What Is Cryptography—and How Do You Actually Start Cryptanalysis?

The first time many of us “did cryptography,” we didn’t call it that. We wrote with milk on paper, waited for it to dry, and beamed when the letters magically appeared over a lamp. That childish thrill captures two instincts that never leave us: the urge to keep the contents secret, and sometimes, the urge to hide the fact that we’re sending anything at all.

That’s the core of secure communication. And it’s also a surprisingly complete map of the field when you name things precisely, draw the lines that matter, and keep your hands on the math just enough to stay honest.

What is cryptography, really?

Cryptography is the science of protecting information. That sounds simple enough until you notice that “protect” has several dimensions:

• Encryption: hiding the content. This is the part most people picture: you turn a readable message into something unintelligible.
• Confidentiality: making sure only authorized parties can access the content. Encryption often provides confidentiality—but not always by itself.
• Authentication: proving who is allowed to access or act. When you “log in” or verify a sender, you’re in authentication territory.
• Integrity: ensuring data hasn’t changed. If it does change, it’s detectable.

Modern practice adds some indispensable plumbing:

• Digital signatures: providing both authentication (who signed) and integrity (what was signed).
• Hash functions: one-way compression functions that power integrity checks, digital signatures, and more.
• Key management and distribution: because encryption without a key strategy is a locked door with the key left in the lock.

The four pillars above explain the “why.” Hashes and signatures explain the “how” of trust. And key management is the spine that holds it all together.

What’s the difference between cryptography and steganography?
You can hide a message by scrambling its contents (cryptography) or by hiding the fact that you sent a message at all (steganography).

• Cryptography hides the content. An observer knows you sent something but can’t read it.
• Steganography hides the act. The observer doesn’t even know you sent a message.

Both can be attacked. Cryptanalysis targets the cipher itself—how the message was transformed. Steganalysis targets the camouflage—how the message was tucked away. The milk-on-paper trick is a simple example of hiding in the medium: nothing looks unusual until you apply heat or UV light.

In practice, hybrid methods combine them: encrypt first, then hide the ciphertext. You protect the content and the fact of sending, and force an attacker to solve two problems, not one.

How do today’s cipher systems actually fit together?

A useful map for ciphers starts with two orthogonal axes and ends with a couple of real-world compromises.

1. Stream vs. block

• Stream methods work symbol by symbol (or bit by bit), transforming the message as it flows. Classic substitution ciphers—where each letter of the message is replaced according to a rule—fall into this camp.
• Block methods operate on fixed-size chunks. Take a block (say, 1024 bits conceptually), apply rounds of transformations, and produce a block of output. Block approaches scale naturally to modern computing, where data is already chunked.

1. Symmetric vs. asymmetric
2. Symmetric systems use the same key for encryption and decryption.
3. Asymmetric systems use different keys: typically a public key to encrypt and a private key to decrypt (or the reverse for signing). Modern cryptography leans heavily on asymmetric schemes to make key distribution tractable at global scale.

There are two more building blocks that show up whether you’re in stream or block land:

• Substitution: replacing symbols or blocks according to a rule.
• Permutation: reordering symbols or bits according to a rule.

Modern block ciphers combine substitution and permutation in carefully designed rounds. That blend is not accidental—it’s what creates diffusion (changes spread out) and confusion (the relationship between key and output is obscured), which are the twin requirements for practical strength.

One exception worth naming because it anchors our mental model: the one-time pad. It’s symmetric and provably secure at the information-theoretic level when used as intended, because the “key” is truly random and as long as the message. That mathematical ideal illuminates a point you can carry everywhere: the strength of any system ultimately traces back to keys—how they are generated, shared, and protected.

Who are Alice, Bob, and Eve—and why do they keep showing up?

When you read or teach security, naming patterns sneak in. Two correspondents are traditionally called Alice and Bob—A and B. The eavesdropper is Eve—E. It’s not random: E is reserved for the adversary because “eavesdropper” begins with E. Add more parties, and you keep walking the alphabet: C, D, G for the next participants. It’s a lightweight shared language that lets you draw diagrams and discuss attacks without getting bogged down in who’s who.

• Alice sends.
• Bob receives.
• Eve listens (and sometimes tampers). That’s the entire drama in three characters.

What does cryptanalysis actually do?
Cryptanalysis is the study and practice of attacking protected communications. It has two jobs:

• Against steganography: detect that a covert message exists.
• Against cryptography: recover the message, the key, or both.

