Are Encryption and Cipher different things?

Question

I heard some time that encryption and cipher are not the same thing, if so, what's the difference?

Answer 1

Yes, they are different things.

Cryptography convers plaintext to cyphertext using a key. This is not an IT exclusive domain, the Caesar Cipher in Roman times or the Enigma Machine in World War II are 2 famous examples of cryptography. The goal of cryptography is to obfuscate a message so that only the person with the key can read it, otherwise it's unintelligible gibberish (aka Cipher Text).

Caesar Cipher/Enigma Machine (this is the cypher!) were the encryption algorithm and the key is the word/phrase (the input) in that encryption algorithm. A different key within the same encryption algorithm will give you a different result. While encryption itself is the process of applying a cypher with a key to a plain text to make it cipher text.

Plain Text -> Encryption Algorithm/Cypher (using as input: Key;applied to the Plain Text) -> Cipher text.

This is where it gets tricky, there are 2 types of encryptions:

• Symmetric (you use only 1 key to both encrypt and decrypt, it works vice versa) Plain Text -> Key -> Cipher Text -> Same Key -> Plain Text.
• Asymmetric (the key for encryption and the key for decryption are different) Plain Text -> Key no.1 -> Cipher Text -> Key no.2 -> Plain Text.

Symmetric (same key) is also called Private Key Cryptography (because only you and the receiver need to know the key); Asymmetric (different encrypt/decrypt keys) are also known as Public Key Cryptography (because both the sender and receiver will have 2 keys each: sender's public key, sender's private key, receiver's public key, receiver's private key)

Public Key -> can be known to anyone. Private Key -> must be kept secret.

The sender's private key will be known only to the sender. And if you want to send a message to the sender you use the sender's public key to encrypt (and only he with the sender's private key can decrypt).

Private -> Receive ; Public -> Send

Likewise: The receiver's private key will be known only to the receiver. And if you want to send a message to the receiver you use the receiver's public key to encrypt (and only he with the receiver's private key can decrypt).

(Should have used person A and person B instead of sender and receiver, but hopefully you got the mechanism; use his public key to encrypt, send it to him, he uses his own private key to decrypt. Only he can do that since only he has his private key. Those 2 private-public key are pairs, they only work together, not with other private-public keys)

Now, there are 2 more types of encryption: ECB & CBC ECB - electronic code book (simplest; each piece of text is encrypted independently) CBC - cipher block chaining (each piece of text is dependent on the one before it)

Examples of: Private-key cyphers: RC2, RC4, DES, 3DES, AES Public-key cyphers: RSA, DSA, FIPS, ElGamal

There's also something called Salt/IV (Initialisation vector) which must be done on both sides. So that the cipher text changes.

Salt/IV is used by CBC to offer an initial "chunk" to the plaintext (it's basically just a XOR with the plain text. And then the next Cipher Text makes a XOR with the second Plain Text chunk). Salt/IV is not needed in ECB.

XOR is basically: If A&B are different, the answer is 1.

AND: 0&1=0 ; 1&0=0 ; 0&0=0 ; 1&1=1. (both of them must be ture)
OR: 0&1=1 ; 1&0=1 ; 0&0=0 ; 1&1=1. (at least one of them is true)
XOR: 0&1=1 ; 1&0=1 ; 0&0=0 ; 1&1=0. (they have to be different)

Next important thing about crypto is - Hash.

Basically, you take an 20.000 words text and instead of encrypting it in a 20.000 words cipher text you "convert" it into a 128/256 hash text (Hash Value/Digest). But there's no going back, you cannot make from a hash back to the original text. However, this has its advantages.

Plain Text -> Hash Function (MD5, SHA-1, SHA-2) -> Hash Value/Digest

Digital Signature: Plain Text -> Hash Function -> Encrypted with a Private Key (the private key of the receiver) -> Digital Signature.

Basically, a digital signature is simply hash + encryption of the hash.

HMAC: Plain Text -> Hash Function -> Encrypted with a Private Key (shared private key) -> Digital Signature.

The only difference between HMAC and Digital Signature is that digital signatures use Asymmetric keys while HMACs use symmetric keys (no public key). But the process is the same: plain text -> hash -> private key -> digital signature/hmac.

HMAC is hash based Message Authentification Code. Basically, something to say "this message is legit" using a hash.

And finally: Certificate/Digital Certificate/Public Key Certificate.

It helps you make sure you know who you are actually communicating with. They bind an owner to their public key. It solves the problem of sending Public Keys and them being intercepted (not that they shouldn't they are public, but you should know the owner of the public key's private key). Certificates verfiy who a Public Key belongs to.

CA (Certificate Authorities) prove the identity of Public Keys owners.

A Digital Certificate is the name of the owner, a copy of their public key. All encrypted with the CA's private key. Then, using CA's public key, you can decrypt it and find out if the owner of the Public Key really is that owner or is someone else. x.509 is the standard for creating digital certificates.

You can "forge" a public key but not a digital certificate. Because when you decrpyt the Digital Certificate you can see it doesn't belong to the actual owner. Basically, you get an invalid certificate error.

In order to recreate a certificate you need the CA's private key.

Answer 2

You might take a look at this article on the difference between Encryption and Cryptography. It also addresses the definition of cipher in the process.

Excerpts:

What is Cryptography?

In simple terms, cryptography is the science concerned with the study of secret communication.

What is Encryption?

...

... "encryption" basically is some process or algorithm (known as a cipher) to make information hidden or secret. And to make that process useful, you need some code (or key) to make information accessible.

Answer 3

a cipher is a method (algorithm) used for encryption of some text. But english speakers have that habit of making verbs from nouns... hence ciphering became a synonym of encrypting.

Now, the fun part. If you consider decrypt and decipher, now they have different meanings.

• decrypt means applying the decryption key to some code
• decipher means finding the meaning of some text that was not deliberately encrypted.

In France (I'm french) we also have funny confusion with similar words. We have "chiffrer" (very similar to "cipher") that is the correct word and means encrypt, but we also use the verb "crypter" that means the same thing but is considered as an anglicism (verb built from english "crypted"). When we go for the opposite words "décrypter" and "dechiffrer" we also have different meanings but not like the english ones... "déchiffrer" means the same that both english words decrypt and decipher depending on the case, but "décrypter" is used when you try to get the clear text without the code (it means breaking the code). I believe there is no english word that means that.

Looking at my answer, I wonder if things were not clearer before it.... natural language is definitely some kind of encryption.

Answer 4

A cipher is an algorithm of encryption. Ex. substitution cipher, permutation cipher, etc.

Encryption is just the process of obfuscating information.

So in a simplistic sense of the idea, you use a cipher to encrypt stuff. :)