A primer on cryptography: Do you feel compelled to learn about cryptography? Perhaps you’re having a particularly slow workday and your office blocks YouTube. Whatever the reason, you’re in for a comprehensive, step-by-step explanation of what cryptography is, what it’s used for, and some of its important concepts.
Not to fear; this introduction to cryptography will take things slowly and gradually increase your expertise. We won’t make any dramatic leaps through complex ideas, so by the end, you’ll have a solid foundation of knowledge that will help you comprehend how we secure a large portion of our worldwide communication routes.
How is cryptography defined?
The art, science, practice, and study of cryptography is the art, science, practice, and study of securing communications. While cryptography is mostly used to keep messages and data secure from prying eyes, it can also be employed in a variety of other ways.
Cryptography is a vast topic with diverse applications, ranging from two youngsters establishing a secret language to advanced encryption algorithms such as AES. The more advanced versions rely on a variety of mathematical features and are used to protect a large portion of the internet and other forms of communication.
A SHORT GLOSSARY
We will begin by defining a few keywords that are necessary for comprehending the many facets of cryptography. Others will be discussed in greater detail later in the essay when we discuss specific issues, but these seven terms will help you get by until then:
Encryption is the process of concealing a message or piece of data using a code. When something is encrypted, it can only be viewed by those who possess the key. Encryption is used to maintain the privacy of data and prevent adversaries from reading it.
The converse is true for decryption. If data or a message has been encrypted, it must first be decoded in order to regain access to it. This decoding procedure is referred to as decryption.
The term “key” refers to the information that determines the outcome of an algorithm. They are used to encrypt or decrypt data and, in some cases, behave similarly to passwords. Private keys, as the name implies, must be kept hidden. They are paired with a public key in public-key cryptography, which can be freely disseminated.
The plaintext is unencrypted data or a message. As a result, it is accessible to anybody.
The ciphertext is unencrypted plaintext. Normally, it appears to be a complicated mess of characters.
Algorithms, in the broadest sense, are collections of instructions that result in a predictable result. A recipe can be an algorithm, as can a computer program. Throughout this essay, we shall use the term algorithm to refer to a collection of instructions used for encryption, decryption, and other cryptographic operations.
A cipher is a mathematical algorithm for encryption and decoding. The phrases cipher and algorithm are frequently used interchangeably in cryptography.
Why is cryptography required?
Cryptography possesses a lot of advantageous qualities that can be applied to a variety of circumstances. Confidentiality, authenticity, integrity, and non-repudiation are among them. These facets of cryptography, when combined, aid us in a wide variety of applications. Several examples include the following:
- Protecting our electronic communications
- Emails, secure messaging applications such as Signal and WhatsApp
- TLS, IPsec, and SSH are just a few of the protocols available.
- Encryption of data in transit
- VeraCrypt and BitLocker are two such programs.
- Eradicating data
- Management of digital rights and copy protection
Cryptography is fundamentally about confidentiality. It entails restricting access to data to those who are permitted. It’s quite effective for concealing confidential information from those who might stumble into it, as well as those who are deliberately seeking it out.
Once data has been encrypted using cryptography, the original data cannot be retrieved. What will be visible is a tangle of meaningless letters.
Of course, this is assuming that the appropriate form of cryptography is applied in the proper manner. The critical point to remember is that when encryption is utilized properly, it may help protect our data. It is only accessible to those who possess the key.
If you are an accountant and your boss instructs you to deposit $100 into an account, you know the message is genuine since it comes directly from her and she is standing directly in front of you. The only way you could be duped is if someone was dressed as your boss and altered their speech to sound just like him. This is quite improbable.
If your supervisor gave you a letter instructing you to complete the same transaction, you could see his or her handwritten signature at the bottom and be confident that the message is genuine. However, what if your supervisor communicates the same instructions to you by email or another kind of electronic communication?
How can you be certain that the message originated with your boss? You cannot see or hear her face, nor can you see or hear her signature. How do you know it isn’t someone mimicking your employer as part of a devious scheme?
To resolve this issue and ensure that a person is who they claim to be, we turn to cryptography. Three critical criteria are used to establish authenticity. There are three types of digital certificates: certificates, digital signatures, and keys.
