All articles

What Is Cryptography?

Cryptography is the science of keeping information secret. It's the mathematical practice of turning readable information into code that only authorized people can decode.

Whether you're sending a text message, browsing the internet, or logging into your email, cryptography is working behind the scenes to keep your data private and secure.

For cryptocurrency users, cryptography is the fundamental technology that enables true [self-custody[{id=j7y7v2wakwwq5pfxr0lybtfi} of your assets, replacing the need to trust a bank with unbreakable mathematical rules.

The word comes from the Greek (hidden) and (writing). At its core, cryptography has two main parts: encryption (turning readable data into code) and decryption (turning that code back into readable form). Only someone with the right key can decrypt the message and read the original information.

Table of Contents

What is cryptography?

Cryptography is the practice of creating and breaking codes, but in the digital age, it's become something far more profound. It's the mathematical foundation that enables trust in a trustless environment.

Before cryptography, if you wanted to share a secret, you had to physically secure it—lock it in a box, whisper it in a room, or trust a messenger. Cryptography removes that need for physical protection or blind faith. It allows perfect strangers to establish certainty across any distance:

  • Certainty that a message can only be read by its intended recipient (confidentiality).
  • Certainty that a message hasn't been altered in transit (integrity).
  • Certainty that a message came from a specific person (authentication).

This is why it's the bedrock of modern digital life. It's what secures your web browsing, protects your passwords, and—most critically for our purposes—makes cryptocurrency possible. Cryptography is the technology that replaces the need for a trusted bank with unbreakable mathematical rules, putting you in complete control of your assets.

A brief history of cryptography

Ancient ciphers

Humans have been keeping secrets for thousands of years. One of the earliest known ciphers is the Caesar cipher, used by Julius Caesar to communicate with his generals. The system was simple: shift every letter in the alphabet by a fixed number of positions. If the shift was three, then A becomes D, B becomes E, and so on.

Other ancient civilizations used substitution ciphers, where each letter was replaced with a different symbol or letter. These systems worked well enough in their time, but they had a fatal weakness: patterns.

Every language has predictable letter frequencies. In English, for example, the letter E appears far more often than the letter Q. A skilled codebreaker could analyze the cipher text, look for patterns, and eventually crack the code. This technique, called frequency analysis, was developed by Arab scholars in the 9th century and remained the primary codebreaking method for over a thousand years.

The 20th century and the digital breakthrough

By the Cold War era, governments and militaries were in an arms race to create increasingly complex codes and break their enemies' communications. But there was a fundamental problem that had plagued cryptography since ancient times: key distribution.

Both the sender and receiver needed the same secret key to communicate securely. This meant finding a way to share that key without an enemy intercepting it—a nearly impossible task over long distances. You couldn't exactly mail a secret code to your ally when your enemy controlled the mail routes.

Then, in the 1970s, everything changed.

Mathematicians Whitfield Diffie and Martin Hellman made a breakthrough that revolutionized cryptography: public-key encryption. Their insight was radical: instead of using one key for both encryption and decryption, what if you used two keys that worked together mathematically?

This solved the key distribution problem elegantly. You could publish one key (your public key) for the entire world to see, and keep the other key (your private key) completely secret. Anyone could use your public key to encrypt a message to you, but only your private key could decrypt it.

The internet era

As the internet spread in the 1990s, strong cryptography became available to ordinary people for the first time. A group of activists called the cypherpunks believed that "privacy is necessary for an open society" and fought government attempts to restrict encryption technology.

Their vision was simple but powerful: cryptography should be a tool for everyone, not just governments and corporations. This philosophy laid the groundwork for secure online communication, e-commerce, and eventually, cryptocurrency.

How cryptography works: Core principles

Good cryptography not only scrambles data but provides specific guarantees about your information. Here are the four core principles:

Confidentiality — Only the intended recipient can read the message. Even if someone intercepts the encrypted data, they can't understand it without the key.

