that people’s perspectives and thoughts about
business, network optimization, security architecture, and legal security and communication privacy are a mirror of the
foundation. changes that occur in laws that came into existence through
Othman O. Khalifa et al. [5] demonstrated the primary events such as the terrorist attacks of September 2001.
basic concepts, characteristics, and goals of cryptography.

978-1 -7281 -2827-6/19/$31 .00 ©2019 IEE E

Therefore, cryptography will always play a role in the CRYPTOGRAPHY CONCEPT
protection of data and information, for now and in the future. The basic concept of a cryptographic system is to cipher
Moving forward with the goals of cryptography, James L. information or data in order to achieve confidentiality of the
Massey [10] pointed out that there are two goals that information in a way that an unauthorized person would be
cryptography aims to achieve as they are: authenticity and/or unable to derive its meaning. Two of the most common uses of
secrecy. In terms of the security that it affords (which can be cryptography would be using it to transmit data through an
either practical or theoretical), he discussed both Shannon’s insecure channel, such as the internet, or ensuring that
theory of theoretical secrecy as well as Simmon’s theory of unauthorized people do not understand what they are looking
theoretical authenticity. at in a scenario in which they have accessed the information.
Lastly, Schneier [11] concluded that secrecy of security as In cryptography, the concealed information is usually
a good thing is a myth and that it is not good for security to be termed “plaintext”, and the process of disguising the plaintext
secret, as security completely relying on secrecy can be fragile. is defined as “encryption”; the encrypted plaintext is known as
If that secrecy was lost, regaining it would be impossible. “ciphertext”. This process is achieved by a number of rules
Schneier further expressed that cryptography based on short known as “encryption algorithms”. Usually, the encryption
secret keys that can be easily transferred and changed must rely process relies on an “encryption key”, which is then give to the
on a basic principle, which is for the cryptographic algorithms encryption algorithm as input along with the information.
to be simultaneously strong and public in order to offer good Using a “decryption algorithm”, the receiving side can retrieve
security. The only reliable way to make more improvements in the information using the appropriate “decryption key” [18].
security is to embrace public scrutiny.
Varol, N. et al. [12] studied on symmetric encryption which
is used for the encryption of a certain text or speech. In this
study the content to be encrypted is first converted into an
encapsulation chipher that cannot be understood by a cipher
algorithm.

