What is the basic difference between encryption and cryptography?

Encryption is a specific technique within cryptography, referring to the process of transforming plaintext into ciphertext to ensure confidentiality. Cryptography is a broader field encompassing encryption, decryption, hash functions, digital signatures, and other mathematical techniques designed to secure communications and data, ensuring confidentiality, integrity, authentication, and non-repudiation. Encryption is a tool; cryptography is the science.

How does public key cryptography ensure secure communication?

Public key cryptography uses a pair of keys: a public key for encryption and a private key for decryption. For secure communication, the sender encrypts the message with the recipient's public key. Only the recipient, possessing the corresponding private key, can decrypt and read the message. This ensures confidentiality without the need to share a secret key beforehand, simplifying key management.

What role does cryptography play in blockchain technology?

Cryptography is fundamental to blockchain. Hash functions link blocks securely, ensuring data integrity and immutability. Digital signatures (like ECDSA) authenticate transactions and prove ownership of assets, providing non-repudiation. Public-key cryptography secures user wallets and transaction authorization. These elements collectively ensure the decentralized, transparent, and tamper-proof nature of blockchain.

Why is quantum cryptography considered future-proof?

Quantum cryptography, specifically Quantum Key Distribution (QKD), is considered future-proof because its security relies on the laws of quantum mechanics, not computational complexity. Any attempt by an eavesdropper to intercept the quantum key exchange inevitably disturbs the quantum state, making the eavesdropping detectable. This 'information-theoretic security' means it's immune to attacks from even future quantum computers, unlike current classical encryption.

What are India's current policies on encryption and data protection?

India's policies are evolving. The IT Act 2000 provides legal recognition for digital signatures and empowers the government to set security standards. The Digital Personal Data Protection Act, 2023, mandates 'reasonable security safeguards,' implicitly requiring strong encryption. Regulatory bodies like RBI and CERT-In issue specific guidelines for sectors. Debates continue on balancing national security with privacy, particularly regarding end-to-end encryption and 'lawful access' demands.

How do hash functions ensure integrity?

Hash functions ensure integrity by generating a unique, fixed-size 'fingerprint' (hash value) for any given data. If even a single bit of the original data is altered, the re-calculated hash value will be drastically different. By comparing the original hash with the hash of the received data, any tampering can be immediately detected, thus confirming the data's integrity.

What are common exam-tricky points on cryptography for UPSC?

UPSC often tests the distinction between symmetric and asymmetric encryption, the specific applications of hash functions (integrity, digital signatures, blockchain), and the policy implications of encryption (privacy vs. national security). Quantum cryptography vs. post-quantum cryptography, and the legal framework (IT Act, DPDP Act, RBI guidelines) are also frequently examined. Focus on practical examples and policy debates.

What is the significance of AES in modern encryption?

AES (Advanced Encryption Standard) is the global standard for symmetric encryption. Its significance lies in its robust security, efficiency across various hardware, and widespread adoption. It's used to protect sensitive government data, financial transactions, wireless communications (Wi-Fi), and cloud storage. Its strength and proven resistance to attacks make it the go-to algorithm for ensuring confidentiality for large data volumes.

How do digital signatures provide non-repudiation?

Digital signatures provide non-repudiation by linking a specific message to a specific sender in an undeniable way. Since only the sender possesses their private key, only they can create a valid digital signature for a message. If a recipient can verify the signature using the sender's public key, it serves as irrefutable proof that the sender indeed signed the message, preventing them from later denying its origin.

What is Public Key Infrastructure (PKI) and why is it important?

PKI is a system that manages digital certificates, which bind public keys to identities. It's crucial because it establishes trust in public-key cryptography. Without PKI, verifying that a public key truly belongs to the claimed owner is difficult, making systems vulnerable to impersonation. Certificate Authorities (CAs) within PKI issue and manage these certificates, ensuring the authenticity and trustworthiness of public keys.

Cryptography

Science & Technology

Constitution VerifiedUPSC Verified

Version 1Updated 10 Mar 2026

Explore This Topic

Definition Detailed Explanation Key Discoveries Scientific Principles Tech Evolutions UPSC Importance Prelims Strategy Mains Strategy Prelims MCQs Mains Questions MCQ Practice Predicted 2026 Revision Notes Current Affairs

The Information Technology Act, 2000, as amended, serves as the primary legal framework governing electronic transactions and digital security in India. While not explicitly defining 'cryptography' in detail, it provides for the legal recognition of electronic records and digital signatures, which are fundamentally reliant on cryptographic principles. Section 3 of the Act outlines the procedure fo…

Quick Summary

Cryptography, a cornerstone of cybersecurity , is the practice of securing communication and data against adversaries. Its fundamental goal is to ensure confidentiality (secrecy), integrity (preventing alteration), authentication (verifying identity), and non-repudiation (preventing denial). At its core, cryptography involves encryption (transforming data into an unreadable format) and decryption (reversing the process) using mathematical algorithms and keys.

There are two primary types: symmetric-key and asymmetric-key (public-key) cryptography. Symmetric encryption uses a single shared secret key for both encryption and decryption, exemplified by AES (Advanced Encryption Standard), which is fast and efficient for bulk data.

Asymmetric encryption, like RSA and ECC (Elliptic Curve Cryptography), uses a pair of mathematically linked keys: a public key for encryption and a private key for decryption. This system is crucial for secure key exchange and digital signatures, which provide authentication and non-repudiation.

Cryptographic hash functions (e.g., SHA-256) are one-way algorithms that produce a fixed-size 'fingerprint' of data, primarily used to verify data integrity. Digital signatures, built on asymmetric cryptography and hash functions, legally bind a signer to a document, recognized by the IT Act 2000 provisions .

The emergence of quantum computing basics poses a significant threat to current asymmetric encryption, driving research into post-quantum cryptography (PQC) and quantum key distribution (QKD). Cryptography is also integral to blockchain technology applications , securing transactions and ensuring ledger immutability.

India's government policies, including RBI guidelines and CERT-In advisories, mandate robust cryptographic implementations to secure digital India initiatives and protect data, reflecting a complex interplay between national security and individual privacy.

Vyyuha

Your 6-Month Blueprint, Updated Nightly

AI analyses your progress every night. Wake up to a smarter plan. Every. Single.…

Vyyuha Quick Recall:

Cryptography: — Science of secure communication.

Confidentiality: — Achieved by Encryption (e.g., AES).

Integrity: — Achieved by Hashing (e.g., SHA-256).

Authentication & Non-repudiation: — Achieved by Digital Signatures (e.g., RSA, ECC).

Symmetric-key: — Single key, fast, key distribution challenge (AES).

Asymmetric-key: — Public/Private key pair, slower, solves key distribution (RSA, ECC).

Quantum Threat: — RSA/ECC vulnerable to quantum computers (Shor's algorithm).

PQC: — Quantum-resistant algorithms (lattice-based, hash-based).

IT Act 2000: — Legal recognition for digital signatures.

DPDP Act 2023: — Mandates 'reasonable security safeguards' (implies encryption).

Vyyuha Quick Recall: CIPHER

C — Confidentiality (ensured by Encryption, e.g., AES)

I — Integrity (ensured by Hashing, e.g., SHA-256)

P — Public key systems (Asymmetric cryptography, e.g., RSA, ECC)

H — Hash functions (One-way, fixed output, for integrity)

E — Electronic signatures (Digital signatures for authentication, non-repudiation)

R — Regulatory framework (IT Act, RBI, CERT-In, DPDP Act)

Cryptography

Quick Summary

Related Topics