Introduction to the tutorialIs this

Introduction to the tutorial
Is this tutorial right for you?
This tutorial (and its two follow-up tutorials) targets programmers wishing to familiarize themselves with cryptology, its techniques, its mathematical and conceptual basis, and its lingo. The ideal user of this tutorial will have encountered various descriptions of cryptographic systems and general claims about the security or insecurity of particular software and systems, but without entirely understanding the background of these descriptions and claims. Additionally, many users will be programmers and systems analysts whose employers have plans to develop or implement cryptographic systems and protocols (perhaps assigning such obligations to the very people who will benefit from this tutorial).
This tutorial does not contain much in the way of specific programming code for cryptographic protocols, nor even much specificity in precise algorithms. Instead, it will familiarize its users with a broad range of cryptological concepts and protocols. Upon completion, a user will feel at ease with discussions of cryptographic designs, and be ready to explore the details of particular algorithms and protocols with a comfortable familiarity of their underlying concepts.


Just what is cryptology anyway?
Read this tutorial for the long answer. The short answer is that cryptology is made up of cryptography and cryptanalysis. The first, cryptography, is the actual securing, control, and identification of digital data. The second, cryptanalysis, is made up of all the attempts one might develop to undermine, circumvent, and/or break what the first part, cryptography, is attempting to accomplish.
The focus of Part 1 of this three-part tutorial series is to introduce readers to general concepts and address cryptanalysis in somewhat greater depth. Part 2 addresses cryptographic algorithms and protocols in more detail. Part 3 introduces users to a variety of protocols useful for accomplishing specific and specialized tasks.
Cryptanalysis is absolutely essential to cryptography, albeit in a somewhat negative sense. That is, the only thing that tells you that your cryptographic steps are worthwhile is the fact that cryptanalysis has failed, despite the longstanding efforts of smart and knowledgeable cryptanalysts. Think of this in the same way as automobile crash tests. To test the safety of a car, it's essential to run a few of them into some brick walls to see just where the failure points arise.
You will not be a cryptanalyst after finishing this tutorial. To do that, you need many years of mathematical study, a good mind for a certain way of thinking, and a considerable number of failed attempts at cryptanalysis. Nonetheless, having a general concept of what cryptanalysis does is an essential part of understanding what it means to create cryptographic programs. You might not be able to demonstrate that your protocols are secure, but at least you will know what it means to demonstrate that they are not.

What tools use cryptography?
Some form of cryptography can be found nearly everywhere in computer technology. Popular standalone programs, like PGP and GPG, aid in securing communications. Web browsers and other programs implement cryptographic layers in their channels. Drivers and programs exist to secure files on disk and control access thereto. Some commercial programs use cryptographic mechanisms to limit where their installation and use may occur. Basically, every time you find a need to control the access and usage of computer programs or digital data, you'll find that cryptographic algorithms constitute important parts of the protocol for use of these programs/data.
Contact
David Mertz is a writer, a programmer, and a teacher, who always endeavors to improve his communication with readers (and tutorial takers). He welcomes any comments; please direct them to mertz@gnosis.cx.

Basic concepts
Alice and Bob
Cryptologists like to talk about a familiar pantheon of characters in their cryptographic dramas. This tutorial will discuss these folks a bit; if you read past this tutorial, Alice and Bob and their friends (or enemies) will become your close acquaintances. Say hello to our friends! (They often go by their initials in cryptologists' shorthand).
From The Jargon File: Bruce Schneier's definitive introductory text Applied Cryptography (2nd ed., 1996, John Wiley & Sons, ISBN 0-471-11709-9) introduces a table of dramatis personae headed by Alice and Bob. Others include Carol (a participant in three- and four-party protocols), Dave (a participant in four-party protocols), Eve (an eavesdropper), Mallory (a malicious active attacker), Trent (a trusted arbitrator), Walter (a warden), Peggy (a prover), and Victor (a verifier). These names for roles are either already standard or, because of the wide popularity of the book, may quickly become so.

