Part I · 1 — Aerial view of cryptography
Before any formula: what cryptography is, what questions it answers, and how the field organizes itself into layers — from the mathematical primitive to the protocol that protects this page.
1.1 What it is, in one sentence
Cryptography is the science of communicating and computing in the presence of adversaries. It is not just "scrambling messages": it is the set of techniques that lets you guarantee properties — secrecy, integrity, authorship — even when the channel, the storage, or some of the participants are under an enemy's control.
The central question is never "does this look scrambled?" but rather "what can an adversary learn or forge?". The whole discipline revolves around defining adversaries precisely and proving what they cannot do.
1.2 The five questions cryptography answers
Almost everything in cryptography serves one of these goals:
| # | Goal | User's question | Guaranteed by |
|---|---|---|---|
| 1 | Confidentiality | Can anyone read this? | Ciphers (AES, ChaCha20, RSA) |
| 2 | Integrity | Was this altered? | Hashes, MACs (SHA-256, HMAC) |
| 3 | Authenticity | Did it really come from who it claims? | MACs, signatures (Ed25519) |
| 4 | Non-repudiation | Can the author deny it later? | Digital signatures |
| 5 | Availability of the secret | How do you agree on the key without meeting? | Key exchange (Diffie-Hellman) |
The first three form the classic triad. The last two are what makes cryptography practical between strangers who have never shared a secret — the problem that asymmetric cryptography solved in the 1970s.
1.3 The four layers of the field
Cryptography is organized as a stack: each layer uses the one below as a part and does not reinvent what that layer already guarantees. Confusing the layers is the source of most implementer errors.
- Primitives — the basic building blocks, treated as black boxes with a
well-defined security property: AES (block cipher), SHA-256 (hash), RSA and elliptic curves (asymmetry). Almost no one should invent a primitive; they take decades of public cryptanalysis to earn trust.
- Constructions — primitives combined for a concrete goal: AES-GCM
(cipher + authentication = AEAD), HMAC (a MAC built from a hash), HKDF (deriving keys). This is where the mode of operation and the nonce come in — and where most mistakes happen.
- Protocols — constructions choreographed between parties over time:
TLS (the web), Signal (messaging), Kerberos, PKI. They deal with who talks to whom, in what order, and what to prove.
- Applications — the product the user sees: the browser padlock, the
signature on a PDF, the passwordless login. This is where the key management decisions live — almost always the weakest link.
Rule of thumb: always work at the highest layer that solves your problem. Need to protect a connection? Use TLS (protocol), not AES (primitive) by hand. Each step down multiplies the ways to get it wrong.
1.4 The two eras
The practical history of cryptography has a watershed moment:
- Symmetric era (until 1976): sender and receiver share *he same secret
key* It solves confidentiality very well and is fast — but it requires a prior secure channel to agree on the key. It does not scale to strangers.
- Asymmetric era (from Diffie–Hellman, 1976, and RSA, 1977): each
party has a key pair — one public, one private. It allows agreeing on secrets and proving authorship without ever having met. It is what made the open internet possible.
Real systems are hybrid: asymmetric cryptography (slow) establishes a session key; symmetric cryptography (fast) protects the data. It is exactly what TLS does on every HTTPS connection.
1.5 How this work is organized
This compendium has two layers (see the index):
- The narrated layer (Parts I–V) builds intuition in the natural order:
fundamentals → primitives → protocols → post-quantum → application at Koder.
- The reference layer (Part VIII) is the dense almanac: catalogs of
algorithms, formal definitions, attacks, people, and incidents — to be consulted, not read end to end.
Part I continues in Goals and adversary models: what each guarantee means formally, and how to define the enemy against which security is proven.