Computer Science and Cryptography: Foundations of Digital Security

The Role of Cryptography in Computer Science

Cryptography is one of the fundamental and critical subfields of computer science. It originates from the Greek words kryptos (secret) and graphein (writing). The need to protect information has been a basic human drive since ancient times; however, modern cryptography, born at the intersection of mathematics and computer science, is a completely different discipline. Today, every online banking transaction we make, every email we send, and every digital signature we use relies on cryptographic algorithms.

Claude Shannon's 1949 paper, "Communication Theory of Secrecy Systems", marked a turning point in transforming cryptography from a speculative art to a mathematical science. By applying information theory concepts to encryption systems, Shannon defined the concept of perfect secrecy. He demonstrated that the one-time pad (single-use encryption pad) method achieves this property, but its practicality is limited due to key distribution issues. Shannon's work also introduced two fundamental principles of modern cryptography: confusion and diffusion. Confusion complicates the relationship between the key and encrypted text, while diffusion disperses statistical patterns in the plaintext throughout the ciphertext.

In this article, we will delve into the historical origins of cryptography, covering symmetric and asymmetric encryption algorithms, hash functions, digital signature mechanisms, Public Key Infrastructure (PKI) structures, TLS/SSL protocols, blockchain applications, and post-quantum cryptography approaches developed to counter quantum threats.

Historical Perspective: From Caesar to Enigma

One of the earliest known examples of cryptography dates back to hieroglyphic symbol substitution practices in ancient Egypt around 1900 BC. However, systematic encryption begins with the Caesar Cipher, named after Julius Caesar. In this method, each letter is shifted by a fixed number of positions in the alphabet. Mathematically expressed as: E(x) = (x + k) mod 26, where k is the shift amount. The Caesar cipher is a monoalphabetic substitution cipher and contains only 25 possible keys, making it extremely vulnerable to brute-force attacks.

In the 9th century, Arab mathematician Al-Kindi defined the frequency analysis technique in his work Risalah fi Istikhraj al-Mu'amma. This method relies on the fact that each letter in any language has a specific usage frequency. For example, in Turkish, the letters 'a' and 'e' are among the most frequently used. Frequency analysis remains a fundamental method for breaking monoalphabetic substitution ciphers to this day.

In the 15th century, Leon Battista Alberti's development of polyalphabetic encryption and the subsequent Vigenère cipher — named after Blaise de Vigenère — was a significant advance that made frequency analysis much harder. The Vigenère cipher applies a different shift to each letter using a keyword. For centuries it was considered unbreakable; however, in 1863, Friedrich Kasiski — and independently Charles Babbage — developed a method to break it by determining the key length.

The most dramatic cryptography episode of the 20th century is undoubtedly the Enigma story. The Enigma machine used by Nazi Germany produced an astronomical number of possible settings thanks to its combination of rotors, reflector, and plugboard — roughly 158 quintillion (158 × 10^18) different configurations were possible. The pioneering work of Polish mathematicians Marian Rejewski, Jerzy Różycki, and Henryk Zygalski — followed by the Bombe machine built by Alan Turing's team at Bletchley Park — made breaking Enigma possible. Historians estimate that breaking Enigma shortened the war by about two years. Turing's work not only changed the course of the war but also laid the foundations of modern computer science and algorithm theory.

Symmetric Encryption: Same Key for Encryption and Decryption

Symmetric-key cryptography is a method in which the same secret key is used for both encryption and decryption. Because of its speed advantage, it is preferred for large-volume data encryption. It is divided into two main categories: block ciphers and stream ciphers. Block ciphers operate on fixed-size blocks of data, while stream ciphers encrypt data at the bit or byte level. ChaCha20, designed by Daniel Bernstein, is a modern stream cipher used as an alternative to AES, especially on mobile devices.

Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES)

Data Encryption Standard (DES) was adopted by NIST (then known as NBS) as a federal standard in 1977. It was developed from the Lucifer algorithm by Horst Feistel at IBM. DES operates on 64-bit blocks using a 56-bit key and employs a 16-round Feistel network structure. In each round, the data block is split into two parts, undergoes expansion permutation, key mixing, S-box substitution, and permutation operations. With the increase in computer power in the 1990s, the 56-bit key length became insufficient. In 1998, the Electronic Frontier Foundation (EFF) demonstrated the insecurity of the algorithm by cracking a DES key in 56 hours using custom hardware called the DES Cracker. As a temporary solution, Triple DES (3DES) was developed; this method applies DES three times sequentially (encrypt-decrypt-encrypt mode, EDE mode) to effectively increase the key length to 112 bits. However, 3DES has poor performance and NIST does not recommend its use after 2023.

Advanced Encryption Standard (AES): Today's Gold Standard

AES (Advanced Encryption Standard) was adopted by NIST in 2001 (FIPS 197) as the replacement for DES. Following an open competition in which 15 algorithms from around the world competed, the Rijndael algorithm, developed by Joan Daemen and Vincent Rijmen, was chosen. Instead of a Feistel structure, AES uses a substitution-permutation network (SPN). It works with a 128-bit block size and supports key lengths of 128, 192, or 256 bits. Each round consists of four basic operations: SubBytes (byte substitution over the Galois field GF(2^8)), ShiftRows (row shifting), MixColumns (column mixing — matrix multiplication in the Galois field), and AddRoundKey (key addition). The number of rounds is 10, 12, or 14, depending on the key length.

The security of AES relies on its resistance to any known practical attacks. Although theoretical works such as the Biclique attack may offer marginally better results than brute force, they are impractical to implement. AES-256 has been approved by the NSA for encrypting top-secret information. Hardware acceleration instructions in modern processors, such as AES-NI, enable AES encryption/decryption operations at levels of gigabytes per second. In our daily lives, all Wi-Fi security (WPA2/WPA3), disk encryption (BitLocker, FileVault, LUKS), VPN tunnels, and HTTPS connections use AES.

Modes of Operation

Block ciphers only encrypt fixed-size blocks individually. In real-world applications, different modes of operation are used. The ECB (Electronic Codebook) mode is the simplest but has a significant security vulnerability due to producing identical encrypted blocks for identical plaintext blocks, as seen in the famous "ECB penguin" example, where patterns in the encrypted image reveal the original image. The CBC (Cipher Block Chaining) mode solves this problem by XORing each block with the previous encrypted block, but it cannot be parallelized and may be vulnerable to attacks like POODLE. The CTR (Counter) mode uses the block cipher like a stream cipher and allows parallelization. The GCM (Galois/Counter Mode) is a modern choice that provides both confidentiality and authentication (authenticated encryption with associated data — AEAD). It is defined in the NIST SP 800-38D standard and is the default mode in TLS 1.3.

Asymmetric Encryption: The Open Key Revolution

In 1976, Whitfield Diffie and Martin Hellman's paper "New Directions in Cryptography" was a revolutionary work in cryptography history. The article introduced the Diffie-Hellman key exchange protocol, which shows that two parties can agree on a secret key over an insecure channel. The protocol relies on the computational difficulty of the discrete logarithm problem. Interestingly, a similar method had been discovered earlier by James Ellis, Clifford Cocks, and Malcolm Williamson at the British intelligence agency GCHQ, but it remained unpublished due to secrecy concerns.

The RSA Algorithm

Developed in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman, RSA is the first practical public-key encryption and digital signature system. RSA's security relies on the computational difficulty of factoring large integers (integer factorization). Key generation works as follows: two large prime numbers p and q are chosen, n = p × q is computed, Euler's totient function φ(n) = (p-1)(q-1) is calculated, a public exponent e is chosen such that gcd(e, φ(n)) = 1 (typically 65537), and the private exponent d is computed as d ≡ e^-1 (mod φ(n)). The public key is (e, n) and the private key is (d, n). Encryption: c = m^e mod n; decryption: m = c^d mod n. A key length of at least 2048 bits is recommended today; 4096 bits is preferred for high-security applications. NIST has noted that 2048 bits may not be sufficient after 2030.