Encryption and decryption
When discussing encryption, there are a few terms with which you should be familiar. The "message" is the actual data for our concern, also frequently referred to as "plain text" (denoted as "M"). Although referred to as plain text, M is not necessarily ASCII text; it might be any type of unencrypted data. It is "plain" in the sense that it does not require decryption prior to use. The encrypted message is "cipher text" (denoted as "C").
Mathematically, encryption is simply a function from the domain of M into the range of C; decryption is just the reverse function of encryption. In practice, the domain and range of most cryptography functions are the same (that is, bit or byte sequences). We denote encryption with 'C = E(M)', and decryption with 'M = D(C)'. In order for encryption and decryption to do anything useful, the equality M = D(E(M)) will automatically hold (otherwise we do not have a way of getting plain text back out of our cipher text).



Encryption and decryption, part 2
In real-life cryptography, we are not usually concerned with individual encryption and decryption functions, but rather with classes of functions indexed by a key. 'C = E{k}(M)' and 'M = D{k}(C)' denote these. For keyed functions, our corresponding automatic equality is M = D{k}(E{k}(M)). With different key indexes to our function classes, we do not expect equalities like the above (in fact, finding them would usually indicate bad algorithms): M != D{k1}(E{k2}(M)). This inequality works out nicely because all the folks without access to the key K will not know which decryption function to use in deciphering C.
The design of specific cryptographic algorithms has many details, but the basic mathematics are as simple as their portrayal in this tutorial.


Authentication, integrity, non-repudiation
Folks who know just a little bit about cryptography often think of cryptography as methods of hiding data from prying eyes. While this function -- encryption -- is indeed an important part of cryptography, there are many other aspects that are equally important. Here are a few that relate more to proving things about a message than they do to hiding a message.

Authentication : Prove that a message actually originates with its claimed originator. Suppose Peggy wishes to prove she sent a message. Peggy may prove to Victor that the message comes from her by performing a transformation on the message that Victor knows only Peggy knows how to perform (that is, because only Peggy, and maybe Victor, knows the key). Peggy may send the transformation either instead of or in addition to M, depending on the protocol.
Integrity : Prove that a message has not been altered in unauthorized ways. Peggy might demonstrate the integrity of a message in a number of different ways. The most common means is by using a cryptographic hash (discussed later). Anyone may perform a cryptographic hash transformation, in the general case, but Peggy may take steps to publish the hash on a channel less prone to tampering than the message channel.
Non-repudiation : Prevent an originator from denying credit (or blame) for creating or sending a message. Protocols for accomplishing this goal are a bit complicated, but the traditional non-digital world has familiar means of accomplishing the same goal through signatures, notarization, and presentation of photo ID. Non-repudiation has many similarities to authentication, but there are also subtle differences.

Protocols and algorithms
When considering cryptology, it is important to make the distinction between protocols and algorithms. This is especially important in light of the misleading claims sometimes made by companies that produce cryptographic products (either out of carelessness or misrepresentation). For example, a company might claim: "If you use our product, your data is secure because it would take a million years for the fastest computers to break our encryption!" The claim can be true, but still not make for a very good product. A true claim about the strength of an algorithm by itself does not necessarily mean that a whole protocol that uses that algorithm as one of its steps does not have other weaknesses.
A protocol is a specification of the complete set of steps involved in carrying out a cryptographic activity, including explicit specification of how to proceed in every contingency. An algorithm is the much more narrow procedure involved in transforming some digital data into some other digital data. Cryptographic protocols inevitably involve using one or more cryptographic algorithms, but security (and other cryptographic goals) is the product of a total protocol.

Protocols and algorithms, part 2
It is world thinking about a very simple example of a strong algorithm built into a weak protocol. Consider an encryption product designed to allow Alice to send confidential messages to Bob in e-mail. Suppose that the product utilizes the "unbreakable" algorithm E. Even against the "unbreakable" algorithm, Mallory has many ways to intercept Alice's plain text, if the rest of the protocol is weak.