We shall discuss certificates, digital signatures, and keys in greater depth later, but in a nutshell, certificates are issued by trusted institutions known as certificate authorities (CAs). CAs conduct checks to ensure that an entity claiming ownership of a public key is, in fact, the owner.
If a CA issues a certificate, anyone who trusts both the CA and the certificate level (there are several different types, some of which are more trustworthy than others) can be confident that the public key is real. Public keys are associated with private keys, and private keys can be used in a manner similar to handwritten signatures to digitally sign texts.
If data is signed using a private key, it can be confirmed using the public key. As long as no one else has access to the private key, you may be certain that the data was sent by the intended recipient. This is one way in which cryptography can be used to establish authenticity.
Returning to our previous scenario, your supervisor has requested that you transfer $100 to an account. If your supervisor wants to protect her employees from impostors, the first step would be to create a public and private key pair. She would then obtain a certificate for this key pair, attesting to the fact that she is the true owner.
Following that, your employer would compose the message “Please deposit $100 to account xyz.” She would then use her private key to sign it. When you receive the message, you can use her public key to verify its authenticity.
If everything checks out, you can be certain that the document was signed using her private key. Additionally, you know that your boss genuinely owns the key since you trust her certificate. These two features imply that the message is genuine. Only if her private key has been compromised could it be an impostor.
This system is used for much more than message authentication. Additionally, it is a critical component of ensuring that servers and clients are who they claim to be.
Now that we have a mechanism to verify that messages from your employer are truly from them, we should be able to fix all of our difficulties, correct?
Actually, not at all. What if the message originated with your employer but was intercepted and altered along the way? Perhaps an attacker intercepted the transmission and changed the value from $100 to $1,000. How can we avoid this?
Cryptography employs the same system as described previously to demonstrate that a communication preserves its original integrity. If your boss signs her messages digitally, you can verify their veracity using her public key.
The intricacies of how these works are discussed in greater depth below in the section on digital signatures. For the time being, all you need to know is that this approach makes it extremely straightforward to determine whether even a single character in the text has been updated.
Non-repudiation, in a broad sense, refers to an individual’s ability to contest their identity as the responsible party. They can “repudiate” and avoid liability if they can demonstrate that they are not guilty or if there is sufficient reasonable doubt. A mechanism provides non-repudiation if it irreversibly connects the user to an action.
Due to the complexity of non-repudiation, we shall cover several independent cases before discussing how it applies to cryptography. Consider handwritten signatures. In contemporary society, we utilize them to establish that we are, in fact, the ones signing a contract or making a credit card purchase.
If an invalid signature was used to sign the document, it may not be legally valid. If the signature is indeed ours, we are legally bound by whatever the agreement states. However, there is a caveat–signatures can occasionally be falsified.
While forgery is difficult and signature analysis can detect the vast majority of forgeries, there is always the potential that a signature is not genuine.
Thus, are signatures irreversible? They are typically considered to be in our society, but there are always exceptions.
Consider fingerprints now. If your prints are discovered at the scene of a crime, it will be difficult to explain to detectives why. Although fingerprints can be manufactured and analysis procedures are not flawless, you will have a difficult time exonerating yourself unless you have another credible explanation.
Thus, are fingerprints irreversible? Yes, in the vast majority of cases, but there are always exceptions.
This brings us full round to the subject of cryptography. One of its benefits is that it can provide us with non-repudiation, although as with signatures and fingerprints, this is not always straightforward. Cryptography enables individuals to digitally sign data using their private key, thus associating them with the material being signed.
While individuals are intended to keep this key private, there are instances where it may be compromised and made available to attackers. Social engineering and keyloggers are only two of the techniques attackers use to get keys. Additionally, some key owners may be irresponsible and leave their passwords exposed to the public.
The argument is that if a key has been compromised in any way, it is possible that the owner of the key was not the person who delivered the digital signature. As long as the private key is secure and private, the owner of the key is unable to revoke their digital signature.
Therefore, does cryptography provide us with non-repudiation? Yes, for the most part, however, there is a significant dispute (pdf p6) regarding its limitations within the cryptography community.
Cryptography’s fundamental principles
We’ll use examples throughout this tutorial to tell you about the numerous principles involved in cryptography. To begin, consider two youngsters who wish to communicate without their parents understanding what they are saying.
Alice and Bob may attempt to conceal their chats from their parents by using a code such as Pig Latin. Pig Latin is formed by appending the suffix “ay” to the beginning of a word.