Elliptic Curve Cryptography (ECC)

Independently proposed in 1985 by Neal Koblitz and Victor Miller, ECC is based on the discrete logarithm problem over elliptic curves and provides the same level of security with much shorter key lengths. A 256-bit ECC key offers security equivalent to roughly a 3072-bit RSA key. This efficiency makes ECC the preferred choice in resource-constrained environments such as mobile devices and the IoT. The curves recommended by NIST include P-256, P-384, and P-521, although the NSA's possible influence on the parameters of these curves remains a matter of debate. Curve25519, designed by Daniel Bernstein, has rapidly become widespread in modern applications thanks to its high performance, constant-time implementability, and resistance to side-channel attacks. The Signal protocol, WireGuard VPN, SSH (Ed25519), and TLS 1.3 all support this curve.

Hash Functions and Data Integrity

Cryptographic hash functions are one-way functions that convert any length input to a fixed-length output (digest). A cryptographic hash function should have three fundamental properties for security: pre-image resistance – it should be computationally impossible to obtain the input from the output; second pre-image resistance – it should be impossible to find a different input that produces the same output given an input; and collision resistance – it should be impossible to find two different inputs that produce the same output. Due to the birthday paradox, finding collisions in an n-bit hash function requires approximately 2^n/2 attempts.

MD5 (128-bit output, designed by Ron Rivest in 1991) and SHA-1 (160-bit output, designed by the NSA) are no longer considered secure. In 2004, Xiaoyun Wang and her team found practical collisions in MD5; in 2017, Google and CWI Amsterdam demonstrated the first practical collision in SHA-1 through the SHAttered project (requiring roughly 9 quintillion SHA-1 computations). Today, the SHA-2 family (SHA-256, SHA-384, SHA-512) is the standard in widespread use. SHA-256 underpins Bitcoin mining. Standardized by NIST in 2015, SHA-3 (Keccak, designed by Guido Bertoni and his team) has a completely different internal structure — a sponge construction — and stands ready as a backup should a vulnerability ever be found in SHA-2.

Hash functions are used in various areas such as password storage (with key derivation functions like bcrypt, scrypt, Argon2 – using plain hash functions makes them vulnerable to rainbow table attacks), file integrity verification, digital signatures, Merkle trees in blockchains, HMAC (Hash-based Message Authentication Code, RFC 2104), and HKDF (HMAC-based Key Derivation Function).

Digital Signatures and PKI Infrastructure

Digital signatures provide authentication, integrity, and non-repudiation of a message or document through cryptographic mechanisms. They are the digital equivalent of handwritten signatures but offer much stronger security guarantees. The signing process works as follows: the hash value of the message is calculated, this hash value is encrypted with the sender's private key, and the resulting signature is sent along with the message. The recipient verifies the signature using the sender's public key and compares the hash values.

Common digital signature algorithms include RSA-PSS (Probabilistic Signature Scheme – more secure than deterministic PKCS#1 v1.5), DSA (Digital Signature Algorithm – defined in NIST FIPS 186), ECDSA (Elliptic Curve DSA – used by Bitcoin and Ethereum), and EdDSA (Edwards-curve DSA, particularly Ed25519). EdDSA is less susceptible to vulnerabilities in random number generators due to its deterministic nature – a random number error in the ECDSA implementation on the Sony PlayStation 3 led to the compromise of the private key in 2010. Therefore, EdDSA is preferred over ECDSA for security reasons.