Two techniques from the long history of substitution ciphers illustrate the mindset:

• Frequency analysis: languages have characteristic letter frequencies. If a monoalphabetic substitution cipher maps each plaintext letter to a single ciphertext letter, the overall frequency shape leaks information. You exploit that leak.
• Bigram analysis: in ciphers that operate on pairs of letters, the frequency of letter pairs (bigrams) becomes the signal you analyze.

The critical constraint for both? Corpus size. A small ciphertext can be too sparse to exhibit reliable frequency patterns. That’s why patient cryptanalysts historically hoarded messages and why, in practice, you may need to return to collection before you can return to analysis.

The 2×2 cipher framework you’ll actually remember
A simple memorization-friendly map for talking and thinking about ciphers:

• Axis 1: Stream vs. Block
• Axis 2: Symmetric vs. Asymmetric

Inside each quadrant, remember the operations:

• Substitution changes values.
• Permutation changes positions.

Everything you’ll meet in practice is some composition of those moves. Modern block ciphers combine both; classic pen-and-paper ciphers are mostly stream substitutions; and asymmetric systems live alongside symmetric ones by solving distribution, not replacing them everywhere.

Where do hashes fit—and why do people keep tying them to blockchains?

Hash functions compress arbitrary-length input into fixed-length output. Their properties make them indispensable:

• For integrity: a small change in input yields a large, unpredictable change in output. That’s how you detect tampering.
• For digital signatures: you sign the hash of the message, not the message itself. This gives you practicality and strong binding.
• For confidentiality and other constructions: hashes show up inside protocols to help manage keys and verify derivations.

They also underpin blockchains and distributed ledgers. The “chain” in “blockchain” is literal: each block binds to the previous via a hash, creating a tamper-evident sequence. You don’t need to be a blockchain enthusiast to appreciate the cryptographic idea: hashes give you a cheap tripwire for integrity that scales.

Why key management is the overlooked core

It’s not glamorous to talk about keys, but everything collapses without them. Managing keys means:

• Generating them with sufficient randomness.
• Distributing them securely to the parties who need them.
• Rotating and revoking them as needed.

Two families of approaches illustrate the landscape:

• Diffie–Hellman-like exchange: two parties derive a shared key over an insecure channel. It’s the archetype of key agreement.
• Quantum key distribution: an approach that uses quantum effects in the key distribution step. Its role is not “encrypting everything with quantum” but securing the keys themselves.

Even in “asymmetric” systems that seem to dodge the distribution problem, key management remains. You still protect private keys, validate public keys, and structure trust relationships. It’s not the interesting fringe—key management is the middle of the page.

What about the “AI” question?

Tools from machine learning can assist in analysis and defense, but they don’t change the core definitions, math, or roles of encryption, authentication, and integrity. Think of them as accelerators or pattern-finders that operate around the cryptographic core, not replacements for the core itself.

Question: How do you start breaking a cipher if you have no idea what it is?
Here’s the hard truth: you don’t start by “breaking.” You start by identifying. A cryptanalyst’s first job is to figure out what family the target belongs to. Only then do specific attacks make sense. The process is straightforward, disciplined, and circular when it needs to be.

The cryptanalyst’s workflow: three disciplined phases

1.Acquire the ciphertext

• Collect any and all encrypted material. More is better: statistical methods need data.
• Keep provenance and context: source, timing, and any metadata can hint at the system used.

1. Hypothesize the system
2. Narrow down candidates. This is about recognizing patterns and being realistic about what systems are likely used in the environment you’re observing.

3. Use distinguishing features. Is the output length equal to input length? Is there structure that suggests blocks? Do letter or symbol frequencies look skewed or flat?

4. Attack according to the hypothesis

5. Apply the techniques that fit the assumed system: frequency analysis for monoalphabetic substitution, bigram analysis for certain block-like letter-pair ciphers, and so on.

6. If it fails, loop back. Either your hypothesis is wrong, or your corpus is too small. Expand the dataset or try a different system family.

The two most common failure modes are worth underlining:

• Wrong model: if you assume the wrong cipher family, you’ll waste cycles attempting the wrong attack.
• Too little data: some analyses need statistical weight. When signals are faint, acquire more ciphertext. Question: Why not just try everything?

In theory, you could brute-force systems and families. In practice, your time budget will be consumed almost entirely by testing hypotheses, so you need to get good at forming them. The skill is half pattern recognition, half practical awareness of which systems appear where.

Question: Why are some systems effectively unbreakable?
Because the math says so. The one-time pad, used correctly, gives information-theoretic security. No amount of ciphertext suffices. Your attack surface must shift: you go after key management, endpoints, or human behavior. Discipline means knowing when cryptanalysis is the wrong tool.