Integrity — The message can't be altered without detection. If anyone tampers with encrypted data, the recipient will know it's been modified.

Authentication — You can verify who sent the message. Digital signatures use cryptography to prove a message came from a specific person.

Non-repudiation — The sender can't deny they sent the message. Once you sign something with your private key, you can't claim someone else did it.

These principles work together to create secure communication channels across untrusted networks like the internet.

Types of cryptography

Symmetric encryption

Symmetric encryption uses one key for both encryption and decryption. It works a little like a traditional house key—anyone who has a copy can both lock and unlock the door.

A common example is AES (Advanced Encryption Standard), which is used to protect everything from classified government documents to the files on your smartphone.

The advantage of symmetric encryption is speed: it's computationally efficient and can encrypt large amounts of data quickly. The disadvantage? You need a secure way to share that key. If an attacker intercepts your key, they can decrypt all your messages.

Asymmetric encryption (public-key cryptography)

Asymmetric encryption uses two mathematically related keys: one public, one private. The public key encrypts data, and the private key decrypts it.

Here's a helpful analogy: Your public key is like your home address. Anyone can look it up and send you mail. Your private key is like the physical key to your mailbox—only you have it, and only you can retrieve the mail.

Examples include RSA and Elliptic Curve Cryptography (ECC). RSA was one of the first practical public-key systems and is still widely used today. ECC is newer and provides the same security with smaller key sizes, making it more efficient.

The revolutionary aspect of public-key cryptography is that you never need to exchange a secret. You can publish your public key anywhere—on your website, in an email signature, in a public directory—and anyone can send you encrypted messages that only you can read.

Hybrid systems

Most modern systems use both symmetric and asymmetric encryption.

Here's why: Asymmetric encryption is powerful but slow. Symmetric encryption is fast but requires secure key exchange. So systems typically use asymmetric encryption to securely exchange a symmetric key, then use that symmetric key to encrypt the actual data.

This is exactly how HTTPS works. When you visit a secure website, your browser and the server use public-key cryptography to agree on a shared symmetric key, then use that key for the rest of your browsing session. You get the security of public-key encryption with the speed of symmetric encryption.

Cryptographic building blocks

Hash functions

A hash function takes any input—a password, a file, an entire book—and produces a unique fixed-length "fingerprint" called a hash, or digest. The same input always produces the same hash, but even a tiny change to the input (like a single comma) produces a completely different, unpredictable hash.

Cryptographic hash functions are designed to be one-way: you can't reverse the process to recover the original input. They are also collision-resistant, meaning it's practically impossible to find two different inputs that produce the same hash output. This guarantee is vital; it means each hash is truly unique to its specific data.

This combination makes them perfect for password storage. When you create a password on a website, the site hashes it and stores only the hash. When you log in, it hashes what you type and compares it to the stored hash. The site never sees or stores your actual password.

These properties are also critical to blockchain technology. The integrity of the entire chain relies on hashes. Each block contains the hash of the previous block. If someone tried to alter a transaction in a past block, its hash would change, breaking the chain and alerting everyone to the tampering. Bitcoin mining is essentially a race to find a specific type of hash that secures the next block in this unbreakable sequence.

Digital signatures

A digital signature proves that a message came from you and hasn't been altered. It's like a wax seal on a letter, but mathematical.

Here's how it works: You hash your message, then encrypt that hash with your private key. That's your signature. Anyone can verify it by decrypting the signature with your public key and checking whether it matches the message's hash. If it matches, they know the message came from you and wasn't modified.

Digital signatures are everywhere in cryptocurrency. Every transaction you make is signed with your private key, proving you authorized it.

Key exchange protocols

Key exchange protocols let two parties establish a shared secret over an insecure channel. The most famous is the Diffie-Hellman key exchange.

The protocol uses a clever mathematical trick: both parties exchange public information and perform calculations with their private information. Somehow, they both end up with the same shared secret, even though they never directly exchanged it and an eavesdropper can't calculate it from the public information.

