The Building Block of Cryptography:

Algorithms
Cryptography is the fundamental block of today’s digital world. Its applications in
protecting sensitive data and securing communication have improved the
importance of cryptography. In today’s blog, we will discuss its building blocks:
algorithms.

What are algorithms?

Algorithms are the key concept of cryptography. They mainly include

mathematical and logical concepts to encrypt and decrypt the text. Encryption is a
process which turns the readable text (plaintext) into an unreadable text
(ciphertext) that only authorized ones have access to. Alternatively, decryption is
opposite of encryption, meaning that the ciphertext is turning into plaintext.
Diffusion and confusion are two essential principles in cryptography that
strengthen encryption. Diffusion ensures that a small change in the plaintext
spreads across the entire ciphertext, making patterns in the input harder to detect.
This is achieved by rearranging or mixing bits during the encryption process, such
as in AES’s ShiftRows and MixColumns steps. Confusion, on the other hand,
obscures the relationship between the plaintext, ciphertext, and encryption key,
making it difficult for an attacker to reverse-engineer the key. This is done using
nonlinear transformations, like the S-box substitution in AES. Together, diffusion
and confusion work to make encrypted data highly secure and resistant to attacks.
Algorithms provide confidentiality, integrity and authentication. The algorithms
are mainly divided into three main groups: symmetric, asymmetric and hashing
functions.

What are Symmetric Cryptographic Algorithms?

Symmetric key algorithm is considered oldest form of cryptography. In the
previous paper, we mentioned the Ceaser cipher. This is the oldest example of
symmetric algorithms. Due to simplicity of technology, symmetric algorithms
were considered the strongest way to secure data and information. However, as
time passed and technology was developed, the ciphers were improved as well.
The main idea of symmetric cryptography is using the same secret key for both
encryption and decryption. In this algorithm, both sides should have the secret key.
When the message is sent, the sender should encrypt the text with a key and send
the ciphertext. Meanwhile, the receiver gets the secret key through a secure
channel and decrypts the ciphertext with this key and reads the message.
Therefore, in other words, this algorithm is named as secret key cryptography.

What popular symmetric algorithms exist?

Symmetric cryptography itself is divided into two groups: stream and block
ciphers.

Stream ciphers are algorithms that encrypt the text bit by bit. They create the
keystream—a pseudo-random bit sequence—using a key stream generator. They
then combine the keystream with the plaintext using XOR to create the ciphertext.
This results in a longer encryption time and decreases efficiency when large
datasets are encrypted. However, for live happenings such as video calls, stream
ciphers are more efficient as they encrypt every bit.

Block ciphers, however, are encrypting the plaintext with fixed-size blocks such as
64 or 128, instead of bits. This increases the time complexity and robustness. They
divide the given plaintext into blocks and each block is encrypted separately. There
a question arises. What if the number of data is not divisible by block size? Then at
this point Padding schemes like PKCS#7 are used to fill the last block. During the
encryption process, the plaintext goes through a number of substitution and
permutation operations. When it comes to decryption, it uses the same secret key
and reverses each block back. Block ciphers have deterministic behavior, meaning
that the plaintext and key always gives the same ciphertext. Therefore, it is
important to choose an appropriate mode of operations for encryption.

Which modes of operation are commonly used in block ciphers?

Block ciphers have four common modes. The first mode is Electronic Codebook
(ECB) which encrypts each block; however, repetitions may result in the reveal of
the plaintext. The second mode is Cipher Block Chaining (CBC) that encrypts each
plaintext block with the previous ciphertext block, consequently, increasing
security. Counter (CTR) is the third of these modes. It is a mode where blocks are
converted to streams and XOR with the plaintext. Lastly, Galois/Counter Mode
(GCM) increases the confidentiality and authenticity by combining encryption
with integrity.

What are the key algorithms of block ciphers?

The main samples of block ciphers are considered as DES and AES. Data
Encryption Standard (DES) is one of the oldest and most researched algorithms.
Though it was considered as the most influential algorithm, due to the
advancement of technology, its security has been degraded. Understanding the
mathematical foundation of DES reveals both its strengths and the limitations that
have made it vulnerable in the modern era.