The encryption algorithm in this system would be the knowledge of how the letters are moved and what is added at the end. “Let’s abandon school” becomes:
Et’slay itchday oolschay
This code contains two significant features. The first is a transposition, and the second is padding, which entails the addition of additional information (the “ay”).
CIPHERS OF TRANSITION
This is a very ancient method of cryptography. It entails rearrangement of the plaintext’s characters. In the above example, the first letter of each word is changed to its final letter. These ciphers can be rather basic, such as reversing a sentence:
loohcs hctid s’teL
The columnar transposition cipher is an example of a more complicated version. This cipher encrypts the message by dividing it into rows of a predetermined width. Let us choose three-character rows:
- l e t
- ‘ s d
- i t c
- h s c
- h o o
- l x t
You’ll see that we added two additional characters, “x” and “t,” to the last row. These were chosen at random to keep the columns uniform in length and have nothing to do with the encoded information.
After we’ve created our columns, we’ll number them:
- 3 1 2
- l e t
- ‘ s d
- i t c
- h s c
- h o o
- l x t
This number will serve as the code. The next step is to order our letters alphabetically by column, beginning with the first column and on to the second and third. This results in the following:
When these types of classical ciphers are implemented, the punctuation is typically omitted, but we’ve included it to keep things simple.
As you can see, the ciphertext appears to be nonsense and would be extremely difficult to decipher without the key. To send this ciphertext to Bob, Alice would first exchange the key “312” with him and inform him that they would be using a columnar transposition cipher.
When Bob receives the “estsoxtdccotl’ihhl” message, he will immediately know how to decode it. Given the three-digit length of the key, he would break the text into three portions and arrange them in columns:
- e t l
- s d ‘
- t c i
- s c h
- o o h
- x t l
Now, the key of “312” indicates to Bob the order in which the columns should be. The first column should actually be the third, the second column should actually be the first, and the last column should actually be the second:
- l e t
- ‘ s d
- i t c
- h s c
- h o o
- l x t
Now that the columns are in the proper arrangement, Bob only has to rearrange the rows into a single sentence:
Because it’s quite obvious where the spaces go, Bob was able to decode the message in a few simple steps.
If you desired more intricate encryption, you could apply columnar transposition twice to create a double transposition cipher. There are numerous additional transposition ciphers, but these examples should provide an overview of how they function and how they might be enhanced.
CIPHERS AS SUBSTITUTES
Assume that the above-mentioned Pig Latin code works flawlessly when Dad is present, but Mom was a mischievous child who became well-versed in Pig-Latin during her youth. Alice and Bob require a new code to maintain the secrecy of their communications and opt for a substitution cipher instead.
Substitution ciphers change the plaintext’s characters to another set of characters according to a predefined code. The Caesar cipher is one of the simplest forms of substitution, as it involves shifting each character a specified number of positions.
If the Caesar cipher were to be shifted by one position, every “a” would be represented as “b,” every “b” as “c,” and every “c” as “d,” and so on. “Let’s abandon school,” under this law, would become:
tdippm mfu’t ejudi
As you can see, it quickly obscures the text’s true meaning, but with enough time, you can deduce the relationships. Alice and Bob may choose to increase the number of locations even further if they so desired. If they picked a seven-point shift, “a” becomes “h,” “b” becomes I and so on.
To decrypt a Caesar cipher, the recipient just needs to know the number of positions in which each letter was displaced and then reposition each letter by that number.
By including a keyword, these ciphers can be made more complex. Generally, the term is appended to the beginning of the alphabet in order to rearrange it into what is referred to as a disordered alphabet. As a starting point, let us use the keyword “zero”:
a b c d e f g h I j k l m n o p q r s t u v w x y z a b c d e f g h I j k l m n o p q r s t u v w x y z
Would evolve into:
a b c d f g h I j k l m n p q s t u v w x y z e r o a b c d f g h I j k l m n p q s t u v w x y
As you can see, we rearranged the alphabet by removing “z”, “e”, “r”, and “o”. Using the keyword “zero,” “Let’s abandon school” becomes:
Ias’q qrdllh ofsrd
There are several methods to increase the complexity of substitution ciphers, but this should give you a good concept of how they function. The majority of encryption presently in use employs significantly more intricate algorithms, the details of which are outside the scope of this article.
