Definition

encryption

This definition is part of our Essential Guide: No-code/low-code app development evolves from loathed to loved
Contributor(s): Peter Loshin, Michael Cobb, Robert Bauchle, Fred Hazen, John Lund, Gabe Oakley, Frank Rundatz

In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.

Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other personal information that should be considered private. Organizations and individuals also commonly use encryption to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.

How encryption works

Unencrypted data, often referred to as plaintext, is encrypted using an encryption algorithm and an encryption key. This process generates ciphertext that can only be viewed in its original form if decrypted with the correct key. Decryption is simply the inverse of encryption, following the same steps but reversing the order in which the keys are applied. Today's most widely used encryption algorithms fall into two categories: symmetric and asymmetric.

Symmetric-key ciphers, also referred to as "secret key," use a single key, sometimes referred to as a shared secret because the system doing the encryption must share it with any entity it intends to be able to decrypt the encrypted data. The most widely used symmetric-key cipher is the Advanced Encryption Standard (AES), which was designed to protect government classified information.

Symmetric-key encryption is usually much faster than asymmetric encryption, but the sender must exchange the key used to encrypt the data with the recipient before the recipient can perform decryption on the ciphertext. The need to securely distribute and manage large numbers of keys means most cryptographic processes use a symmetric algorithm to efficiently encrypt data, but use an asymmetric algorithm to securely exchange the secret key.

Asymmetric cryptography, also known as public key cryptography, uses two different but mathematically linked keys, one public and one private. The public key can be shared with everyone, whereas the private key must be kept secret. The RSA encryption algorithm is the most widely used public key algorithm, partly because both the public and the private keys can encrypt a message; the opposite key from the one used to encrypt a message is used to decrypt it. This attribute provides a method of assuring not only confidentiality, but also the integrity, authenticity and nonreputability of electronic communications and data at rest through the use of digital signatures.

Benefits of encryption

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the internet or any other computer network. A number of organizations and standards bodies either recommend or require sensitive data to be encrypted in order to prevent unauthorized third parties or threat actors from accessing the data. For example, the Payment Card Industry Data Security Standard requires merchants to encrypt customers' payment card data when it is both stored at rest and transmitted across public networks.

Modern encryption algorithms also play a vital role in the security assurance of IT systems and communications as they can provide not only confidentiality, but also the following key elements of security:

• Authentication: the origin of a message can be verified.
• Integrity: proof that the contents of a message have not been changed since it was sent.
• Nonrepudiation: the sender of a message cannot deny sending the message.

Types of encryption

Traditional public key cryptography depends on the properties of large prime numbers and the computational difficulty of factoring those primes. Elliptical curve cryptography (ECC) enables another kind of public key cryptography that depends on the properties of the elliptic curve equation; the resulting cryptographic algorithms can be faster and more efficient and can produce comparable levels of security with shorter cryptographic keys. As a result, ECC algorithms are often implemented in internet of things devices and other products with limited computing resources.

As development of quantum computing continues to approach practical application, quantum cryptography will become more important. Quantum cryptography depends on the quantum mechanical properties of particles to protect data. In particular, the Heisenberg uncertainty principle posits that the two identifying properties of a particle -- its location and its momentum -- cannot be measured without changing the values of those properties. As a result, quantum encoded data cannot be copied because any attempt to access the encoded data will change the data. Likewise, any attempt to copy or access the data will cause a change in the data, thus notifying the authorized parties to the encryption that an attack has occurred.

Encryption is used to protect data stored on a system (encryption in place or encryption at rest); many internet protocols define mechanisms for encrypting data moving from one system to another (data in transit).

Some applications tout the use of end-to-end encryption (E2EE) to guarantee data being sent between two parties cannot be viewed by an attacker that intercepts the communication channel. Use of an encrypted communication circuit, as provided by Transport Layer Security (TLS) between web client and web server software, is not always enough to insure E2EE; typically, the actual content being transmitted is encrypted by client software before being passed to a web client, and decrypted only by the recipient.

Messaging apps that provide E2EE include Facebook's WhatsApp and Open Whisper Systems' Signal. Facebook Messenger users may also get E2EE messaging with the "Secret Conversations" option.

How encryption is used

Encryption was almost exclusively used only by governments and large enterprises until the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published -- and the first personal computers were introduced. By the mid-1990s, both public key and private key encryption were being routinely deployed in web browsers and servers to protect sensitive data.

Encryption is now an important part of many products and services, used in the commercial and consumer realms to protect data both while it is in transit and while it is stored, such as on a hard drive, smartphone or flash drive (data at rest).