Chachapara, K. et al. [13] examined secure sharing with

cryptography in cloud computing and demonstrated a
framework that makes use of cryptography algorithms like Fig. 1. Cryptography concept
RSA and AES, with AES been the most secure algorithm in
cryptography. The cloud users can generate keys for different III. HISTORICAL ALGORITHMS
users with different permissions to access their files. In this section, a few historical algorithms will be
introduced, along with pencil and paper examples for a non-
Orman, H. [14] mentioned that many discussions and mathematical reader. These algorithms were designed and used
developments are generated about cryptography, as the author long before public key cryptography was proposed.
stated the hash functions are playing a vital role in A. Caesar Cipher
cryptography by supplying nearly number to any piece of data
This is one of the oldest and earliest examples of
and by the years that MD5’s weaknesses became known, it led
cryptography, invented by Julius Caesar, the emperor of Rome,
to an unsettled feeling about how to design hash functions.
during the Gallic Wars. In this type of algorithm, the letters A
through We are encrypted by being represented with the letters
Gennaro, R. [15] discussed randomness in cryptography and that come three places ahead of each letter in the alphabet,
explained that a random process is one whose consequences while the remaining letters A, B, and C are represented by X,
are unknown, and mentioned that this is why randomness is Y, and Z. This means that a “shift” of 3 is used, although by
vital in cryptography since it provides a way to create using any of the numbers between 1 and 25 we could obtain a
information that an adversary can not learn or predict it. similar effect on the encrypted text. Therefore, nowadays, a
shift is often regarded as a Caesar Cipher [18].
Preneel, B. [16] demonstrated cryptography and information
security in the post-Snowden era, where he discussed mass As the Caesar cipher is one of the simplest examples of
cryptography, it is simple to break. In order for the ciphertext
surveillance practices and the security of ICT systems as well
to be decrypted, the letters that were shifted get shifted three
as known ways in which sophisticated attackers can bypass or letters back to their previous positions. Despite this weakness,
undermine cryptography. it might been strong enough in historical times when Julius
Caesar used it during his wars. Although, as the shifted letter
Sadkhan, S. B. [17] pointed to the main process and trends of in the Caesar Cipher is always three, anyone trying to decrypt
the fields in cryptography the time of Julius Cesar till the the ciphertext has only to shift the letters to decrypt it [19].
modern era, as well as mentioning the current status of the
Arabic industrial and academical efforts in this field in the past
that is related to thee existing cryptographic and search for
new evaluation methods for the security of information.
 columns of different lengths, which can cause the ciphertext to
be more difficult to decipher without the key [20].
IV. MODERN ALGORITHMS
A. Stream ciphers
Stream ciphers operate on pseudorandom bits generated
from the key, and the plaintext is encrypted by XORing both
the plaintext and the pseudorandom bits. Stream ciphers were
sometimes avoided in the past, as they were more likely than
block ciphers to be broken. Nowadays, however, after years of
developing designs, the stream cipher has become more secure
Fig. 2. Caesar Cipher encryption wheel and can be trusted and relied on to be used in connections,
Bluetooth, communications, mobile 4G, TLS connections, and
B. Simple Substitution Ciphers so on.
Take the Simple Substitutions Cipher, also known as
Monoalphabetic Cipher, as an example. In a Simple In a stream cipher, each bit is encrypted individually. There
Substitution Cipher, we take the alphabet letters and place are two types of stream ciphers: the first is the synchronous
them in random order under the alphabet written correctly, as stream cipher, in which the key stream relies on the key; in the
seen here: asynchronous cipher, though, the ciphertext is dependent on
the key stream. In Figure 3, we have a dotted line. If it was
A B C D E F G H I J K L M present, the stream cipher would be asynchronous; otherwise it
D I Q M T B Z S Y K V O F would be synchronous. The cipher feedback (CFB) would be
an example of an asynchronous cipher [2].
N O P Q R S T U V W X Y Z
E R J A U W P X H L C N G
In the encryption and decryption, the same key is used. The
rule of encryption here is that “each letter gets replaced by the
letter beneath it”, and the rule of decryption would be the
opposite. For instance, the corresponding ciphertext for the
plaintext CAN is QDN [18]
C. Transposition Ciphers Fig. 3. Asynchronous and synchronous types of stream ciphers
Other cipher families work by ordering the letters of the
plaintext to transform it to cipher text using a key and particular B. Block ciphers:
rule. Transposition can be defined as the alteration of the letters This type of cipher consists of both an algorithm for
in the plaintext through rules and a specific key. A columnar encryption and an algorithm for decryption:
transposition cipher can be considered as one of the simplest
types of transposition cipher and has two forms: the first is • A key (K) is given to the encryption algorithm (E) and
called “complete columnar transposition”, while the second is a block of plaintext (P), of which C is the product that
“incomplete columnar”. Regardless of which form is used, a consists of a ciphertext block. The encryption
rectangle shape is utilized to represent the written plaintext operation can be expressed as: C = E (K, P).
horizontally, and its width should correspond to the length of • As for the decryption algorithm (D), this is the inverse
the key being used. There can be as many rows as necessary to of the previous operation in which the ciphertext is
write the message. When complete columnar transposition is decrypted for the plaintext, P. It can be written as: P =
used, the plaintext is written, and all empty columns are filled D (K, C).
with null so that each column has the same length. For
example: A pseudorandom permutation (PRP) is used in order to
make the block cipher more secure. This means that if the key
second is kept secret, an attacker will not be able to decrypt the block
di vi s o cipher and compute the output from any input. This is as long
nadvan as the secrecy of K and its randomness is assured from the
attacker’s view. In a general form, this means that the attacker
c i ngto would not have the ability to find any pattern in the values that
n i ghtx are either input to or output from the block cipher.

