Part I · 1 — Aerial view of cryptography

draft

Before any formula: what cryptography is, what questions it answers, and how the field organizes itself into layers — from the mathematical primitive to the protocol that protects this page.


1.1 What it is, in one sentence

Cryptography is the science of communicating and computing in the presence of adversaries. It is not just "scrambling messages": it is the set of techniques that lets you guarantee properties — secrecy, integrity, authorship — even when the channel, the storage, or some of the participants are under an enemy's control.

The central question is never "does this look scrambled?" but rather "what can an adversary learn or forge?". The whole discipline revolves around defining adversaries precisely and proving what they cannot do.


1.2 The five questions cryptography answers

Almost everything in cryptography serves one of these goals:

# Goal User's question Guaranteed by
1 Confidentiality Can anyone read this? Ciphers (AES, ChaCha20, RSA)
2 Integrity Was this altered? Hashes, MACs (SHA-256, HMAC)
3 Authenticity Did it really come from who it claims? MACs, signatures (Ed25519)
4 Non-repudiation Can the author deny it later? Digital signatures
5 Availability of the secret How do you agree on the key without meeting? Key exchange (Diffie-Hellman)

The first three form the classic triad. The last two are what makes cryptography practical between strangers who have never shared a secret — the problem that asymmetric cryptography solved in the 1970s.

The triad of cryptographic goals and the primitives that guarantee them


1.3 The four layers of the field

Cryptography is organized as a stack: each layer uses the one below as a part and does not reinvent what that layer already guarantees. Confusing the layers is the source of most implementer errors.

The four layers of cryptography: primitives, constructions, protocols, applications

  1. Primitives — the basic building blocks, treated as black boxes with a

    well-defined security property: AES (block cipher), SHA-256 (hash), RSA and elliptic curves (asymmetry). Almost no one should invent a primitive; they take decades of public cryptanalysis to earn trust.

  2. Constructions — primitives combined for a concrete goal: AES-GCM

    (cipher + authentication = AEAD), HMAC (a MAC built from a hash), HKDF (deriving keys). This is where the mode of operation and the nonce come in — and where most mistakes happen.

  3. Protocols — constructions choreographed between parties over time:

    TLS (the web), Signal (messaging), Kerberos, PKI. They deal with who talks to whom, in what order, and what to prove.

  4. Applications — the product the user sees: the browser padlock, the

    signature on a PDF, the passwordless login. This is where the key management decisions live — almost always the weakest link.

Rule of thumb: always work at the highest layer that solves your problem. Need to protect a connection? Use TLS (protocol), not AES (primitive) by hand. Each step down multiplies the ways to get it wrong.


1.4 The two eras

The practical history of cryptography has a watershed moment:

  • Symmetric era (until 1976): sender and receiver share *he same secret

    key* It solves confidentiality very well and is fast — but it requires a prior secure channel to agree on the key. It does not scale to strangers.

  • Asymmetric era (from Diffie–Hellman, 1976, and RSA, 1977): each

    party has a key pair — one public, one private. It allows agreeing on secrets and proving authorship without ever having met. It is what made the open internet possible.

Real systems are hybrid: asymmetric cryptography (slow) establishes a session key; symmetric cryptography (fast) protects the data. It is exactly what TLS does on every HTTPS connection.


1.5 How this work is organized

This compendium has two layers (see the index):

  • The narrated layer (Parts I–V) builds intuition in the natural order:

    fundamentals → primitives → protocols → post-quantum → application at Koder.

  • The reference layer (Part VIII) is the dense almanac: catalogs of

    algorithms, formal definitions, attacks, people, and incidents — to be consulted, not read end to end.

Part I continues in Goals and adversary models: what each guarantee means formally, and how to define the enemy against which security is proven.