The various forms of cryptography
We will discuss four different types of cryptography: symmetric-key cryptography, public-key cryptography, key exchanges, and hash functions.
CRYPTOGRAPHY WITH SYMMETRIC KEYS
You are probably most familiar with symmetric key cryptography. It entails the use of the same key for both encryption and decryption. All of the codes thus far have this attribute, as the same key is utilized in both operations, although in reverse order.
Symmetric key cryptography is an excellent choice if you’re encrypting data for personal use or if you have a safe channel via which you may share the key with others who require it. Several of the most often used symmetric key algorithms are as follows:
CRYPTOGRAPHY WITH A PUBLIC KEY
Assume Alice and Bob have grown up and Alice has moved across the nation to attend college. Unfortunately, their mother is highly intrusive and listens in on the two children’s phone calls whenever they speak. As a result, they continue to communicate using the Caesar cipher anytime they wish to discuss any of their secrets.
The only issue is that Mom has been behaving oddly. It’s almost as though she is aware of something but will not divulge what it is. Alice and Bob begin to think that their code has been tampered with and that Mom is in possession of the key necessary to decrypt their secrets.
They determine that they require a new code for added security. The issue is how they can share it without their Mom discovering it. If she is listening in on all of their calls, she will be able to overhear them discussing the code and decrypt any secret messages sent using the new code. Mom may also read any letters they attempt to send, as well as their emails and instant chat applications.
This takes us to what was once one of cryptography’s central issues. How do you trade data securely with someone if you don’t have a secure mechanism to share the key in advance?
Without encryption, anyone who intercepts the data will be able to read it. If you encrypt it without delivering the key to the receiver, they will be unable to access it. If you include the key in the message, anyone who intercepts both the encrypted data and the key will be able to read the message.
This creates difficulty for those whose keys have been hacked and who lack a secure communication route through which to transmit replacement keys, as well as for those who have never met yet wish to communicate information securely.
It was not solved until the 1970s when public-key cryptography was invented. Also known as symmetric-key cryptography, it encrypts and decrypts data using a key pair rather than a single key.
Both Alice and Bob would create a public and private key pair. The public key is made publicly available, whilst the private key is kept private. Alice would first need to locate Bob’s public key in order to transmit a message encrypted with public-key cryptography.
Once Bob’s public key has been used to encrypt the message, it can only be decrypted using his private key. Even his public key is useless for decrypting it. This is due to the complications associated with factoring prime integers, but we will avoid delving into mathematics today.
This attribute enables open sharing of public keys, as even if an attacker obtains the public key, it cannot be used to decrypt the ciphertext. As long as no private key has been revealed or compromised, the owner of the key pair is the only person who may access the plaintext.
RSA was the first commercially available public-key algorithm, and it remains one of the most widely used. The primary disadvantage of public-key cryptography is that it is substantially slower than symmetric-key encryption and consumes significantly more computer resources. As a result, methods like RSA are typically not used to encrypt entire files or messages. Rather than that, they are most frequently used to encrypt symmetric keys.
This is how it works: A file or message is encrypted using symmetric-key encryption, which is significantly more efficient. Due to the lack of a secure route for transmitting the symmetric key to the intended recipient, the sender encrypts the symmetric key using the recipient’s public key.
Because the symmetric key is a relatively small file in compared to the main message or data, encrypting only the key with public-key encryption is significantly faster and easier.
After encrypting the symmetric key with the recipient’s public key, it can be safely transferred alongside the encrypted data or message. Even if both are intercepted, the attacker will be unable to obtain the plaintext. Only the one who possesses the symmetric key’s matching private key will be able to unlock it. The message or data cannot be accessed without the symmetric key.
This enables Alice and Bob to communicate securely, even if they haven’t had the opportunity to reveal a new code without mum listening in. To send a secure message, they simply need to encrypt the symmetric key using their sibling’s public key.
They can either continue using this system or use it to create a new code that they can use over the phone to resume their secret discussions.
This is often handled automatically by the majority of PGP and other public-key encryption implementations. The most frequently used public-key algorithms are as follows:
EXCHANGE OF DIFFIE-HELLMAN KEYS
The Diffie-Hellman key exchange is an alternate approach that can achieve comparable results while having distinct applications. As with RSA, the Diffie-Hellman key exchange protocol can be used to provide secure communications even when there is no available secure channel.