Public Key Infrastructure (PKI) is the trust infrastructure that binds public keys to identities via digital certificates. Digital certificates, defined by the X.509 standard (ITU-T, RFC 5280), are signed by a Certificate Authority (CA). Certificate chains create a hierarchical trust model extending from a root CA through intermediate CAs to end-user certificates. Browsers and operating systems ship with trusted root CA certificates pre-installed. Free CA services such as Let's Encrypt (operated by the Internet Security Research Group) enable automated certificate issuance and renewal via the ACME protocol, revolutionizing the spread of HTTPS. As of 2024, more than 95% of web traffic occurs over HTTPS. Certificate Transparency (CT) logs provide an open audit mechanism to detect the issuance of fraudulent certificates — aiming to prevent incidents like the 2011 DigiNotar CA breach from recurring.

Transport Layer Security (TLS) Protocol: The Backbone of Internet Security

TLS (Transport Layer Security) is the fundamental protocol that encrypts communication over the internet. The successor to SSL (Secure Sockets Layer), developed by Netscape, TLS began with TLS 1.0 (RFC 2246) in 1999 and received significant improvements with TLS 1.3 (RFC 8446), published in 2018. Support for TLS 1.0 and 1.1 was removed by all major browsers in 2020; while TLS 1.2 is still widely used, the transition to TLS 1.3 is accelerating.

TLS 1.3 brings several improvements over previous versions: The handshake process has been reduced to 1 round-trip time (RTT) from 2 RTTs. With the 0-RTT (early data) mode, data can be sent immediately to previously connected servers (with the risk of replay attacks). Weak cipher suites (CBC mode, RC4, 3DES, static RSA key exchange, MD5 and SHA-1-based signatures) have been completely removed. Only AEAD (Authenticated Encryption with Associated Data) encryption modes are supported: AES-128-GCM, AES-256-GCM, and ChaCha20-Poly1305. Perfect forward secrecy has been made mandatory – only ephemeral Diffie-Hellman or ECDHE key exchange is used. This way, even if the server's private key is compromised, past session data cannot be decrypted.

A typical TLS 1.3 handshake over an HTTPS connection involves the following steps: The client sends supported encryption packages and key exchange parameters (ClientHello). The server presents its certificate, completes the key exchange, and concludes the handshake securely (ServerHello, EncryptedExtensions, Certificate, CertificateVerify, Finished). The client verifies the certificate and initiates encrypted application data transmission. This entire process is completed within a single round-trip over the network.

Blockchain and Cryptography

The blockchain technology has brought together many components of cryptography to provide a practical field for the concretization of cryptographic concepts. This structure, defined by Satoshi Nakamoto in his 2008 article on Bitcoin, relies on several cryptographic elements: the SHA-256 hashing function, which is used for linking blocks and the Proof of Work (PoW) mechanism – miners find the nonce value that makes the block's hash start with a certain number of zeros after performing trillions of SHA-256 calculations. The ECDSA (using the secp256k1 curve) is used for digital signing of transactions. Merkle trees enable the verification of the integrity of all transactions within a block using a single root hash value, allowing lightweight clients (SPV nodes) to validate transactions without downloading the entire blockchain.

Ethereum uses the Keccak-256 hash function and, via smart contracts, has made cryptographic protocols programmable. Zero-knowledge proof technologies — in particular zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge) and zk-STARKs (Scalable Transparent Arguments of Knowledge) — make it possible to prove the truth of a piece of information without revealing the information itself. This technology is used in privacy-focused cryptocurrencies such as Zcash, and in Ethereum's scalability solutions (zk-rollups: zkSync, StarkNet, Polygon zkEVM).

Quantum Computing and Post-Quantum Cryptography

Quantum computers have the potential to undermine the foundations of modern cryptography. The Shor algorithm, developed by Peter Shor in 1994, can factor large numbers into their prime factors and solve the discrete logarithm problem in polynomial time on quantum computers. This means that RSA, DSA, ECDSA, Diffie-Hellman, and all elliptic curve-based algorithms will become insecure against quantum computers. The Grover algorithm also reduces the security of symmetric encryption and hash functions by a square root, making AES-256 equivalent to AES-128 in the quantum era. For symmetric algorithms, the solution is simple: increasing key length by two times is sufficient. However, for asymmetric algorithms, entirely new mathematical structures are required.

