The art and science of secure communication. From ancient ciphers to modern algorithms, understanding why cryptography exists and what it protects.
Every time two parties want to exchange information, they face a basic challenge: how do you keep a message secret when someone might be listening?
Alice wants to send Bob a message. The problem: Eve is listening to the channel between them. She can read, copy, or even modify anything that passes through. This is not a hypothetical. Every message you send over the internet passes through routers, switches, and cables controlled by dozens of different organizations.
Cryptography is the toolkit for solving this problem. The solutions range from surprisingly simple ideas (replace each letter with a different one) to deeply mathematical constructions that underpin every secure system on the planet. This chapter starts with the simple, then shows you why we needed the complex.
One of the oldest known encryption techniques. Julius Caesar reportedly used it to protect military messages. Shift each letter by a fixed number of positions in the alphabet.
Shift each letter by a fixed number of positions. The simplest cipher, and the easiest to break.
The Caesar cipher has only 25 possible keys (one for each shift). An attacker does not need to be clever. They just try all 25, read each result, and pick the one that makes sense. You saw this yourself in the brute force section above. Any cipher where an attacker can exhaustively try every key is fundamentally broken. Modern cryptography solves this by making the key space so astronomically large that exhaustive search becomes physically impossible.
Cryptography is not just about secrecy. It provides four distinct guarantees, each addressing a different type of threat.
Keeping information secret from unauthorized parties. When you visit your bank’s website over HTTPS, encryption ensures nobody between you and the bank can read your account details. Without confidentiality, the internet would be a postcard system where every intermediary reads every message.
Detecting unauthorized modifications to data. When you download a software update, a cryptographic digest lets you verify the file was not corrupted or tampered with during transit. Without integrity checks, an attacker could inject malware into your downloads and you would never know.
Verifying the identity of who you are communicating with. Digital certificates prove that the website you are visiting really is your bank, not an imposter. Without authentication, encryption alone is not enough, because you might be opening a secure channel directly to an attacker.
Ensuring someone cannot deny having performed an action. A digital signature on a contract proves the signer agreed to the terms. Unlike a handshake, it produces mathematical evidence that holds up even if the signer later claims they never signed.
Notice that encryption (confidentiality) is only one of the four goals. Most real-world cryptographic failures involve getting authentication or integrity wrong, not breaking the encryption itself.
Classical ciphers relied on keeping the method secret. Modern cryptography assumes the attacker knows everything about the system except the key.
The method itself must be kept secret. If an enemy learns how your cipher works, all messages are compromised.
Pen-and-paper transformations. Encoding and decoding a message takes time and is prone to human error.
Only 25 possible shifts in a Caesar cipher. An attacker can try every single one in seconds.
The system is secure even if everything except the key is public knowledge. Algorithms are open and peer-reviewed.
Security based on computational hardness problems. Breaking the cipher would require solving problems believed to be intractable.
2²⁵⁶ possible keys for AES-256. Brute-forcing them would take longer than the age of the universe, even with every computer on Earth.
The simplest “modern” building block is the XOR operation (exclusive or). Unlike Caesar's addition mod 26, XOR operates directly on bits and has a beautiful property: applying it twice with the same key recovers the original data. This single operation sits at the heart of virtually every encryption algorithm in use today.
XOR (exclusive or) is the fundamental operation behind most modern encryption. A bit XORed with a key bit flips or stays the same. XOR the result with the same key, and you get the original back.
XOR each character of your message with a key. Apply the same key again and you get the original back.
Real encryption algorithms like AES are fundamentally XOR combined with substitution and permutation, repeated many rounds. The simple principle you just saw scales up into systems that protect billions of transactions every day.
This course builds your understanding from the ground up. Each chapter introduces one primitive or protocol, explained from first principles with interactive demos.
Digital fingerprints that compress any data into a fixed-length digest.
Ensuring data integrity and authenticity with shared secrets.
Where keys, nonces, and IVs come from. The foundation everything else depends on.
Block ciphers, stream ciphers, and modes of operation.
Combining confidentiality and integrity in one operation.
Establishing shared secrets over insecure channels.
Public-key cryptography and hybrid encryption schemes.
Mathematical proof of authorship that anyone can verify.
Certificates, authorities, and the chains of trust that secure the internet.
TLS and the protocols protecting internet traffic.
When even the server can’t read your messages.
Passwords, tokens, and proving who you are.
Hash chains, Merkle trees, consensus, and crypto beyond encryption.
Post-quantum algorithms, zero-knowledge proofs, MPC, and homomorphic encryption.
Implementation bugs, side channels, key management, and how to avoid pitfalls.