# cryptology

## Disk Encryption and File Encryption

### Looking for something else?

TECHNOLOGIES
Cryptography

Cryptology is the mathematics, such as number theory, and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Since the cryptanalysis concepts are highly specialized and complex, we concentrate here only on some of the key mathematical concepts behind cryptography.

In order for data to be secured for storage or transmission, it must be transformed in such a manner that it would be difficult for an unauthorized individual to be able to discover its true meaning. To do this, certain mathematical equations are used, which are very difficult to solve unless certain strict criteria are met. The level of difficulty of solving a given equation is known as its intractability. These types of equations form the basis of cryptography.

Some of the most important are:

The Discrete Logarithm Problem: The best way to describe this problem is first to show how its inverse concept works. The following applies to Galois fields (groups). Assume we have a prime number P (a number that is not divisible except by 1 and itself, P). This P is a large prime number of over 300 digits. Let us now assume we have two other integers, a and b. Now say we want to find the value of N, so that value is found by the following formula:

N = ab mod P, where 0 <= N <= (P · 1)

This is known as discrete exponentiation and is quite simple to compute. However, the opposite is true when we invert it. If we are given P, a, and N and are required to find b so that the equation is valid, then we face a tremendous level of difficulty.

This problem forms the basis for a number of public key infrastructure algorithms, such as Diffie-Hellman and EIGamal. This problem has been studied for many years and cryptography based on it has withstood many forms of attacks.

The Integer Factorization Problem: This is simple in concept. Say that one takes two prime numbers, P2 and P1, which are both "large" (a relative term, the definition of which continues to move forward as computing power increases). We then multiply these two primes to produce the product, N. The difficulty arises when, being given N, we try and find the original P1 and P2. The Rivest-Shamir-Adleman public key infrastructure encryption protocol is one of many based on this problem. To simplify matters to a great degree, the N product is the public key and the P1 and P2 numbers are, together, the private key.

This problem is one of the most fundamental of all mathematical concepts. It has been studied intensely for the past 20 years and the consensus seems to be that there is some unproven or undiscovered law of mathematics that forbids any shortcuts. That said, the mere fact that it is being studied intensely leads many others to worry that, somehow, a breakthrough may be discovered.

The Elliptic Curve Discrete Logarithm Problem: This is a new cryptographic protocol based upon a reasonably well-known mathematical problem. The properties of elliptic curves have been well known for centuries, but it is only recently that their application to the field of cryptography has been undertaken.

First, imagine a huge piece of paper on which is printed a series of vertical and horizontal lines. Each line represents an integer with the vertical lines forming x class components and horizontal lines forming the y class components. The intersection of a horizontal and vertical line gives a set of coordinates (x,y). In the highly simplified example below, we have an elliptic curve that is defined by the equation:

y2 + y = x3 · x2 (this is way too small for use in a real life application, but it will illustrate the general idea)

For the above, given a definable operator, we can determine any third point on the curve given any two other points. This definable operator forms a "group" of finite length. To add two points on an elliptic curve, we first need to understand that any straight line that passes through this curve intersects it at precisely three points. Now, say we define two of these points as u and v: we can then draw a straight line through two of these points to find another intersecting point, at w. We can then draw a vertical line through w to find the final intersecting point at x. Now, we can see that u + v = x. This rule works, when we define another imaginary point, the Origin, or O, which exists at (theoretically) extreme points on the curve. As strange as this problem may seem, it does permit for an effective encryption system, but it does have its detractors.

On the positive side, the problem appears to be quite intractable, requiring a shorter key length (thus allowing for quicker processing time) for equivalent security levels as compared to the Integer Factorization Problem and the Discrete Logarithm Problem. On the negative side, critics contend that this problem, since it has only recently begun to be implemented in cryptography, has not had the intense scrutiny of many years that is required to give it a sufficient level of trust as being secure.

This leads us to more general problem of cryptology than of the intractability of the various mathematical concepts, which is that the more time, effort, and resources that can be devoted to studying a problem, then the greater the possibility that a solution, or at least a weakness, will be found.

This was first published in September 2005

## Content

Find more PRO+ content and other member only offers, here.

Oldest

## SearchCloudSecurity

• ### Lack of secure APIs can create IaaS risks

IaaS data security risks are a persistent problem for enterprises moving to the cloud, but there are specific issues to keep an ...

• ### Microsoft-Adallom deal poised to impact cloud security gateway market

Microsoft reportedly agreed to acquire cloud security startup Adallon for \$320 million, which analysts say could spark major ...

• ### Keep credentials safe despite insecure mobile cloud backup services

A recent study revealed app developers that use mobile cloud backup services put user credentials at risk. Expert Rob Shapland ...

## SearchNetworking

• ### Big data impact on network operations probed in study

Big data is big news, but it's also influencing networking pros' capacity planning, according to an Enterprise Management ...

• ### Overcoming the challenges of wiring farm networks

The sound of mooing and the smell of diesel fuel are just part of what makes wiring a farm for networking a special experience.

## SearchCIO

• ### Windows 10 Enterprise: No apologies necessary

Microsoft's Windows 10 Enterprise makes Windows 8 seem like a distant memory. But should CIOs wait or take the bait? Also in ...

• ### AI technology: Is the genie (or genius) out of the bottle?

Artificial intelligence has come a long way since SearchCIO columnist Harvey Koeppel studied with some of the discipline's ...

• ### Free IT strategy plan templates and examples for CIOs

How do organizations gain a competitive edge in today's rapidly evolving tech landscape? With a solid IT strategy plan to guide ...

## SearchConsumerization

• ### Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• ### Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• ### Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

## SearchEnterpriseDesktop

• ### Windows 10 guide for IT administrators

Windows 10 boasts of bevy of features, including Contiuum, Universal Windows apps, Cortana and improved security. Before you ...

• ### Why you should remove local administrator rights once and for all

Some companies shy away from removing local admin rights just to make users happy, but taking back users' admin privileges can ...

• ### Putting the Windows 10 Action Center to work

The Windows 10 Action Center is a carryover from Windows Phone that puts all your notifications in one place. It also makes ...

## SearchCloudComputing

• ### Taking a multivendor approach to an OpenStack project

Enterprises building an OpenStack private cloud often rely on a managed service provider for implementation. But sometimes, a ...

• ### HP Helion gets a boost from PaaS acquisition

HP has one more Cloud Foundry PaaS offering following an acquisition that may help the company get into more hybrid cloud ...

• ### Rackspace, Intel launch OpenStack training center

Enterprises are interested in OpenStack, but can't find enough IT pros with open source cloud expertise. Rackspace and Intel hope...

## ComputerWeekly

• ### Interview: CCS director Sarah Hurrell on improving government technology purchasing

The government's procurement agency has plenty of critics, but its technology lead insists that IT and digital purchasing is ...

• ### British Gas to invest £500m in connected homes business

Energy provider aims to build on success of its Hive smart thermostat and roll-out of smartmeters

• ### Commercial software more secure than open source, finds report

A study has found that commercial code is more compliant than open source code with security compliance standards, such as the ...

Close