DES relies on several mathematical concepts, primarily permutations,

substitutions, and modular arithmetic to convert plaintext into ciphertext. DES
operates on a 64-bit block of data using a 56-bit key, broken down into 16 rounds
of encryption. Each round employs a structure where the data block is split into
two halves: the left half undergoes a transformation based on a round key, and the
result is XORed with the right half. This process is repeated with swapped halves
in each subsequent round. A core mathematical operation in DES is the use of S-
boxes (Substitution Boxes), which perform nonlinear substitutions on the data,
introducing confusion to obscure the relationship between the key and the
ciphertext. DES also heavily relies on permutations to reorder bits, enhancing
diffusion by spreading the influence of each plaintext bit across the ciphertext.
These operations, combined with modular arithmetic and carefully designed round
keys derived from the initial key, form the cryptographic strength of DES,
balancing efficiency and complexity. However, advances in computational power
have rendered DES vulnerable to brute-force attacks, leading to its gradual
replacement by more secure algorithms like AES.

Advanced Encryption Standard (AES) has been approved by NIST (National

Institute of Standards and Technology) in 2001. Since then, it has been widely
used in applications of cryptography. Similar to DES, AES also relies on essential
mathematical concepts.
Its encryption process is built on a substitution-permutation network (SPN) and
involves a sequence of mathematical operations applied over multiple rounds (10,
12, or 14, depending on the key length). The plaintext is first converted into a 4x4
state matrix of bytes. In each round, the several transformations are performed
such as SubBytes, where each byte is replaced using a nonlinear substitution table
(S-box) that provides confusion; ShiftRows, where rows of the state matrix are
cyclically shifted to introduce diffusion; MixColumns, where columns are treated
as polynomials over the finite field GF(2 8) and multiplied by a fixed polynomial to
mix data across bytes within each column; and AddRoundKey, where the state
matrix is XORed with a round key derived from the original key using the key
schedule algorithm. These transformations work together to obscure the
relationship between the plaintext, ciphertext, and key. The final round omits the
MixColumns step, producing the encrypted ciphertext.

Why does AES outweigh the DES?

The Advanced Encryption Standard (AES) is significantly stronger than its
predecessor, the Data Encryption Standard (DES), due to its modern design, larger
key lengths, and advanced cryptographic techniques. This result is derived from
several points. Firstly, while DES uses a 56-bit key, making it vulnerable to brute-
force attacks, AES supports key lengths of 128, 192, and 256 bits, exponentially
increasing its resistance to such attacks. Additionally, AES processes data in 128-
bit blocks compared to DES's 64-bit blocks, reducing the likelihood of pattern
repetition in large datasets. Its substitution-permutation network (SPN) structure
and use of advanced mathematics, such as operations in the Galois Field (GF(2 8)),
provide stronger confusion and diffusion than DES's Feistel network. AES also
includes more encryption rounds (10, 12, or 14, depending on the key size) and is
optimized for both hardware and software implementations, ensuring efficiency
across diverse platforms. Unlike DES, which is vulnerable to cryptanalytic
techniques such as differential and linear cryptanalysis, AES is designed to resist
all known attacks, making it the global standard for secure encryption in the
modern digital era.

What are Asymmetric Cryptographic Algorithms?

An asymmetric key algorithm is an algorithm where a pair of secret and public
keys is used to encrypt and decrypt the data. In other words, this algorithm is
called public-key cryptography. In this algorithm, no keys are shared secretly. The
plaintext is encrypted with a public key that is known by everyone and the
ciphertext can only be decrypted with the corresponding secret key. Due to
advanced usage mathematical concepts, asymmetric algorithms are more resistant
to security attacks. Asymmetric key algorithms can be applied in secure
communication, digital signatures, key exchange and blockchain.

What are prominent examples of asymmetric algorithms?

Most used asymmetric algorithms are considered to be RSA, ECC and Diffie-
Hellman Key Exchange.

What is RSA?
RSA (Rivest-Shamir-Adleman) was developed by three collaborators Ron Rivest,
Adi Shamir and Leonard Adleman, who named the algorithm with the initials of
their surnames, in 1977. This algorithm is based on a mathematical concept, called
prime factorization and uses public-private key pair. The public key encrypts the
plaintext and only the appropriate private key can decrypt it. RSA’s security relies
on fundamental mathematical concepts, primarily the difficulty of factoring large
composite numbers into their prime components.

What mathematical algorithm stands behind RSA?