Devices like modems, set-top boxes, smartcards and SIM cards all use encryption or rely on protocols like SSH, S/MIME, and SSL/TLS to encrypt sensitive data. Encryption is used to protect data in transit sent from all sorts of devices across all sorts of networks, not just the internet; every time someone uses an ATM or buys something online with a smartphone, makes a mobile phone call or presses a key fob to unlock a car, encryption is used to protect the information being relayed. Digital rights management systems, which prevent unauthorized use or reproduction of copyrighted material, are yet another example of encryption protecting data.

Cryptographic hash functions

Encryption is usually a two-way function, meaning the same algorithm can be used to encrypt plaintext and to decrypt ciphertext. A cryptographic hash function can be viewed as a type of one-way function for encryption, meaning the function output cannot easily be reversed to recover the original input. Hash functions are commonly used in many aspects of security to generate digital signatures and data integrity checks. They take an electronic file, message or block of data and generate a short digital fingerprint of the content called a message digest or hash value. The key properties of a secure cryptographic hash function are:

• Output length is small compared to input
• Computation is fast and efficient for any input
• Any change to input affects lots of output bits
• One-way value -- the input cannot be determined from the output
• Strong collision resistance -- two different inputs can't create the same output

The ciphers in hash functions are optimized for hashing: They use large keys and blocks, can efficiently change keys every block and have been designed and vetted for resistance to related-key attacks. General-purpose ciphers used for encryption tend to have different design goals. For example, the symmetric-key block cipher AES could also be used for generating hash values, but its key and block sizes make it nontrivial and inefficient.

Contemporary encryption issues

For any cipher, the most basic method of attack is brute force; trying each key until the right one is found. The length of the key determines the number of possible keys, hence the feasibility of this type of attack. Encryption strength is directly tied to key size, but as the key size increases so, too, do the resources required to perform the computation.

Alternative methods of breaking a cipher include side-channel attacks, which don't attack the actual cipher but the physical side effects of its implementation. An error in system design or execution can allow such attacks to succeed.

Attackers may also attempt to break a targeted cipher through cryptanalysis, the process of attempting to find a weakness in the cipher that can be exploited with a complexity less than a brute-force attack. The challenge of successfully attacking a cipher is easier if the cipher itself is already flawed. For example, there have been suspicions that interference from the National Security Agency weakened the Data Encryption Standard algorithm, and following revelations from former NSA analyst and contractor Edward Snowden, many believe the NSA has attempted to subvert other cryptography standards and weaken encryption products.

More recently, law enforcement agencies such as the FBI have criticized technology companies that offer end-to-end encryption, arguing that such encryption prevents law enforcement from accessing data and communications even with a warrant. The FBI has referred to this issue as "Going Dark," while the U.S. Department of Justice has proclaimed the need for "responsible encryption" that can be unlocked by technology companies under a court order.

History of encryption

The word encryption comes from the Greek word kryptos, meaning hidden or secret. The use of encryption is nearly as old as the art of communication itself. As early as 1900 B.C., an Egyptian scribe used nonstandard hieroglyphs to hide the meaning of an inscription. In a time when most people couldn't read, simply writing a message was often enough, but encryption schemes soon developed to convert messages into unreadable groups of figures to protect the message's secrecy while it was carried from one place to another. The contents of a message were reordered (transposition) or replaced (substitution) with other characters, symbols, numbers or pictures in order to conceal its meaning.

In 700 B.C., the Spartans wrote sensitive messages on strips of leather wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of exactly the same diameter, the recipient could recreate (decipher) the message. Later, the Romans used what's known as the Caesar Shift Cipher, a monoalphabetic cipher in which each letter is shifted by an agreed number. So, for example, if the agreed number is three, then the message, "Be at the gates at six" would become "eh dw wkh jdwhv dw vla". At first glance this may look difficult to decipher, but juxtaposing the start of the alphabet until the letters make sense doesn't take long. Also, the vowels and other commonly used letters like T and S can be quickly deduced using frequency analysis, and that information, in turn, can be used to decipher the rest of the message.

The Middle Ages saw the emergence of polyalphabetic substitution, which uses multiple substitution alphabets to limit the use of frequency analysis to crack a cipher. This method of encrypting messages remained popular despite many implementations that failed to adequately conceal when the substitution changed, also known as key progression. Possibly the most famous implementation of a polyalphabetic substitution cipher is the Enigma electromechanical rotor cipher machine used by the Germans during World War II.

It was not until the mid-1970s that encryption took a major leap forward. Until this point, all encryption schemes used the same secret for encrypting and decrypting a message: a symmetric key. In 1976, Whitfield Diffie and Martin Hellman's paper "New Directions in Cryptography" solved one of the fundamental problems of cryptography: namely, how to securely distribute the encryption key to those who need it. This breakthrough was followed shortly afterward by RSA, an implementation of public-key cryptography using asymmetric algorithms, which ushered in a new era of encryption.