It entails two parties establishing a shared secret, which is a symmetric key that both parties can use to encrypt subsequent messages. The algorithm enables them to build this key collaboratively, without ever transmitting the entire key.
The mathematical details of how it works are beyond the scope of this guide, but it starts with both sides agreeing on two integers.
Then Alice and Bob will choose a secret number for themselves. They will then employ a formula that incorporates their two mutually agreed upon numbers, as well as the secret number they have picked for themselves.
Alice sends Bob the outcome of this calculation, and Bob sends Alice his result. Following that, they each use a new formula to combine the result they received with the secret number they chose at the beginning. This formula produces the identical outcome for each of them, which is their shared secret.
This shared secret constitutes their symmetric key, which they can use to encrypt any subsequent data or messages. Even if an opponent were to monitor the channel, they would not have obtained sufficient information to deduce the symmetric key.=
This is because neither the key nor the secret numbers were ever transmitted. The output of the formula transmitted over the channel is insufficient for an attacker to deduce the secret key.
FUNCTIONS OF THE HASH
Another type of algorithm that is crucial to cryptography is the hash function. They accept data of any length as input and always output a fixed length, referred as the hash or message digest of the input data.
For instance, when we enter the number “1” into an online SHA-1 hash calculator, we obtain the following value:
If we feed the same generator something significantly lengthier, such as the lyrics to Mambo No. 5, we get the following result:
The critical point to remember is that each hash is the same length regardless of the size of the input. Another key property of cryptographic hash functions is that identical inputs always produce identical results. Additionally, these functions are essentially impossible to reverse, which means that the original input cannot be determined from its hash value.
Additionally, hash functions are advantageous since they are rapid to compute and it is very impossible for two distinct messages to have the same hash. Even the smallest change in the input value has a significant impact on the end output.
These qualities enable the use of cryptographic hash functions in a variety of applications. One of the most critical applications is as a component of digital signatures, which are used to provide authentication and integrity. Among the most frequently used cryptographic hash functions are the following:
How might cryptography assist us in ensuring the validity and integrity of our transactions?
As previously stated, cryptography is employed for purposes other than ensuring the confidentiality of messages. It can verify the authenticity of data and determine whether it preserves its integrity. This is accomplished through the use of both digital signatures and certificates.
SIGNATURES IN DIGITAL FORMAT
Now that the two children have a new and secure method of communication, their troubles should be resolved, correct? Perhaps not.
How do kids know the texts they are receiving are genuine and not from their mother or another attacker? How can they be certain that their communications have not been altered after they have been sent and that they have retained their original format?
These are challenges of authenticity and integrity that digital signatures can address. Digital signatures can be appended before or after an encrypted message is sent, or they can even be used in the absence of encryption.
When communication is digitally signed but not encrypted, its validity and integrity may be established, but the message is not confidential. In most circumstances, signing a communication prior to encrypting it is advised.
We’ll use an illustration to demonstrate how digital signatures operate. If Alice wishes to sign her message in order to demonstrate to Bob that it is real and keeps its integrity, she would first type it out and then run it through a hash algorithm such as SHA-256.
If you recall the section on hash functions above, this algorithm will always provide a fixed-size output for a given input. Another critical point to understand is that two distinct inputs cannot produce the same output. Instead of storing the complete data set, hashes are employed to save time and computational power.
Alice then uses her private key to sign the message’s hash value. The digital signature is created using this encrypted hash value. If Alice wants to keep the message private, she can encrypt it as well. She then attaches the digital signature to her message and sends it to Bob.
When Bob receives the message, he can verify its authenticity and integrity using the same hash algorithm. Additionally, he decrypts Alice’s digital signature using her public key and compares the resulting signatures.
If the hash value of the decoded digital signature matches the hash value of the message, this indicates that the message was not altered and was signed using Alice’s private key. As long as Alice’s private key is not compromised, the message remains legitimate and intact.
While the majority of this occurs automatically, these procedures should give you a good idea of what happens when digital signatures are employed. Both a public-key algorithm and a cryptographic hash function, such as those covered earlier in the article, are required for this operation.
CERTIFICATES IN DIGITAL FORMAT
Given that youngsters can use digital signatures to verify that their messages are real and arrive in tact, they shouldn’t have any additional concerns, correct?