The RSA algorithm secures data using principles of modular arithmetic and the
difficulty of factoring large numbers. It begins with selecting two large prime
numbers, p and q, which are multiplied to produce n, a key component. From
these, a value ϕ(n) is calculated, representing the total numbers less than n that are
relatively prime to it. A public exponent e, usually some numbers like 3, 17 or
65537, is chosen such that it shares no common factors with ϕ(n). The private key
d is then computed as the modular inverse of e, ensuring e⋅d mod ϕ(n) = 1. To
encrypt, the sender transforms a message M into ciphertext C using the formula C
= Me mod n. The recipient decrypts it back to M using M = Cd mod n.

What is ECC?
Elliptic Curve Cryptography (ECC) is a modern asymmetric cryptographic
algorithm developed to provide the same level of security as other algorithms like
RSA but with significantly smaller key sizes. ECC is based on the mathematical
structure of elliptic curves over finite fields. Its security relies on the difficulty of
solving the Elliptic Curve Discrete Logarithm Problem (ECDLP), making ECC
highly efficient and suitable for resource-constrained environments. ECC is most
suitable for mobile devices and IoT systems.
What mathematical concepts does ECC rely on?
ECC relies on the mathematical properties of elliptic curves described by the
equation y2 = x3 + ax + b mod p, ensuring secure and efficient encryption. To
encrypt, the sender generates a random integer k and computes two points: P 1 =
k⋅G for key exchange and P2 = M + k⋅Q where M is the message and Q is the
recipient’s public key. The recipient decrypts by calculating k⋅Q=d⋅P1 using their
private key d and recovering M from P2−k⋅Q.
What is Diffie-Hellman Key Exchange?
Diffie-Hellman Key Exchange is considered to be one of the earliest and most
influential asymmetric cryptographic algorithms. It was developed in 1976 by
Whitfield Diffie and Martin Hellman. This algorithm allows two sides to securely
exchange cryptographic keys over an insecure channel without needing prior
shared secrets. Unlike RSA, Diffie-Hellman is mainly focused on key exchange,
instead of encryption. Its security is based on Discrete Logarithm Problem.

What mathematical concepts stand behind Diffie-Hellman?

The Diffie-Hellman algorithm uses principles of modular arithmetic and the
difficulty of solving discrete logarithms in finite groups. It begins with two parties,
Alice and Bob, agreeing on a large prime number p and a generator g, which are
public parameters. Each party generates a private key: Alice selects a and Bob
selects b, both kept as a secret. They compute their corresponding public keys as A
= ga mod p and B = gb mod p and exchange these public values. Using the received
public key, each party calculates the shared secret S: Alice computes S = B a mod p,
and Bob computes S = Ab mod p. Due to the properties of modular arithmetic, both
computations yield the same shared secret S = g ab mod p, which can then be used
as a symmetric encryption key. The security of Diffie-Hellman lies in the fact that,
while it is easy to compute g a mod p or gb mod p, it is computationally infeasible to
derive a or b from these public values without solving the discrete logarithm
problem.

In this paper, we explored the foundational building blocks of cryptography:

symmetric and asymmetric algorithms, along with their mathematical principles
and applications. We examined key symmetric methods like DES and AES, which
rely on principles such as confusion and diffusion, and highlighted how AES has
surpassed DES due to its stronger design and larger key sizes. In asymmetric
cryptography, we discussed RSA, ECC, and Diffie-Hellman, each offering unique
strengths in encryption, key exchange, and efficiency, all rooted in mathematical
problems like prime factorization and discrete logarithms. However, the rise of
quantum computing poses a significant threat to these cryptographic methods.
Quantum algorithms, such as Shor’s Algorithm, have the potential to break RSA,
ECC, and Diffie-Hellman by solving their underlying mathematical problems
exponentially faster than classical computers. This emerging challenge underscores
the need for developing quantum-resistant cryptographic solutions, ensuring the
continued security of digital communication in the quantum era.

Reference:

A.Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography. CRC Press,

October 1996.

S. Singh, The Code Book: The Science of Secrecy from Ancient Egypt to Quantum
Cryptography, Anchor, 2000.

C. Paar, J. Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners.

Springer-Verlag Berlin Heidelberg, 2010.

J. Hoffstein, J. Pipher, J.H. Silverman, An Introduction to Mathematical Cryptography. Springer-

Verlag, 2nd Edition, 2014.