This is the foundation of how secure connections are established on the internet.

How cryptography secures cryptocurrency

Public and private key pairs

When you create a cryptocurrency wallet, you're generating a pair of cryptographic keys. For enhanced security, your public key is processed through a hash function to create your wallet address. This means the address you share is a hashed version of your public key, which adds a layer of security and privacy.

Your private key is what proves ownership and authorizes transactions. It's the mathematical key that unlocks your funds. This is why the crypto community has a golden rule: never share your private key or wallet backup with anyone. Anyone with your private key can access your funds.

Learn more about this cryptographic concept in our article Public & Private keys explained.

Transaction signatures

Every cryptocurrency transaction is signed with your private key before it's broadcast to the network. This digital signature proves you authorized the transaction.

The network verifies the signature using your public key. If the signature is valid, the transaction is accepted. If it's not, the transaction is rejected. There's no bank or payment processor involved—the cryptography itself provides the security.

Hardware wallets and key storage

Here's the problem with software wallets: they store your private keys on an internet-connected device. Whether it's your phone or computer, if that device is compromised by malware, your keys could be stolen.

Hardware wallets solve this by keeping private keys isolated in a secure chip that's never connected to the internet. When you need to sign a transaction, the wallet receives the transaction data, signs it internally, and sends back only the signature. The private key never leaves the device.

Use a hardware wallet like Trezor for significant holdings. The physical isolation of your private keys adds a crucial security layer that software wallets can't provide.

Other real-world uses of cryptography

The cryptographic principles of hashing, digital signatures, and encryption are silently at work every day, creating trust in your digital interactions.

Secure messaging — Apps like Signal use end-to-end encryption. Only you and your recipient can read the messages—not even the company operating the service.

Secure browsing — That padlock icon in your browser means your connection is encrypted using HTTPS. Your web activity, form data, and any information you exchange with websites are protected from eavesdroppers.

Password storage — Legitimate websites hash your password before storing it. Even if their database is breached, attackers get hashes, not actual passwords.

Digital signatures — Software downloads are often digitally signed so you can verify they haven't been tampered with. Operating system updates, browser extensions, and app store downloads all use digital signatures.

The future of cryptography

While today's cryptographic systems are secure against even the most powerful modern computers, a new type of computer on the horizon—the quantum computer—poses a potential future threat. Quantum computers could, in theory, solve the mathematical problems that underpin current public-key cryptography, breaking the security we rely on today.

Post-quantum cryptography

To prepare for this, researchers are developing new mathematical approaches that are resistant to quantum attacks. These post-quantum systems use different types of problems—lattice-based cryptography, hash-based signatures, and other techniques that even quantum computers can't break efficiently.

The transition won't happen overnight. Protocols, standards, and implementations all need to be updated. But it will happen gradually as quantum computing advances.

Hardware wallet manufacturers are already preparing for this next evolution in computing. The new Trezor Safe 7, for example, includes a future-ready bootloader, meaning it can safely update to new encryption standards when blockchains begin adopting algorithms designed to resist these advanced threats.

Learn more about the Trezor Safe 7’s quantum readiness in our article Trezor Safe 7: the world's first quantum-ready hardware wallet.

Summary

Cryptography is the mathematical foundation of digital security. From ancient substitution ciphers to modern public-key systems, it's evolved to meet the needs of each era. Today, it protects everything from your online banking to your crypto wallet.

The breakthrough of public-key cryptography in the 1970s made the modern internet possible, and eventually enabled Bitcoin and self-custody of digital assets. Understanding the basics helps you make better security decisions and appreciate why proper key management matters so much.

Ready to put these principles into practice? While all crypto wallets use cryptography, hardware wallets like Trezor implement a crucial security model: they perform all cryptographic operations in an isolated, offline environment. This ensures your private keys are never exposed to internet-connected devices, protecting them from remote attacks.

;