The cipher text is then derived from the columns depending In a block cipher, two values are generally referred to: the
on the key. In this example, if we used the key “321654”, the size of the block and the size of the key. The security relies on
cipher text is going to be: the value of both. Many block ciphers use a 64-bit block or a
128-bit block. As it is crucial that the blocks are not too large,
cvdng eiaii sdncn donox nsatt oivgh the memory footprint and the ciphertext length are small in
size. Regarding the ciphertext length, blocks instead of bits are
However, when it comes to an incomplete columnar
processed in a block cipher. That is, if we wanted to encrypt a
transposition cipher, the columns are not required to be
16-bit message and the blocks with 128-bit blocks, we first
completed, so the null characters are left out. This results in
need to the message to be converted to 128-bit blocks; only if
this condition is met will the block cipher start processing and Fig. 6. Second preimage collision resistance
output a 128-bit ciphertext. When it comes to a memory
footprint, we need a memory of at least a 128-bit size in order D. Public key systems:
to work and process a 128-bit block. The register of most CPUs The invention of public key encryption can be considered
is small enough to fit. Otherwise, dedicated hardware circuits a cryptography revolution. It is obvious that even during the
can be used for this to be implemented. A 68 bits, 128 bits and 70s and 80s, general cryptography and encryption were solely
even blocks with a size of 512 bits are still short enough in most limited to the military and intelligence fields. It was only
cases for efficient implementation. However, as the blocks get through public key systems and techniques that cryptography
larger, (i.e. kilobytes long), the cost and performance of the spread into other areas.
implementation can be noticeably impacted [19].
Public key encryption gives us the ability to establish
communication without depending on private channels, as the
public key can be publicized without ever worrying about it. A
summary of the public key and its features follows:
1) With the use of public key encryption, key distribution
is allowed on public channels in which the system’s
initial deployment can be potentially simplified,
easing the system’s maintenance when parties join or
leave.
Fig. 4. Block cipher diagram 2) Public key encryption limits the need to store many
secret keys. Even in a case in which all parties want
C. Hash functions: the ability to establish secure communication, each
Previously known as pseudo random functions (PRF), they party can use a secure fashion to store their own
work by mapping an arbitrarily-sized input for a fixed-size private key. The public keys of other parties can be
output in a process called compression. This is not the same as stored in a non-secure fashion or can be obtained when
the compression used in .zip or .rar files, however. Instead, it needed.
is a mapping that is non-invertible. A hash function must align 3) In the case of open environments, public key
with two properties in order to be useful: cryptography is more suitable, especially when parties
• The first property is that it must be one-way. that have never interacted previously want to
communicate securely and interact. For example, a
• The second property is that it must be collision- merchant may have the ability to reveal their public
resistant. key online, and anyone who wants to purchase
Implying one-way output of a hash function can be considered something can access the public key of the merchant
as an important characteristic of it as well as being collision as necessary when they want their credit card
resistant, in which for another input to be found that generates information encrypted [3].
the same output (known as collision) would be nontrivial. Two V. DIGITAL SIGNATURES
forms of collision resistance can be introduced:
Unlike cryptography, digital signatures did not exist before
1) Preimage collision resistance: this form of hash the invention of computers. As computer communications
function operates on an output Y, which is given by were introduced, the need arose for digital signatures to be
finding another input M in such a way that the hash of discussed, especially in the business environments where
M is the same as Y, nontrivially. multiple parties take place and each must commit to keeping
their declarations and/or proposals. The topic of unforgeable
signatures was first discussed centuries ago, except those were
handwritten signatures. The idea behind digital signatures was
first introduced in a paper by Diffie and Hellman titled “New
Directions in Cryptography” [22].
Therefore, in a situation where the sender and receiver do
not completely trust each other, authentication alone cannot fill
the gap between them. Something more is required, i.e. the
Fig. 5. Preimage collision resistance
digital signature, in a way similar to the handwritten signature
2) Second preimage collision resistance: this the second [23].
form of hash function in which two messages are given A. Digital Signature Requirements:
(M1 and another, M2 that is chosen randomly) in
The relationship that created the link between signature and
which the match would be nontrivial [21].
encryption came into existence with the “digitalization” era
that we are currently witnessing and living in. The
requirements for an unforgeable signature schema would be:
• Each user should have the ability to generate their own
signature on any selected document they chose.
 • Each user should have the ability to efficiently verify an authentication tag is generated for a given message being
whether or not a given string is the signature of another sent; the recipients must verify it after receiving the message
particular user. and ensure that no external adversary has the ability to generate
authentication tags that are not being used by the
• No one should have the ability to generate signatures communicating parties.
on documents that the original owner did not sign [24].
Message authentication can be said to be similar to digital
B. Digital Signature Principles: signature, in a way, but the difference between them is that in
Being able to prove that a user or individual generated a message authentication, it is required that only the second party
message is essential both inside and outside the digital domain. verify the message. No third party can be involved to verify the
In today’s world, this is achieved through use of handwritten message’s validity and whether it was generated by the real
signatures. As for generating digital signatures, public-key sender or not. In digital signature, however, third parties have
cryptography is applied, in which the basic idea is that the the ability to check the signature’s validity. Therefore, digital
individual who signs a document or message uses a private key signatures have created a solution for message authentication
(called private-key), while the individual receiving the [24].
message or document must use the matching public-key. The
principle of the digital signature scheme is demonstrated in VI. CONCLUSION
Figure 7. Cryptography plays a vital and critical role in achieving the
primary aims of security goals, such as authentication,
integrity, confidentiality, and no-repudiation. Cryptographic
algorithms are developed in order to achieve these goals.
Cryptography has the important purpose of providing reliable,
strong, and robust network and data security. In this paper, we
demonstrated a review of some of the research that has been
conducted in the field of cryptography as well as of how the
various algorithms used in cryptography for different security
purposes work. Cryptography will continue to emerge with IT
and business plans in regard to protecting personal, financial,
medical, and ecommerce data and providing a respectable level
of privacy.
REFERENCES