This was last updated in November 2017

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

Send me notifications when other members comment.
Will the industry ever reach a point where all encryption algorithms can be broken by brute force and rendered useless or uneconomic?
Cancel
I would like to say that this could never happen, given the strength of today's encryption and the robustness of the algorithms, but "never" is a long time. Technology tends to advance in exponential leaps, so I guess it's possible that it "could" happen someday. However, it is not possible today, even with existing super computers. The NSA is trying to get to the point where it can crack anything, but I doubt it's there yet and probably won't be for a while.
Cancel
I would like to say that this will happen in the near future
Cancel
I suspect this is more like an arms race where as one side gains temporary advantage, the other innovates and we are back to the middle. The bad guys will figure out how to create a trojan that steals CPU cycles from all over the world to break encryption - meanwhile the good guys will find a way to add another 64 bits, making the decrypt cycles take exponentially longer for brute force -- and on and on it will go.
Cancel
Watson, cometh here.
Cancel
I believe this will happen if a workable large-scale quantum computer can be developed.  It's hard to speculate when such a breakthrough might occur, but I believe it could happen sooner than we expect.

It is also possible that a government-sponsored research program could uncover a way to defeat current encryption, and keep it a secret.
Cancel
How does strong end-to-end encryption work to benefit you or your organization?
Cancel
One of the biggest threats to good encryption is the passwords of the operators broken and stolen. The more effective the encryption becomes, the harder the criminals' endeavour on breaking/stealing passwords will be. A bigger attention could be paid to this issue when talking about cryptography.

Cancel
As

nOnpOn
Cancel

SearchCloudSecurity

• Cloudflare Access takes on VPNs with reverse proxy approach

Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace ...

• TLS 1.3: What it means for enterprise cloud use

The latest draft version of TLS 1.3 is out, and it will likely affect enterprises that use cloud services. Expert Ed Moyle ...

• The biggest cloud security threats, according to the CSA

The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how ...

SearchNetworking

• ThousandEyes-Juniper pact focuses on hybrid WANs

ThousandEyes and Juniper boost visibility for hybrid WANs; IDC records sharp rise in cloud spending; and a vendor group issues ...

• ExtremeLocation latest addition to Extreme wireless portfolio

Extreme Networks is targeting retailers with a new set of services, called ExtremeLocation. The latest technology adds ...

• Take network configuration management tools to the next level

Script management systems and intent-based networking are driving the future of network configuration management tools, shifting ...

SearchCIO

• Wayfair's chief architect talks AI-driven innovation, impactful IT

Wayfair sells home furnishings, but under the covers, it's a tech juggernaut. Chief Architect Ben Clark explains how AI-driven ...

• Synthetic data could ease the burden of training data for AI models

Sometimes it's better to manufacture training data for machine learning models than it is to collect it.

• CES 2018 for CIOs: Rise of the AI voice assistant class

What happens in Vegas doesn't stay there -- not at CES 2018, where AI voice assistants and sentient objects were ubiquitous and ...

SearchEnterpriseDesktop

• Ten Windows 10 Fall Creators Update features to know

Microsoft introduced some significant changes to Windows 10 in the Fall Creators Update. The My People app, for example, lets ...

• Guard the line with Windows Defender features

The Windows 10 Fall Creators Update took Windows 10 security up a notch by adding advanced features to Windows Defender, ...

• Ready to master virtualization-based security in Windows 10?

Put your knowledge of virtualization-based security in Windows 10 on the line with this quiz covering the ins and outs of ...

SearchCloudComputing

• Google Cloud Dedicated Interconnect offers VPN alternative

Google's Dedicated Interconnect enables an enterprise to privately connect its data center to the public cloud. Here's a ...

• Chip bugs hit cloud computing usage less than first feared

IT shops expected their cloud usage to flag due to recent chip bugs, but most environments survived the patches unscathed.

• Providers continue to push hybrid cloud technologies in 2018

The hybrid cloud market changes rapidly, as major cloud providers release new services to bridge private and public platforms, ...

ComputerWeekly.com

• UK and France to collaborate on digital tech

The UK and French governments have joined forces to increase technology and innovation cooperation between the two nations

• Create security culture to boost cyber defences, says Troy Hunt

Security suffers when there is tension between software developers and security professionals, but it is common in many ...

• Nordic IT executive interview: Daniel Kjellén, CEO, Tink

Sweden could have a head start in the race to open up banking through the European Union’s PSD2 regulation

Close