Science & Technology·Revision Notes

Cryptography — Revision Notes

Constitution VerifiedUPSC Verified

Version 1Updated 10 Mar 2026

Explore This Topic

Definition Detailed Explanation Key Discoveries Scientific Principles Tech Evolutions UPSC Importance Prelims Strategy Mains Strategy Prelims MCQs Mains Questions MCQ Practice Predicted 2026 Revision Notes Current Affairs

⚡ 30-Second Revision

Vyyuha Quick Recall:

Cryptography: — Science of secure communication.

Confidentiality: — Achieved by Encryption (e.g., AES).

Integrity: — Achieved by Hashing (e.g., SHA-256).

Authentication & Non-repudiation: — Achieved by Digital Signatures (e.g., RSA, ECC).

Symmetric-key: — Single key, fast, key distribution challenge (AES).

Asymmetric-key: — Public/Private key pair, slower, solves key distribution (RSA, ECC).

Quantum Threat: — RSA/ECC vulnerable to quantum computers (Shor's algorithm).

PQC: — Quantum-resistant algorithms (lattice-based, hash-based).

IT Act 2000: — Legal recognition for digital signatures.

DPDP Act 2023: — Mandates 'reasonable security safeguards' (implies encryption).

2-Minute Revision

Cryptography is the art and science of securing information, ensuring confidentiality (secrecy), integrity (no tampering), authentication (identity verification), and non-repudiation (no denial). It primarily uses two types of encryption: symmetric and asymmetric.

Symmetric-key cryptography uses a single shared secret key for both encryption and decryption. It's highly efficient for encrypting large volumes of data, with AES (Advanced Encryption Standard) being the global standard.

The main challenge is securely distributing this shared key. Asymmetric-key cryptography, also known as public-key cryptography, uses a pair of mathematically linked keys: a public key for encryption and a private key for decryption.

RSA and ECC (Elliptic Curve Cryptography) are prominent examples. This method solves the key distribution problem and is crucial for digital signatures, which provide authentication and non-repudiation.

Cryptographic hash functions (e.g., SHA-256) are one-way algorithms that produce a fixed-size 'fingerprint' of data, primarily used to ensure data integrity. Digital signatures, built on asymmetric cryptography and hash functions, legally bind a signer to a document, recognized by India's IT Act 2000.

The rise of quantum computing poses a significant threat to current asymmetric encryption, driving research into Post-Quantum Cryptography (PQC) – new algorithms resistant to quantum attacks. India's National Quantum Mission is actively involved in this.

Cryptography is also the backbone of blockchain technology, securing transactions and ensuring ledger immutability. Government bodies like RBI and CERT-In issue guidelines, and the DPDP Act, 2023, mandates security, highlighting the critical role of cryptography in India's digital security landscape.

5-Minute Revision

Cryptography is the foundational discipline for securing digital information, encompassing techniques to ensure confidentiality, integrity, authentication, and non-repudiation. Its importance for UPSC stems from its pervasive role in cybersecurity, data protection, digital governance, and national security.

Core Concepts:

Symmetric-Key Cryptography: — Uses a single secret key for both encryption and decryption. It's fast and efficient for bulk data. AES (Advanced Encryption Standard) is the most widely used algorithm, often employed with modes like GCM for combined confidentiality and authenticity. The primary challenge is secure key distribution.

Asymmetric-Key Cryptography (Public-Key Cryptography): — Employs a public-private key pair. Data encrypted with a public key can only be decrypted with the corresponding private key. RSA and ECC (Elliptic Curve Cryptography) are key algorithms. RSA's security relies on factoring large primes, while ECC offers comparable security with smaller, more efficient keys. This method is crucial for secure key exchange, digital signatures, and authentication, forming the basis of Public Key Infrastructure (PKI).

Cryptographic Hash Functions: — One-way mathematical functions (e.g., SHA-256) that generate a fixed-size 'fingerprint' of data. They are essential for ensuring data integrity (detecting tampering) and are integral to digital signatures and blockchain technology.

Digital Signatures: — A cryptographic mechanism using asymmetric keys and hash functions to authenticate the sender's identity and ensure message integrity. Legally recognized by the IT Act 2000 provisions in India.

Emerging Challenges & Solutions:

Quantum Threat: — Large-scale quantum computers, using algorithms like Shor's, can break current asymmetric encryption (RSA, ECC). This necessitates a transition.