To counter this threat, NIST has been running the post-quantum cryptography standardization process since 2016. After a long evaluation in which 82 candidates competed, the first standards were published in 2024:

• ML-KEM (CRYSTALS-Kyber, FIPS 203): A module-lattice-based key encapsulation mechanism. Its security rests on the hardness of the Learning With Errors (LWE) problem. It will replace RSA/ECDH in TLS and other key-exchange protocols.
• ML-DSA (CRYSTALS-Dilithium, FIPS 204): A module-lattice-based digital signature algorithm. Recommended for general-purpose digital signature use.
• SLH-DSA (SPHINCS+, FIPS 205): A hash-based digital signature algorithm designed as a backup against potential weaknesses that might later be discovered in lattice-based algorithms — its security depends solely on the security of hash functions.

Quantum threat has yet to materialize, but due to the harvest now, decrypt later strategy, action needs to be taken today. State-backed actors can store encrypted traffic captured today, allowing them to decrypt this data when sufficiently powerful quantum computers (Cryptographically Relevant Quantum Computers) become available. The NSA mandated in its 2022 CNSA 2.0 guide that federal systems transition to post-quantum algorithms by 2035.

A hybrid approach is being proposed during the transition process: using existing classical algorithms together with post-quantum algorithms. Google Chrome has enabled X25519Kyber768 hybrid key exchange by default for TLS connections in 2024. The Signal messaging protocol has also added post-quantum protection with the PQXDH protocol. Cloudflare and Amazon Web Services have begun to offer post-quantum TLS support.

Side-Channel Attacks and Implementation Security

Even if cryptographic algorithms have strong theoretical security, vulnerabilities in their implementation can compromise all security. Side-channel attacks, which target key extraction by exploiting information leaked from the physical implementation of the algorithm, pose a significant threat. Timing attacks (Paul Kocher, 1996), for instance, analyze differences in processing times to extract sensitive information, such as the exponent in RSA operations varying based on the private key. Power analysis (simple SPA and differential DPA) attacks also extract key information from device power consumption patterns. Even electromagnetic emission attacks and acoustic cryptanalysis have been researched.

To defend against such attacks, constant-time implementations, techniques that mask power consumption, randomized delay insertion, and physical countermeasures are used. The famous Heartbleed vulnerability (CVE-2014-0160) stemmed from a buffer overflow bug in OpenSSL and leaked private keys, passwords, and session data from servers' memory. Affecting roughly one third of the internet, this incident painfully demonstrated that in cryptography, the quality of an implementation and the rigor of code review are just as critical as the design of the algorithm itself.

The Future of Cryptography

Cryptography remains one of the most dynamic and critical areas of computer science. From the foundations of Shannon's information theory to Turing's work on Enigma, from Diffie-Hellman's breakthrough in public key cryptography to today's post-quantum algorithms, this journey represents one of humanity's most sophisticated achievements. In the digital age, secure communication, e-commerce, digital identity, and privacy are unimaginable without cryptography.

Looking to the future, several areas stand out. Fully Homomorphic Encryption (FHE) enables computation on encrypted data without first decrypting it; significant performance improvements have been achieved since Craig Gentry's groundbreaking 2009 work. Secure Multi-Party Computation (MPC) allows multiple parties to perform a joint computation without revealing their individual data to one another. Differential privacy mathematically guarantees the privacy of individuals when extracting statistical information from datasets. The transition to post-quantum cryptography, the full rollout of TLS 1.3, and advances in privacy-enhancing technologies (PETs) reaffirm once again that cryptography is not merely a security tool but a fundamental infrastructure of digital society.