In cryptology, the discipline concerned with the study of cryptographic algorithms, a cipher is an algorithm for encrypting and decrypting data. Symmetric key encryption, also called secret key encryption, depends on the use of ciphers, which operate symmetrically. With symmetric algorithms, the same cipher and encryption key are applied to data in the same way, whether the objective is to convert plaintext to ciphertext or ciphertext to plaintext. A cipher transforms data by processing the original, plaintext characters (or other data) into ciphertext, which should appear to be random data.

Traditionally, ciphers used two main types of transformation: transposition ciphers, which keep all the original bits of data in a byte but mix their order, and substitution ciphers, which replace specific data sequences with other specific data sequences. For example, one type of substitution would be to transform all bits with a value of 1 to a value of 0, and vice versa. The data output by either method is called the ciphertext.

Modern ciphers enable private communication in many different networking protocols, including the Transport Layer Security (TLS) protocol and others that offer encryption of network traffic. Many communication technologies, including phones, digital television and ATMs, rely on ciphers to maintain security and privacy.

How ciphers work

A cipher uses a system of fixed rules -- an algorithm -- to transform plaintext, a legible message, into ciphertext, an apparently random string of characters. Ciphers can be designed to encrypt or decrypt bits in a stream (stream ciphers), or they can process ciphertext in uniform blocks of a specified number of bits (block ciphers).

Modern cipher implementations depend on the cipher algorithm and a secret key, which is used by the cipher algorithm to modify data as it is encrypted. Ciphers that use longer keys, measured in bits, can be more secure from brute-force attacks, because the longer the key length, the more brute-force attempts are necessary to expose the plaintext. While cipher strength is not always dependent on the length of the key, experts recommend modern ciphers be configured to use keys of at least 128 bits to 1,024 bits or more, depending on the algorithm and the use case.

A key is an essential part of a cipher algorithm -- so much so that, in real-world ciphering, the key is kept secret, not the algorithm. Strong ciphers are designed so that, even if someone knows the algorithm, it should be virtually impossible to decipher a ciphertext without knowing the appropriate key. Consequently, before a cipher can work, both the sender and receiver must have a key or set of keys.

Ciphers turn plaintext into ciphertext
Cryptographic ciphers are used to convert ciphertext to plaintext and back.

Symmetric cryptography uses the same key to encrypt and decrypt data, while asymmetric cryptography, also known as public key cryptography, uses public and private keys to encrypt and decrypt data.

In asymmetric cryptography, the keys are large numbers that have been paired together but are not identical (asymmetric). One key in the pair can be shared with everyone; it is called the public key. The other key in the pair is kept secret; it is called the private key. Either of the keys can be used to encrypt a message; the opposite key from the one used to encrypt the message is used for decryption.

The private or secret key of the pair is used by the owner of the key pair to decrypt or encrypt data, while the public key is used by anyone who wants to encrypt a message that can be decrypted only by the holder of the private key.

What ciphers are used for

Symmetric ciphers are most commonly used to secure online communications and are incorporated into many different network protocols to be used to encrypt exchanges. For example, Secure Sockets Layer (SSL) and TLS use ciphers to encrypt application layer data, especially when used with HTTP Secure (HTTPS).

Virtual private networks (VPNs) that connect remote workers or remote branches into corporate networks use protocols with symmetric ciphers to protect data communications. Symmetric ciphers protect data privacy in most Wi-Fi networks, online banking and e-commerce services, and mobile telephony.

Other protocols, including Secure Shell (SSH), OpenPGP and Secure/Multipurpose Internet Mail Extensions (S/MIME), use asymmetric cryptography to encrypt and authenticate endpoints but also for the secure exchange of symmetric keys to encrypt session data. While public key cryptography is considered more secure than symmetric encryption, it is also more computationally intensive. For performance reasons, protocols often rely on ciphers to encrypt session data.

Difference between codes and ciphers

Codes and ciphers are different ways to encrypt a message. A code is a method of changing a message by replacing each word with another word that has a different meaning.

On the other hand, a cipher converts the message using the cipher's algorithm to transform the data representing the letters and words in the message. Ciphers are easier to implement and use with computers because cipher algorithms are automated and easily programmed.

Types of ciphers

Ciphers can be characterized in a number of different ways, including:

  • Block ciphers encrypt uniformly sized blocks of data, while stream ciphers can be applied to streams of data such as are often received and sent over a network.
  • Ciphers can depend on traditional keys used directly to key ciphertext or on elliptical curve cryptography (ECC), which, when used with a 160-bit key, can provide the security of a traditional cipher like that used in the Rivest-Shamir-Adleman (RSA) cryptosystem using a key of 1,024 bits in length.

Modern-day ciphers are designed to be able to withstand attacks even when the attacker knows what cipher is being used; historically, ciphers have been less secure against attack because they needed to be used for ciphering by hand and thus can be more easily analyzed and broken with computer power.

Some of the best known historical ciphers include:

  • Caesar cipher is one of the simplest and earliest known ciphers; some attribute the use of this cipher to Caesar, who is said to have used it to communicate securely with his generals. The Caesar cipher is a simple type of substitution cipher where each letter in the plaintext is "shifted" a specific number of places down the alphabet; traditionally, the shift number used by Caesar was three. Substitution ciphers, like the Caesar cipher, are often used by writing down the plaintext alphabet, with the ciphertext alphabet written above the plaintext letters, shifted by the number agreed upon by those communicating. A shift of three puts the ciphertext letter D above the plaintext A, E above B and so on. The number of characters shifted is considered a simple form of a key.
  • Atbash cipher is a substitution cipher in which the plaintext alphabet is mapped onto itself, but in reverse order. In other words, the plaintext letter A is mapped to ciphertext Z, B is mapped to Y, C to X and so on. The Atbash cipher is named after the two first and two last letters in the Hebrew alphabet, and it is thought to have been in use for hundreds of years.
  • Simple substitution cipher has also been used for hundreds of years and substitutes every plaintext character for a different ciphertext character, resulting in what is effectively a 26-character key. It differs from the Caesar cipher because the cipher alphabet is the alphabet completely jumbled, rather than simply shifted by a uniform number of places.
  • Vigenère cipher is a form of polyalphabetic substitution, meaning a cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher uses a series of interwoven Caesar ciphers, based on the letters of a keyword. The original text is encrypted using what is known as the Vigenère square or Vigenère table.
  • Homophonic substitution cipher is a substitution cipher in which several different ciphertext letters replace single plaintext letters. This type of cipher is typically much more difficult to break than standard substitution ciphers.

These historical ciphers are still relevant because they use different fundamental components of modern ciphers, such as substitution and transposition.

This was last updated in November 2018

Continue Reading About cipher

Dig Deeper on PKI and digital certificates