Quantum Cryptography (QKD): — Uses quantum mechanics to establish inherently secure keys, but is limited to key distribution.

Post-Quantum Cryptography (PQC): — Developing new classical algorithms (e.g., lattice-based, hash-based) that are resistant to quantum attacks. India's National Quantum Mission is a key initiative in this area, crucial for national security aspects and quantum computing basics.

Applications & Policy in India:

Blockchain Technology : — Cryptographic hashes link blocks for immutability, and digital signatures (ECDSA) authenticate transactions.

Government Policies: — The IT Act 2000 provides the legal framework. RBI mandates strong encryption for banking and digital payments (e.g., UPI). CERT-In issues advisories. The Digital Personal Data Protection Act, 2023, implicitly requires robust encryption for data protection. These policies reflect a balancing act between national security, law enforcement, and individual privacy, particularly concerning end-to-end encryption and 'lawful access' debates. This connects to digital India initiatives and data protection laws in India.

UPSC Relevance: Expect questions on conceptual differences, practical applications, policy implications (privacy vs. security), and emerging trends (quantum cryptography, blockchain). Emphasize analytical answers that link technical aspects to broader societal and governance issues.

Prelims Revision Notes

For Prelims, focus on factual recall and conceptual clarity. Cryptography ensures CIA+N (Confidentiality, Integrity, Authentication, Non-repudiation). Symmetric-key uses one key (AES, DES), fast, but key distribution is hard.

Asymmetric-key uses public/private pair (RSA, ECC), slower, solves key distribution, used for digital signatures and key exchange. Hash functions (SHA-256) are one-way, fixed output, ensure integrity, used in passwords and blockchain.

Digital signatures provide authenticity and non-repudiation, legally recognized by IT Act 2000. PKI manages digital certificates via CAs. Quantum computing threatens RSA/ECC via Shor's algorithm. Quantum Cryptography (QKD) is for secure key exchange, quantum-safe.

Post-Quantum Cryptography (PQC) develops new algorithms resistant to quantum attacks. India's NQM focuses on PQC. RBI mandates encryption for banking, CERT-In issues advisories. DPDP Act 2023 requires 'reasonable security safeguards' (encryption).

Remember key sizes: AES (128, 192, 256 bits), RSA (1024-4096 bits), ECC (smaller keys for equivalent security). Distinguish between encryption (confidentiality) and hashing (integrity). Understand the difference between QKD (key exchange) and PQC (new algorithms).

Mains Revision Notes

For Mains, structure your understanding around analytical frameworks. Cryptography is a critical enabler for India's digital economy and national security. Key themes:

Privacy vs. Security Dilemma: — Strong encryption protects privacy (Puttaswamy judgment, DPDP Act) but poses challenges for law enforcement ('lawful access', 'traceability'). Argue for strong encryption as a default, with robust legal frameworks and judicial oversight for interception, focusing on 'security by design' rather than weakening technology.

Digital Sovereignty & Indigenous Capabilities: — India's push for self-reliance in technology extends to cryptography. Discuss the role of NQM in PQC research, reducing reliance on foreign standards, and building indigenous cryptographic expertise.

Applications in Governance & Economy: — Explain how cryptography secures Digital India initiatives (e.g., UPI, Aadhaar, e-governance) through digital signatures, secure data transmission, and authentication. Cite RBI and CERT-In guidelines as regulatory mechanisms.

Emerging Technologies: — Analyze the foundational role of cryptography in blockchain technology applications (hashes for immutability, digital signatures for transactions). Discuss the implications of quantum computing basics on current encryption and the strategic importance of PQC for future security.

Legal & Policy Framework: — Connect cryptographic practices to the IT Act 2000 provisions , DPDP Act, and other relevant policies. Emphasize the need for a comprehensive, forward-looking national cryptography policy that balances all stakeholders' interests. Use a Vyyuha analytical tone to present balanced arguments and policy recommendations.

Vyyuha Quick Recall

Vyyuha Quick Recall: CIPHER

C — Confidentiality (ensured by Encryption, e.g., AES)

I — Integrity (ensured by Hashing, e.g., SHA-256)

P — Public key systems (Asymmetric cryptography, e.g., RSA, ECC)

H — Hash functions (One-way, fixed output, for integrity)

E — Electronic signatures (Digital signatures for authentication, non-repudiation)

R — Regulatory framework (IT Act, RBI, CERT-In, DPDP Act)