Regrettably, there are still certain ways to sabotage this system.
Let us rewind time and consider how things might have turned out differently if Mom had been more evil. Assume Mom was never able to crack the children’s code. Rather than that, she devised an ingenious solution.
What if she sent Alice a message over another channel, posing as Bob? She was able to convey to Alice that “Bob” was concerned that their mother had cracked their code and was reading their letters.
As long as the tale was intricate enough, Mom could convince Alice that she was actually Bob and that they needed to find a more secure method of communication. That is when she proposed the use of public-key cryptography.
Alice and Bob fell straight into their mother’s trap due to their lack of knowledge about encryption. When Alice received a communication from “Bob,” she truly believed their code had been violated, and she was easily duped into embracing the new system.
While Alice believed she was speaking securely with Bob, all of her secrets were actually being communicated directly to her mother. How could Alice have avoided falling for this trap?
The answer proposed by cryptography is the usage of digital certificates. These provide a link between an online persona and a physical person or entity. They establish a secure connection between an individual or organization, their public key, and their digital signature. This trusted link can be established in two ways: through certificate authorities or through the web of trust. Each of these is utilized in a unique system.
AUTHORITIES FOR CERTIFICATION
This is the more widely used option, and it entails central organizations known as a certificate authorities (CAs) certifying that the person or company claiming ownership of a public key actually owns it.
Among the most popular CAs are the following:
- Allow Us to Encrypt
CAS can issue a variety of different certificates. Each of these demands differing degrees of proof to establish a connection between the individual or entity and their public key. The more comprehensive the examination, the more trustworthy the certificate is deemed to be.
Due to the fact that the mother is not Bob, she would not have been able to obtain a trustworthy certificate linking her public key to Bob’s identity. This mechanism aids in the prevention of attacks such as the one Mom attempted on Alice.
Digital certificates are also utilized in a variety of other contexts. Several common certificate kinds include the following:
- Certificates for TLS are required for both clients and servers.
- Certificates sent by email
- Certificates of authority
- Certificates for code signing
- WEB OF CONFIDENCE
Certificate authorities are not without flaws, as they include trusting a central authority. Centralized bodies are always susceptible to corruption, which is a big drawback. To address these concerns, PGP built the web of trust.
Consider the web of trust as a linked network of trustworthy individuals. If you have two close friends who use PGP, you can sign their certificates to indicate that you have verified the connection between their identities and their public keys.
If each of your pals has two additional trusted PGP users, they can sign each other’s certificates to verify that they are who they claim to be. These individuals are capable of doing the same thing to their friends and so forth.
As a result, a network of trust is created. Because you trust your buddy, and they trust their friend, and so on, a big interconnected web of people who trust one another is formed based on the trust in each link. It’s similar to the game Six Degrees of Kevin Bacon, only that you may utilize the confidence of other PGP users to connect you to anyone else on the web.
To confirm their identities using the web of trust concept, Alice and Bob would need to have their certificates signed by a number of other trustworthy PGP users.
Is cryptography a secure method of communication?
Throughout this post, we’ve used the example of two children and their mother to demonstrate how these concepts function. While cryptography can undoubtedly be used by youngsters to conceal information from their parents, it is most frequently utilized to secure our communications.
Historically, governments and militaries employed cryptography to safeguard their secret information. With the proliferation of valuable data being shared online, it is now ingrained in many parts of our daily internet use.
Without encryption, the web would not function in the way that it does. If we did, our lives would be continually plagued by stolen information, identity theft, and crooks draining our bank accounts.
While cryptography aids us in a wide variety of applications, it is far from ideal. New assaults are always being devised, and more sophisticated systems are being deployed to counter them.
One of the cryptography’s primary flaws is its implementation. It is not uncommon for algorithms to be secure, but for hackers to exploit other systemic flaws, such as side-channel attacks, to compromise the systems.
Another critical point is that secrecy, authenticity, integrity, and non-repudiation all presuppose the absence of a compromised private key. Even with the most secure key storage techniques, keys can be stolen from their owners. When this occurs, the entire system implodes.
Despite these potential complications, the reality is that these are quite uncommon occurrences. In general, when cryptography is used properly, it can give a high level of security. While cryptographic procedures are not flawless, they significantly increase the world’s security compared to what it would be without them.