Fig. 7. Digital signature principle (signing and verifying) [1] N. Sharma , Prabhjot and H. Kaur, "A Review of Information
Security using Cryptography Technique," International Journal of
This process starts with the signer, who signs the message Advanced Research in Computer Science, vol. 8, no. Special Issue,
x. The algorithm used in the signing process is a function that pp. 323-326, 2017.
belongs to the signer’s private key (kpr), assuming that the
signer will keep the private key secret. Thus, a relation can be [2] B. Preneel, Understanding Cryptography: A Textbook for Students
and Practitioners, London: Springer, 2010.
created between the message x and the signature algorithm; the
message x is also given to the signature algorithm as an input.
[3] J. Katz and Y. Lindell, lntroduct:ion t:o Modern Cryptography,
After the message has been signed, the signature s is attached London: Taylor & Francis Group, LLC , 2008.
to the message x, and they are sent to the receiver in the pair of
(x, s). It must also be noted that a digital signature is useless S. J. Lincke and A. Hollan, "Network Security: Focus on Security,
without being appended to a certain message, similar to putting [4]
Skills, and Stability," in 37th ASEE/IEEE Frontiers in Education
a handwritten signature on a check or document. Conference, Milwaukee, 2007.
The digital signature itself has an integer value that is quite
[5] O. O. Khalifa, M. R. Islam, S. Khan and M. S. Shebani,
large, e.g. a string with 2048 bits. In order for the signature to "Communications cryptography," in RF and Microwave
be verified, a verification function is needed in which both the Conference, 2004. RFM 2004. Proceedings, Selangor, 2004.
message x and the signature s are given as inputs to the
function. The function will require a public key in order to link N. Jirwan, A. Singh and S. Vijay , "Review and Analysis of
the signature to the sender who signed it, and the output of the
[6]
Cryptography Techniques," International Journal of Scientific &
verification function would be either “true” or “false”. The Engineering Research, vol. 3, no. 4, pp. 1-6, 2013 .
output would be true in a case in which the message x was
signed through the private key that is linked with the other key, [7] S. Tayal, N. Gupta, P. Gupta, D. Goyal and M. Goyal, "A Review
i.e. the public verification key. Otherwise, the output of the paper on Network Security and Cryptography," Advances in
verification function would be false [2]. Computational Sciences and Technology , vol. 10, no. 5, pp. 763-
770, 2017.
C. Difference between Digital Signature and Message
Authentication: [8] A. Gupta and N. K. Walia, "Cryptography Algorithms: A Review,"
NTERNATIONAL JOURNAL OF ENGINEERING
When parties are communicating over an insecure channel,
DEVELOPMENT AND RESEARCH, vol. 2, no. 2, pp. 1667-1672,
they may wish to add authentication to the messages that they 2014.
send to the recipient so that the recipient can tell if the message
is original or if it has been modified. In message authentication,
[9] J. Callas, "The Future of Cryptography," Information Systems
Security, vol. 16, no. 1, pp. 15-22, 2007.

