Cryptography terms

50 terms

• Cryptography

  The science of securing information through mathematical techniques that provide confidentiality, integrity, authenticity, and non-repudiation in the presence of adversaries.

• Encryption

  The cryptographic transformation of plaintext into ciphertext using an algorithm and key so that only authorized parties can recover the original data.

• Decryption

  The reverse cryptographic operation that converts ciphertext back into its original plaintext using the appropriate algorithm and key.

• Symmetric Encryption

  An encryption scheme in which the same secret key is used for both encryption and decryption, offering high speed and strong confidentiality when the key is shared securely.

• Asymmetric Encryption

  A cryptographic scheme that uses mathematically linked key pairs — a public key for encryption and a private key for decryption — to enable secure communication without prior secret sharing.

• Public-Key Cryptography

  A branch of cryptography that uses paired public and private keys to enable encryption, key exchange, digital signatures, and authentication without a pre-shared secret.

• Private Key

  The secret half of an asymmetric key pair, used to decrypt ciphertext addressed to its owner or to create digital signatures that prove the owner's identity.

• Public Key

  The freely distributable half of an asymmetric key pair, used to encrypt messages for its owner or to verify digital signatures produced by the matching private key.

• AES (Advanced Encryption Standard)

  A NIST-standardized 128-bit block cipher with 128-, 192- or 256-bit keys, designed by Daemen and Rijmen and used as the dominant symmetric cipher worldwide.

• DES (Data Encryption Standard)

  An obsolete 64-bit block cipher with a 56-bit key, standardized by NBS in 1977 and now considered broken because its key space can be exhausted in hours.

• Triple DES (3DES)

  A legacy block cipher that applies the DES algorithm three times with two or three keys to extend its key length; now retired by NIST and considered obsolete.

• RSA Algorithm

  A public-key algorithm by Rivest, Shamir and Adleman (1977) whose security rests on the difficulty of factoring the product of two large prime numbers.

• Elliptic Curve Cryptography (ECC)

  A family of public-key algorithms based on the algebraic structure of elliptic curves over finite fields, offering equivalent security to RSA with much smaller keys.

• ECDSA

  The elliptic-curve variant of the Digital Signature Algorithm, standardized in FIPS 186, producing compact signatures whose security relies on the elliptic-curve discrete logarithm problem.

• Diffie–Hellman Key Exchange

  A public-key protocol that lets two parties derive a shared secret over an insecure channel without ever transmitting it, based on the difficulty of the discrete logarithm problem.

• ECDH

  The elliptic-curve variant of the Diffie–Hellman key-exchange protocol, providing the same shared-secret functionality with smaller keys and faster operations.

• Blowfish

  A 64-bit-block, variable-key-length Feistel cipher designed by Bruce Schneier in 1993; secure cryptanalytically but limited by a small block size and superseded by AES.

• Twofish

  A 128-bit-block, 128/192/256-bit-key symmetric cipher designed by Schneier et al. as an AES competition finalist; secure but rarely used because AES became the standard.

• ChaCha20

  A modern stream cipher designed by Daniel J. Bernstein, using a 256-bit key and 96-bit nonce, widely deployed alongside Poly1305 as the AEAD ChaCha20-Poly1305.

• Salsa20

  A 256-bit-key stream cipher designed by Daniel J. Bernstein in 2005, selected by the eSTREAM portfolio and the direct ancestor of ChaCha20.

• Block Cipher

  A symmetric cipher that encrypts fixed-size blocks of plaintext with a secret key, usually combined with a mode of operation to handle data of arbitrary length.

• Stream Cipher

  A symmetric cipher that encrypts data one bit or byte at a time by XORing it with a pseudorandom keystream derived from a key and nonce.

• Cipher Suite

  A named combination of cryptographic algorithms — key exchange, authentication, bulk encryption, and integrity — negotiated by protocols such as TLS for a given session.

• Cryptographic Hash Function

  A deterministic one-way function that maps arbitrary-length input to a fixed-length digest, designed to be collision-, preimage-, and second-preimage-resistant.

• MD5

  A 128-bit cryptographic hash function designed by Ron Rivest in 1992; now broken — practical collisions are trivial and it must not be used for any security-sensitive purpose.

• SHA-1

  A cryptographic hash function producing a 160-bit digest, designed by the NSA in 1995 and now considered broken for collision resistance.

• SHA-256

  A 256-bit cryptographic hash function from the SHA-2 family, widely used for digital signatures, TLS, blockchains, and integrity verification.

• SHA-3

  A family of hash functions based on the Keccak sponge construction, standardized by NIST as a structurally different alternative to SHA-2.

• BLAKE2

  A fast, modern cryptographic hash function specified in RFC 7693, offering security comparable to SHA-3 with significantly higher performance in software.

• Argon2

  A modern memory-hard password hashing function and KDF, winner of the 2015 Password Hashing Competition and specified in RFC 9106.

• bcrypt

  An adaptive password-hashing function based on the Blowfish cipher with a tunable cost factor, designed by Provos and Mazières in 1999.

• scrypt

  A memory-hard password-based KDF designed by Colin Percival in 2009 and specified in RFC 7914, used for password hashing and for proof-of-work in some cryptocurrencies.

• PBKDF2

  A password-based key derivation function defined in PKCS #5 / RFC 8018 that applies a pseudorandom function with a configurable iteration count and salt.

• HMAC

  A keyed Message Authentication Code construction built on top of a cryptographic hash function, defined in RFC 2104 and FIPS 198-1.

• Digital Signature

  A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.

• Message Authentication Code (MAC)

  A short symmetric-key tag that authenticates a message and detects tampering, computed and verified with the same shared secret.

• Salt

  A unique random value combined with a password before hashing to defeat rainbow tables and ensure each user's hash is distinct.

• Pepper

  A server-side secret combined with each password before hashing, held separately from the database to mitigate offline cracking after a hash leak.

• Nonce

  A "number used once" supplied to a cryptographic algorithm to guarantee freshness and prevent replay or key/IV reuse.

• Initialization Vector (IV)

  A randomized starting value for a block-cipher mode of operation that ensures identical plaintexts encrypted under the same key yield different ciphertexts.

• Perfect Forward Secrecy

  A protocol property ensuring that the compromise of long-term keys does not allow decryption of past session traffic.

• Key Derivation Function (KDF)

  A cryptographic function that derives one or more strong cryptographic keys from a secret input such as a password, shared secret or master key.

• Key Escrow

  An arrangement in which copies of cryptographic keys are stored with a trusted third party so they can be recovered by authorized entities under defined conditions.

• Key Rotation

  The periodic replacement of cryptographic keys with new ones to limit the volume of data protected by any single key and contain the impact of compromise.

• Cryptographic Key

  A high-entropy secret or public value that parameterizes a cryptographic algorithm to encrypt, decrypt, sign or authenticate data.

• Session Key

  A short-lived symmetric key used to protect a single communication session and then discarded.

• Master Key

  A high-value long-term key from which other cryptographic keys are derived or which directly encrypts other keys.

• Quantum Cryptography

  Cryptography that uses quantum-mechanical properties — typically of photons — to achieve security guarantees impossible with classical communication alone.

• Post-Quantum Cryptography

  Classical cryptographic algorithms designed to remain secure against attacks by both classical and large-scale quantum computers.

• Homomorphic Encryption

  An encryption scheme that allows computations to be performed directly on ciphertexts, producing encrypted results that match the operations on the underlying plaintexts.