Encryption is the process of transforming, or encoding, readable data, often referred to as plaintext, into an unreadable form, called ciphertext. Decryption is the reverse of this, where ciphertext is decoded, or transformed, back in to plaintext.
Encryption is widely used by both organisations and individuals to protect sensitive data stored on computers, servers and mobile devices such as phones and tablets. It is also used to protect information being transmitted over the internet, between a browser and a server.
There are two main components to encryption, an algorithm and a key, which are used in combination to encrypt and decrypt data. The algorithm can be thought of as like a padlock, which secures the data, whilst the key gives the ability to unlock the padlock and therefore access the data.
As well as there being specific software to encrypt data, such as files, folder, or even a whole hard disk, many everyday pieces of software also have the facility to encrypt data. AxCrypt and GnuPG are example of encryption software, whilst other everyday software that has the ability to encrypt data includes 7-Zip and Adobe Acrobat.
Encryption can be split in to two categories, Symmetric and Asymmetric Encryption.
With Symmetric Encryption, or Private Key Encryption, as it is sometimes known, there is a single, or shared key, that is used to encrypt and decrypt data. The key is sometimes referred to as a shared key because both the sender and receiver have to know it in order to encrypt and decrypt the data. Due to there only being one key, this type of encryption is usually much faster, however, there is the problem of having to share the key before communication can take place. To get around this issue, Asymmetric Encryption can be used to share the Symmetric Encryption key and then Symmetric Encryption can be used for communication thereafter.
Cryptographic Strength of Symmetric Algorithms
The cryptographic strength of symmetric encryption algorithms refers to their ability to resist attacks and protect the confidentiality of the information they are used to encrypt. It is determined by a number of factors including the following.
- Key size - This is a major determinant of cryptographic strength. In general, the larger the key size, the stronger the algorithm.
- Block size - This refers to the size of the blocks of data that are encrypted and decrypted using the algorithm. A larger block size can increase the cryptographic strength of the algorithm.
- Number of rounds - This is the number of times that the encryption and decryption process is repeated. A larger number of rounds can increase the strength of the algorithm.
- Resistance to attacks - Algorithms are considered stronger, the more resistant they are to attacks such as brute-force attacks or differential cryptanalysis.
Types of Symmetric Encryption Algorithms
There are a number of different types of symmetric encryption algorithms, including the following.
- Block ciphers - Operate on fixed-size blocks of data and use a secret key to encrypt and decrypt the data.
- Stream ciphers - Operate on a stream of data and use a secret key to encrypt and decrypt the data. Steam ciphers are generally faster and more efficient than block ciphers but are also considered to be less secure.
- Feistel ciphers - A type of block cipher based on a structure known as a Feistel network. They are known for their efficiency and ease of implementation.
- Substitution-permutation ciphers - A type of block cipher that uses both substitution and permutation operations to encrypt and decrypt data. They are known for their strong cryptographic properties.
Examples of Symmetric Encryption Algorithms
Below are some examples of symmetric encryption algorithms.
- Advanced Encryption Standard (AES) - This is one of the most widely used symmetric algorithms today and was developed as a replacement for DES, the Data Encryption Standard. It is a substitution-permutation cipher, with a block size of either 128, 192 or 256 bits, along with the same choice of key size.
- Blowfish and Twofish - Blowfish is another block cipher, that was developed as a successor to DES. It has a key length that goes from 32-bits to 448-bits. This has since been upgraded and renamed to Twofish. It utilises a block size of 128-bits, which is extendable to 256-bits. The main attraction of Twofish is said to be its flexibility in performance, giving you total control of the encryption speed.
- ChaCha20 - ChaCha20 is a stream cipher that utilises a 256-bit key for both encrypting and decrypting data. It is said to be one of the fastest encryption algorithms available today, as well as being highly secure, making it ideal for mobile devices, as well as low-power IoT devices. For these reasons ChaCha20 is used in a number of scenarios including secure communication, file encryption, IoT security, and web security.
- Data Encryption Standard (DES) - DES is an example of a Feistel cipher, which was developed in the 1970s and published by IBM in 1976. It uses a 56-bit cipher key applied to 64-bit blocks of data. The key is actually 64-bits in size, but one bit of every byte is used for error correction, leaving 56-bits. It also uses 16 rounds of encryption. DES is now considered insecure.
- Rivest Cipher 4 (RC4) - This is an example of a stream cipher, that was used in the wireless cryptographic protocols, Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). There are now later versions, RC5 and RC6.
- Triple Data Encryption Standard (3DES) - As the name suggests, this applies DES three times to the data being encrypted and utilises a 168-bit key, triple that of DES. It was created as a stop gap when DES was deemed insecure before other options were available.
With Asymmetric, or Public Key Encryption, as it is also known, there are two keys, a Public Key and a Private Key, which are mathematically linked, in order for them to work together. As the names suggest, the Public Key can be shared with anyone, but the Private Key must be kept a secret. If data needs to be transmitted, the sender can use the Public Key of the receiver to encrypt the data. The Private Key of the receiver is the only Key that can decrypt this message. If the receiver wishes to respond, the Public Key of the original sender can be used to encrypt the transmission and the corresponding Private Key of the original sender can be used for decryption.
Some Practical Uses of Asymmetric Encryption
- Secure key exchange for the SSL/TLS protocol for secure connections to a website - Asymmetric encryption is used to secure data transmissions between a user's browser and a website in the Secure Sockets Layer (SSL) / Transport Layer Security (TLS) protocol. During the initial handshake process, asymmetric encryption secures the exchange of a symmetric encryption key, which is then used to encrypt and decrypt data for the remainder of the session.
- Digital signatures for document authenticity and integrity - When a user signs a document digitally, their private key is used to create a unique signature. The recipient can then verify the authenticity and integrity of the document using the sender's public key. The process ensures the document hasn't been tampered with and confirms the identity of the signer.
- Secure email communications - Asymmetric encryption is used in secure email communication protocols such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME). These protocols utilise public and private keys to encrypt email content, ensuring only the intended recipient with the correct private key can decrypt and read the message. This method provides confidentiality and maintains message integrity.
Examples of Asymmetric Encryption Algorithms
- Rivest-Shamir-Adleman (RSA) - RSA is named after the engineers that designed it back in 1977. It uses the factorisation of the product of two prime numbers to produce encryption keys of between 1024 and 2048 bits in length. RSA is embedded in Secure Sockets Layer (SSL) / Transport Layer Security (TLS), which is used to provide secure communications over a computer network. 2048-bit key lengths are recommended by experts as they believe 1024-bit keys could be broken soon.
- Elliptic Curve Cryptography (ECC) - ECC is becoming increasingly popular with security experts. It is an encryption technique based on elliptic curve theory. It can create faster, smaller and more efficient cryptographic keys through the properties of the elliptic curve equation than RSA. Due to this, it makes it ideal for securing mobile devices and apps, along with other compute constrained devices.
- Diffie-Hellman (DH) - With Diffie-Hellman, cryptographic keys are securely exchanged between two parties over a public channel without their conversation being transmitted over the internet. Numbers are raised to a selected power to produce decryption keys. The components of the keys are never directly transmitted, making the task of anyone eavesdropping on the conversation mathematically overwhelming to break. The Diffie-Hellman style of key change is also used within other asymmetric encryption algorithms.