[10] J. L. Massey, "Cryptography—A selective survey," Digital

Communications, vol. 85, pp. 3-25, 1986.

[11] B. Schneier, "The Non-Security of Secrecy," Communications of the

ACM, vol. 47, no. 10, pp. 120-120, 2004.

[12] N. Varol, F. Aydoğan and A. Varol, "Cyber Attacks Targetting

Android Cellphones," in The 5th International Symposium on
Digital Forensics and Security (ISDFS 2017), Tirgu Mures, 2017.

[13] K. Chachapara and S. Bhadlawala, "Secure sharing with

cryptography in cloud," in 2013 Nirma University International
Conference on Engineering (NUiCONE), Ahmedabad, 2013.

[14] H. Orman, "Recent Parables in Cryptography," IEEE Internet

Computing, vol. 18, no. 1, pp. 82-86, 2014.

[15] R. GENNARO, "IEEE Security & Privacy," IEEE Security &

Privacy, vol. 4, no. 2, pp. 64 - 67, 2006.

[16] B. Preneel, "Cryptography and Information Security in the Post-

Snowden Era," in IEEE/ACM 1st International Workshop on
TEchnical and LEgal aspects of data pRivacy and SEcurity,
Florence, 2015.

[17] S. B. Sadkhan, "Cryptography : current status and future trends," in

International Conference on Information and Communication
Technologies: From Theory to Applications, Damascus, 2004.

[18] F. Piper and S. Murphy, Cryptography: A Very Short Introduction,

London: Oxford University Press, 2002.

[19] J. P. Aumasson, SERIOUS CRYPTOGRAPHY A Practical

Introduction to Modern Encryption, San Francisco: No Starch Press,
Inc, 2018 .

[20] J. F. Dooley, A Brief History of Cryptology and Cryptographic

Algorithms, New York: Springer, 2013.

[21] T. S. Denis and S. Johnson, Cryptography for Developers, Boston:

Syngress Publishing Inc, 2007 .

[22] W. D. A. M. E. HELLMAN, "New directions in cryptography,"

IEEE Transactions on Information Theory, Vols. IT-22, no. 6, pp.
644-654, 1976.

[23] W. Stallings, Cryptography and Network Security Principles and

Practices, New York: Prentice Hall, 2005.

[24] O. Goldreich, Foundations of Cryptography Basic Tools,

Cambridge: Cambridge University Press, 2004.

View publication stats