Cryptography has been around for thousands of years, dating back to 1900 BC in Egypt. Without modern cryptography, the internet as we know it would not be possible. It secures financial transfers, private communication, and military secrets, and you benefit from it wherever you go online.
In this article, I’ll walk through the main types, the keys they rely on, and the algorithms you’ve actually heard of, so the next time someone says “AES-256” or “end-to-end encrypted,” you know what’s under the hood.
What Is Cryptography and Why Does It Matter
Cryptography is the science of securing and verifying information in transit and at rest. For this article, I’ll talk only about modern cryptography used in computer technologies. Modern cryptography is built around four jobs:
- Confidentiality ensures that only the authorized recipient can read data.
- Authentication proves the true origin of the data and/or recipient’s identity, depending on the circumstances.
- Non-repudiation guarantees the sender cannot deny the act of sending data in the first place.
- Integrity ensures that data has not been modified or otherwise tampered with in storage or during transit.
Without cryptography, your online data would travel in plaintext, where anyone on the path could read it. Encryption algorithms scramble it into ciphertext, so even if a hacker captures your traffic, the bytes look like noise without the key. It’s the same principle a VPN tunnel runs on.
Whenever you buy something online, cryptography ensures the secure transmission of your card details to the website or payment processor. Authentication protocols verify the transactions.
The same applies to private communication over end-to-end (E2EE) encrypted apps like WhatsApp, cloud storage, private browsing, password managers, and medical-records systems. Anywhere your data has to stay confidential while moving across the internet or sitting on a server you don’t own, cryptography is doing the work.
How Cryptography Works: Core Principles and Keys
Four more concepts pin everything else down.
- Plaintext is the original unmodified data, like text messages and passwords.
- Ciphertext is encrypted and scrambled data, which can only be deciphered into plaintext using cryptographic keys.
- The cryptographic key is a string of binary bits (0 and 1, usually shown as numbers and letters in human-readable format). It’s generated by an algorithm specific to the cryptography type in use. Key length and randomness are the two security metrics that matter most, because together they determine how long a brute-force attack would take.
- The cipher is the mathematical algorithm that turns plaintext into ciphertext. Modern ciphers are designed to resist shortcuts that would let an attacker recover the plaintext without the key.
Here’s the simplified workflow. Before any data leaves your device, the cipher and cryptographic key turn the plaintext into ciphertext. On arrival, the server uses a matching key to decrypt the ciphertext back into plaintext. The response goes through the same process in reverse: encrypted on the server, decrypted on your device.
That’s the simplified version. In reality, online communication is a two-way real-time tunnel, and, with asymmetric encryption, more than one cryptographic key is involved. That brings us to the next section.
Types of Cryptography: Symmetric vs. Asymmetric
Symmetric and asymmetric cryptography are the two widely deployed methods, each with their own benefits and setbacks. In many real-world protocols they’re used side by side, combining the strengths of both, an approach known as hybrid cryptography.
Symmetric cryptography uses the same secret key for encryption and decryption. Your device encrypts the data using it, which the server decrypts using the same cryptographic secret key.
The issue is that both parties must have the secret key. If you send it online, anyone eavesdropping on the channel can grab it, and at that point your encryption is effectively useless against them.
On the other hand, it is a very resource-friendly solution, which is perfect for encrypting data-at-rest. Because you don’t have to send the data anywhere, you are the only owner of the secret key that can use it for decryption. In a corporate environment, the secret key is shared between multiple users, but the underlying structure is the same.
Asymmetric cryptography solves key-sharing security issues. It uses a public key for data encryption and the private key for decryption. Anyone can use the public key to encrypt data and send it to your device. But only you have the private key to decrypt it. For example, messages you receive in E2EE apps are encrypted using a public key, but only your unique private key can turn the ciphertext into plaintext.
And vice versa, whenever you browse a website, you use its public key to encrypt the HTTPS request. The full process involves an SSL/TLS certificate, a handshake, and the negotiation of symmetric session keys that both sides use for the rest of the session.
The important detail is that the public key cannot decrypt data that was encrypted with it. Only the matching private key can. And private keys never travel over the network; they stay on the local server or user device that generated them.
It’s worth noting that asymmetric cryptography is computationally expensive. In practice, protocols use it only for the opening handshake, just long enough to securely agree on a shared session key, and then switch to symmetric encryption for the rest of the conversation, which is far faster for the bulk of traffic.
Common Cryptographic Algorithms and Methods
So much for the theory. Here are the algorithms doing the actual work on the modern internet.
Advanced Encryption Standard (AES)
AES is the current global data encryption standard. It’s considered practically unbreakable by brute force, but it inherits the key-distribution problem that every symmetric method has. The widely deployed OpenVPN protocol, used by NordVPN, Proton VPN, Surfshark, and many others, runs on AES-256, where the 256 refers to the key length in bits.
ChaCha20
ChaCha20 is a newer symmetric cipher built specifically to perform well on devices without dedicated AES hardware acceleration, like budget smartphones, IoT gear, and older mobile chips. It’s software-optimized rather than hardware-bound, which keeps it just as secure as AES on paper while running noticeably faster in practice on weaker CPUs. ChaCha20 (paired with Poly1305 for authentication) is what powers the WireGuard VPN protocol, which is why WireGuard tends to feel snappier than OpenVPN on a phone.
RSA (Rivest-Shamir-Adleman)
RSA is the original asymmetric algorithm and what put the public/private key model on the map. Even if an attacker intercepts every byte of an RSA-protected exchange, the private key never travels with it, so there’s no way to derive it from what’s on the wire. The catch is that getting modern-grade security out of RSA needs very large keys (2,048 or 4,096 bits), which is why newer methods are gradually taking its place.
ECC (Elliptic Curve Cryptography)
ECC is the modern answer to RSA’s key-size problem. It builds its security on the difficulty of elliptic-curve math rather than integer factorisation, and the practical upshot is that a 256-bit ECC key delivers roughly the same security as a 3,072-bit RSA key. Smaller keys mean faster handshakes and less bandwidth, which is exactly why ECC is gradually replacing RSA in modern TLS, messaging apps, and cryptocurrency wallets.
Real-World Uses
Modern cryptography is quietly running in the background almost everywhere you go online.
The most obvious case is the browser itself: every site you load over HTTPS uses cryptography to encrypt the connection between you and the server. The padlock icon next to a URL is just the visible signal that the handshake worked.
From there, the list keeps going. E2EE messaging apps like WhatsApp and Signal rely on it to keep messages readable only to the recipient. VPN protocols use it to wrap your traffic in an encrypted tunnel. Cryptocurrency networks lean on ECC to sign transactions. And cloud services use AES under the hood to protect the data sitting on their disks.
Frequently Asked Questions
+ What is the difference between symmetric and asymmetric cryptography?+ Is cryptography the same as encryption?
+ What is quantum cryptography, and is it secure?