How Cryptography Is Used in Digital Identity

Cryptography enables secure online interactions while keeping your identity and personal information safe. You don’t need to grasp the complex math involved, but it helps to have a basic understanding of how cryptography works and where it is applied.

So let’s take a look at cryptography’s essential role in digital security and data protection.

Why use cryptography?

Cryptography has four main goals:

1. Confidentiality: Making sure that your personal data is available only to you and those you trust.
2. Integrity: Ensuring that your data hasn’t been changed or tampered with.
3. Authentication: Verifying that you are who you say you are (e.g. when logging in or performing a transaction).
4. Non-repudiation: Making sure that no one can deny having sent a message or completed a transaction.

These goals are achieved through different methods, depending on the cryptographic algorithm. Two fundamental concepts are often at the core of these algorithms: one-way functions and keys. Keys play a critical role in securing data in many systems, while one-way functions are essential to processes like hashing.

What is a key in cryptography?

A cryptographic key is a piece of information used to transform your data into an unrecognizable format, known as ciphertext. This protects the data from being easily read or accessed by unauthorized individuals. To revert the ciphertext to its original form (plaintext), one needs the correct key.

Keys can vary in structure and size, depending on the type of encryption used. You can think of a key as a string of numbers or letters. The strength of encryption depends on the size and complexity of the key: Longer, more complex keys provide higher levels of security.

Symmetric cryptography 

Symmetric cryptography is when the same key is used to lock (encrypt) and unlock (decrypt) data. Think of it as a shared password between two people. This method is great for quickly encrypting large amounts of data, which is why it’s used for securing communications like video calls or file transfers. AES (Advanced Encryption Standard) is a great example of a widely used symmetric cryptography algorithm in modern applications. 

But there is a significant drawback to symmetric cryptography: Both parties must have the same key, so you need a secure way to share that key in the first place. This can be tricky, and someone can gain access to the key and read the encrypted data in the process. 

As a result, symmetric cryptography on its own isn’t always enough for securely sharing sensitive information, like when you’re first logging into a website.

Asymmetric cryptography

This is where asymmetric cryptography (also known as public-key cryptography) comes in. Instead of using the same key for both encryption and decryption, asymmetric cryptography uses two keys: a public key and a private key.

• Public key: This key is shared openly, like giving someone your address so they can send you a letter.
• Private key: This key is kept secret, like the only key to your mailbox.

Public and private keys are generated together through mathematical algorithms.

They are connected in such a way that you can derive the public key from the private key but not vice versa. Because of this unique property, asymmetric cryptography can be used for two different purposes: encryption and digital signatures.

1. Encryption. You can encrypt a message with the recipient’s public key, so that it can only be decrypted with the matching private key. This is crucial for secure logins and online transactions. For example, when you visit a secure “https://” website, asymmetric cryptography is used to exchange encryption keys between your browser and the website. This ensures no one else can read or tamper with your data.
2. Digital signatures. For digital signing, on the other hand, you’d sign the message with your private key. Anyone can then use the corresponding public key to verify that the message really came from you. RSA is commonly used for digital signatures in secure communications.

Using symmetric and asymmetric cryptography together

Although asymmetric cryptography is very secure, it’s slower and more resource-intensive than symmetric cryptography. Encrypting large amounts of data this way takes too much time and computing power. That’s why you’ll often see the two used in combination:

1. Asymmetric cryptography is used at the start to securely share a symmetric key between you and the service, like when you first connect to a website.
2. After that, the symmetric key is used for the rest of the session, because it’s much faster for encrypting and decrypting data.

One-way functions and hashing

One-way functions are mathematical algorithms that turn an input into a fixed-size, seemingly random string of characters. The key characteristic of a one-way function is that it is easy to compute in one direction (producing the output from the input) but infeasible to reverse (recovering the original input from the output).

This property makes one-way functions particularly useful for hashing, where the goal is to ensure data integrity without revealing the original data itself. For example, when you create a password, a one-way function can convert it into a hash. Even if someone accesses the hash, they cannot easily uncover your original password. One-way functions play a crucial role in security applications like digital signatures, timestamps, password storage, and verifying data integrity through checksums.

Conclusion

Cryptography is at the heart of digital trust. It transforms sensitive information into secure formats and lets us verify the integrity and authenticity of digital transactions. This fosters a more secure online environment where we can confidently interact with digital services. That’s what makes cryptography essential for digital identity and other areas where security and privacy are important.

Want to learn about the more advanced privacy techniques in cryptography? Read our brief introduction to zero-knowledge proofs.