A framework for structuring your mental model
Keep this short list near your mind’s eye:

• The four goals: encryption, confidentiality, authentication, integrity.
• Two helper pillars: hash functions and digital signatures.
• The two axes: stream vs. block; symmetric vs. asymmetric.
• Two operations: substitution and permutation.
• Two adjacent sciences: steganography (hide the act) and cryptanalysis/steganalysis (find and break).
• One spine: key management and distribution.
• Three characters: Alice, Bob, Eve.

If you can tell a coherent story using only those words, you can teach and reason about almost anything you’ll encounter.

Step-by-step guide: a beginner’s checklist for practical cryptanalysis

If you’re just starting to practice on historical ciphers or classroom exercises, use this checklist to build good habits:

1. Clarify the goal
2. Are you trying to recover plaintext, the key, or both?

3. Is there a possibility the message is steganographically hidden instead of (or in addition to) being encrypted?

4. Sanity-check the medium

5. Look at the data: characters vs. bits; fixed lengths vs. variable; any repetitive structure that suggests blocks?

6. Note whether the ciphertext length equals the plaintext length (if you know or suspect it). Block methods and padding can change lengths.

7. Estimate the corpus

8. Count symbols or blocks. For letter-based ciphers, ask: is there enough text for frequency analysis or bigram analysis to be meaningful?

9. If not, collect more before you waste effort.

10. Form your first hypothesis

11. Pick a family: monoalphabetic substitution, bigram substitution, or some block transformation.

12. Make a list of telltale features you expect to see if you’re right.

13. Apply the matching analysis

14. For monoalphabetic: compute letter frequencies, map high-frequency ciphertext letters to common plaintext letters, and iterate.

15. For bigram-based: compute pair frequencies and look for common digraph patterns in the target language.

16. Validate and iterate

17. Check partial decodings for language plausibility.

18. If nothing moves, revisit your family hypothesis or acknowledge data scarcity and return to collection.

19. Keep a clean notebook

20. Record assumptions, attempts, and results. Cryptanalysis punishes sloppy iteration.

8.Know when to stop

• If the method you suspect is provably strong given your data (e.g., a scheme equivalent to a one-time pad), change tack. Don’t dig where there is no tunnel.

Question: Where do steganographic techniques fit in this analysis?
Before you analyze content, confirm there is content. If the channel looks innocuous but carries a covert signal, your “ciphertext” may not be marked as such. That’s when you switch hats: look for medium-based hiding (invisible ink on paper; altered pixels or timing patterns in digital systems). Once you surface the hidden data, you might still need to decrypt it—hence the value of hybrid awareness.

Connecting the dots to systems you already know

• Hashes keep your data honest. They are the quick, cheap way to tell whether something changed.
• Digital signatures tie identity to data. They solve “who” and “what” together.
• Key distribution schemes—the workhorses—make sure the right people share secrets without revealing them in transit.
• Quantum key distribution sits in the key management layer, not as a universal replacement for encryption. It’s a way to share keys securely by leveraging physics, then use conventional crypto with those keys.
• Blockchains lean on hash functions for the “chain” property. The security intuition is the same as your integrity check, writ large.

None of these require you to know a specific algorithm by heart to grasp their roles. The structure—goals, helpers, axes, operations, adjacent sciences, spine, characters, and the one equation—is the transferable part.

Final Thoughts

If you’ve ever warmed a piece of paper over a lamp to reveal a secret, you’ve already internalized the two essential moves of secure communication: hide the content or hide the act—or, when it matters, both. Everything else is refinement: smarter keys, better distribution, stronger signatures, faster hashes, and disciplined analysis of how things fail.

When you carry those frameworks, you can evaluate new schemes without getting lost, spot when a system confuses confidentiality with authentication, and know whether your problem is content, act, or key.

Key takeaways:

Think in four goals: encryption, confidentiality, authentication, integrity.
Keep hashes and signatures in your toolkit; they anchor integrity and identity.
Map ciphers along stream/block and symmetric/asymmetric; watch for substitution and permutation.
Remember Alice, Bob, and Eve; the story is clearer when the characters are named.
Cryptanalysis starts with identification and data, not “breaking.”
Key management is the spine; ignore it and everything else collapses.
Steganography isn’t a curiosity; it’s a first-class tactic that pairs naturally with encryption.
The next time you send something private, ask yourself: are you hiding what you said, that you said anything at all, or both? Your answer will guide which tools you choose—and, just as importantly, what your adversary will try first.