Encryption: What It Is and How It Works

March 24, 2023

Encryption is a way of protecting data from unauthorized access by transforming it into an unreadable form. Encryption is essential for ensuring privacy, security and data integrity in the digital world. In this blog post, we will explore what encryption is, how it works and what are some of the common types of encryption used today.

What is encryption?

Encryption is the process of converting information from a readable form (plaintext) into an incomprehensible form (ciphertext). This process is applied to human-readable texts that contain data, which are then transformed into a string of characters that appear random. This seemingly random string of characters is referred to as encrypted text, and it’s incomprehensible to anyone until it is turned back into decrypted text.

Although there are various encryption methods, they all require a cryptographic key: a previously agreed on set of mathematical values that are known to both the sender and the recipient of the message. Data can and should be encrypted in two cases:

- While it is ‘at rest’, i.e. while it is stored somewhere, like on a computer hard drive or a removable storage unit.
- While it is ‘in transit’, i.e. while it’s being transported somewhere else via the internet.

If the data is encrypted, it can’t be understood by third parties even if it’s intercepted, as it can’t be understood by anyone unless they have the key. And if the most secure encryption is implemented, it is very unlikely that the data will be decrypted by guessing the key, or, in other words, by a brute force attack.

How does encryption work?

When you break down the encryption process, it all seems quite straightforward. There are three levels of encryption that take place in a specific order:

- Plaintext – by using an encryption algorithm, unencrypted data is translated into a cipher.
- The encrypted text (ciphertext) – the cipher or the encrypted text is unreadable to anyone while it is being transmitted from one location to another, or while it is being held in storage somewhere.
- Decrypted text (initial plaintext) – when the encrypted message needs to be accessed, only the key holders can gain access to it. This data is then transformed into decrypted text that can only be seen by the message sender and authorized recipients.

What are some common types of encryption?

There are two basic types of encryption or cryptographic keys: symmetric and asymmetric. Symmetric encryption uses one key for both encryption and decryption. Asymmetric encryption uses two keys: one for encryption and one for decryption.

Some examples of symmetric encryption algorithms are:

- Advanced Encryption Standard (AES): AES is one of the most widely used symmetric encryption algorithms today. It was adopted by the U.S. government as a standard in 2001. AES uses 128-bit blocks and supports three key sizes: 128-bit, 192-bit and 256-bit.
- Data Encryption Standard (DES): DES was developed in 1975 by IBM and adopted by the U.S. government as a standard in 1977. DES uses 64-bit blocks and supports only one key size: 56-bit. DES is considered insecure today due to its small key size and has been replaced by AES.
- Twofish: Twofish was one of the finalists in the competition for selecting AES. Twofish uses 128-bit blocks and supports variable key sizes up to 256-bit.

Some examples of asymmetric encryption algorithms are:

- Rivest-Shamir-Adleman (RSA): RSA was developed in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman at MIT. RSA uses two keys: a public key for encrypting messages and a private key for decrypting them. The security of RSA depends on the difficulty of factoring large numbers.
- Elliptic Curve Cryptography (ECC): ECC was proposed in 1985 by Neal Koblitz and Victor Miller independently. ECC uses mathematical curves to generate public-private key pairs. The security of ECC depends on the difficulty of solving discrete logarithm problems on elliptic curves.
- Diffie-Hellman Key Exchange (DH): DH was developed in 1976 by Whitfield Diffie and Martin Hellman at Stanford University. DH allows two parties to establish a shared secret key over an insecure channel without prior knowledge of each other's keys. The security of DH depends on the difficulty of computing discrete logarithms in finite fields.

Asymmetric encryption has some advantages over symmetric encryption, such as:

- It does not require a secure channel for exchanging keys, as the public keys can be openly distributed without compromising security.
- It enables digital signatures, which provide authentication, non-repudiation and integrity of messages.
- It can be used for hybrid encryption, which combines both symmetric and asymmetric encryption for optimal performance and security.

However, asymmetric encryption also has some drawbacks, such as:

- It is slower and more computationally intensive than symmetric encryption.
- It requires larger key sizes and ciphertexts than symmetric encryption for equivalent levels of security.
- It is vulnerable to attacks such as man-in-the-middle, chosen ciphertext and quantum computing.

Therefore, choosing the right type of encryption depends on various factors such as the nature of data, the level of security required, the available resources and the intended applications. Encryption is not a one-size-fits-all solution but rather a complex and evolving field that requires constant research and innovation. Encryption is also not enough by itself to ensure data protection; it must be complemented by other measures such as access control, backup, audit and awareness. Encryption is a powerful tool but also a great responsibility that demands careful use and management.

There is no definitive answer to what are the most secure types of encryption, as different encryption methods have different strengths and weaknesses, and may be suitable for different purposes and scenarios. However, based on some common criteria such as key size, block size, speed, resistance to attacks and popularity, here are some possible candidates for the top five most secure types of encryption:

- Advanced Encryption Standard (AES): AES uses 128-bit blocks and supports three key sizes: 128-bit, 192-bit and 256-bit2. AES is considered very secure and efficient, and has been extensively analyzed and tested by cryptographers.
- Elliptic Curve Cryptography (ECC): ECC offers higher security with smaller key sizes than other asymmetric encryption algorithms such as RSA. ECC is also faster and consumes less power than RSA1. ECC is widely used in applications such as SSL/TLS, Bitcoin and smart cards.
- Twofish: Twofish is considered very secure and flexible, and has no known weaknesses or patents. Twofish is also free for anyone to use without restrictions.
- RSA: RSA can support variable key sizes up to 4096 bits or more, but larger keys also mean slower performance. RSA is widely used for digital signatures, SSL/TLS, email encryption and VPNs.
- ChaCha20-Poly1305: ChaCha20-Poly1305 is a combination of two algorithms: ChaCha20 for symmetric encryption and Poly1305 for message authentication code (MAC). ChaCha20-Poly1305 was designed by Daniel J. Bernstein in 2008 as an alternative to AES-GCM (Galois/Counter Mode). ChaCha20-Poly1305 offers high speed, security and simplicity, and has been adopted by protocols such as HTTPS, SSH and WireGuard VPN.