How are types of Cryptography combined in our daily activities?

Nowadays, we spend much time on the Internet for reading news, watching videos, or surfing social networks. But have you ever stopped to consider that Cryptography is continuously protecting our information behind the scenes?

This article will explore three pillars of modern cryptography — symmetric encryption, asymmetric encryption, and hash functions—and see how they work together to keep our data secure.

Symmetric Key

Symmetric Key is the modern improvement of classical cipher encryption. The major challenge is safely distributing the secret key to all intended recipients.

• Single Key Encryption: A single secret key is used for both encryption and decryption.
• Key Sharing: The same key must be shared between the sender and the receiver making key distribution a potential weak point for attackers.

Asymmetric Key

Asymmetric encryption addresses the key-sharing problem by introducing a mathematically linked pair of keys: public and private. However, that leads to high computation costs.

• Key pair Encryption: Messages encrypted with the public key can only be decrypted with the corresponding private key, and vice versa.
• Key Exchange: Public keys can be shared openly, but private keys must remain secret. The private key can't be generated from the public key.

Use case

• Message authentication: The sender uses the receiver’s public key to encrypt, only the receiver’s private key can decrypt.
• Digital signatures: The sender encrypts messages with their private key. The receivers use the sender's public key to decrypt and verify the sender's identity.

Hash Functions

Hash functions don’t encrypt data. They transform data into a fingerprint that reveals if the data has changed.

• One-Way Function: Transform a variable-length string to a fixed-size string (digest). This function is irreversible.
• Collision-Resistance: The same input produces the same hash. If the data is modified, a different hash is generated.

Use case

• Credentials storage: Only the hash value of user credentials is stored in the database. Comparing hashes can authenticate users without revealing their raw passwords.
• Data integrity: The sender computes and publishes the message's digest. The receiver recomputes the hash value and compares it to check if the data is modified.

Hybrid cryptography

Many real-world systems combine types of encryption to leverage their advantages.

HTTPS / TLS

• Asymmetric encryption (e.g., RSA/ECC) is used during the TLS handshake to verify server identity and secure symmetric key delivery.
• The symmetric key (e.g., AES) is then used for the bulk data encryption for the rest of the session.
• Hash functions (e.g., SHA-2) are used to ensure data integrity in the transfer progress.

Digital Signatures

• Signers hash the message first, then use an asymmetric private key to sign the hash value.
• Recipients verify the signature using the signer’s public key and the same hash function.

References:

• https://www.ibm.com/think/topics/cryptography-types
• https://www.webopedia.com/definitions/cryptography/
• https://blog.bytebytego.com/p/how-does-https-work-episode-6
• https://www.sectigo.com/resource-library/how-digital-signatures-work
• https://www.okta.com/identity-101/hmac/