This content is part of the Essential Guide: Recovering from ransomware: Defend your data with best practices


Contributor(s): Kevin Ferguson, Peter Loshin, Michael Cobb, Robert Bauchle, Fred Hazen, John Lund, Gabe Oakley, Frank Rundatz

In computing, encryption is the method by which plaintext or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.

Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other personal information that should be considered private. Organizations and individuals also commonly use encryption to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.

How encryption works

Unencrypted data, often referred to as plaintext, is encrypted using an encryption algorithm and an encryption key. This process generates ciphertext that can only be viewed in its original form if decrypted with the correct key. Decryption is simply the inverse of encryption, following the same steps but reversing the order in which the keys are applied. Today's most widely used encryption algorithms fall into two categories: symmetric and asymmetric.

How the encryption operation works

Symmetric-key ciphers, also referred to as "secret key," use a single key, sometimes referred to as a shared secret because the system doing the encryption must share it with any entity it intends to be able to decrypt the encrypted data. The most widely used symmetric-key cipher is the Advanced Encryption Standard (AES), which was designed to protect government classified information.

Symmetric-key encryption is usually much faster than asymmetric encryption, but the sender must exchange the key used to encrypt the data with the recipient before the recipient can perform decryption on the ciphertext. The need to securely distribute and manage large numbers of keys means most cryptographic processes use a symmetric algorithm to efficiently encrypt data, but they use an asymmetric algorithm to securely exchange the secret key.

Asymmetric cryptography, also known as public key cryptography, uses two different but mathematically linked keys, one public and one private. The public key can be shared with everyone, whereas the private key must be kept secret. The RSA encryption algorithm is the most widely used public key algorithm, partly because both the public and the private keys can encrypt a message; the opposite key from the one used to encrypt a message is used to decrypt it. This attribute provides a method of assuring not only confidentiality, but also the integrity, authenticity and nonreputability of electronic communications and data at rest through the use of digital signatures.

Threats to the Internet of Things, mobile devices

By 2019, cybersecurity threats increasingly included encryption data data on the Internet of Things (IoT) and on mobile computing devices. While devices on the IoT often are not targets themselves, they serve as attractive conduits for the distribution of malware. According to experts, attacks on IoT devices using malware modifications tripled in the first half of 2018 compared to the entirety of 2017.

Meanwhile, the National Institute of Standards and Technology (NIST) has encouraged the creation of cryptographic algorithms suitable for use in constrained environments, including mobile devices. In a first round of judging in April 2019, NIST chose 56 lightweight cryptographic algorithms candidates to be considered for standardization. Further discussion on cryptographic standards for mobile devices is slated to be held in November 2019.

In February 2018, researchers at the Massachusetts Institute of Technology unveiled a new chip, hardwired to perform public key encryption, which consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster.

Because public key encryption protocols in computer networks are executed by software, they require precious energy and memory space. This is a problem in IoT, where many different sensors embedded in products. such as appliances and vehicles, connect to online servers. The solid-state circuitry greatly alleviates that energy and memory consumption.

Benefits of encryption

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted via the internet or any other computer network. A number of organizations and standards bodies either recommend or require sensitive data to be encrypted in order to prevent unauthorized third parties or threat actors from accessing the data. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants to encrypt customers' payment card data when it is both stored at rest and transmitted across public networks.

Modern encryption algorithms also play a vital role in the security assurance of IT systems and communications as they can provide not only confidentiality, but also the following key elements of security:

  • Authentication: the origin of a message can be verified.
  • Integrity: proof that the contents of a message have not been changed since it was sent.
  • Nonrepudiation: the sender of a message cannot deny sending the message.

Types of encryption

Traditional public key cryptography depends on the properties of large prime numbers and the computational difficulty of factoring those primes. Elliptical curve cryptography (ECC) enables another kind of public key cryptography that depends on the properties of the elliptic curve equation; the resulting cryptographic algorithms can be faster and more efficient and can produce comparable levels of security with shorter cryptographic keys. As a result, ECC algorithms are often implemented in IoT devices and other products with limited computing resources.

As development of quantum computing continues to approach practical application, quantum cryptography will become more important. Quantum cryptography depends on the quantum mechanical properties of particles to protect data. In particular, the Heisenberg uncertainty principle posits that the two identifying properties of a particle -- its location and its momentum -- cannot be measured without changing the values of those properties. As a result, quantum encoded data cannot be copied because any attempt to access the encoded data will change the data. Likewise, any attempt to copy or access the data will cause a change in the data, thus notifying the authorized parties to the encryption that an attack has occurred.

Encryption is used to protect data stored on a system (encryption in place or encryption at rest); many internet protocols define mechanisms for encrypting data moving from one system to another (data in transit).

Some applications tout the use of end-to-end encryption (E2EE) to guarantee data being sent between two parties cannot be viewed by an attacker that intercepts the communication channel. Use of an encrypted communication circuit, as provided by Transport Layer Security (TLS) between web client and web server software, is not always enough to insure E2EE; typically, the actual content being transmitted is encrypted by client software before being passed to a web client and decrypted only by the recipient.

Messaging apps that provide E2EE include Facebook's WhatsApp and Open Whisper Systems' Signal. Facebook Messenger users may also get E2EE messaging with the "Secret Conversations" option.

How encryption is used

Encryption was almost exclusively used only by governments and large enterprises until the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published -- and the first personal computers were introduced. By the mid-1990s, both public key and private key encryption were being routinely deployed in web browsers and servers to protect sensitive data.

Encryption is now an important part of many products and services, used in the commercial and consumer realms to protect data both while it is in transit and while it is stored, such as on a hard drive, smartphone or flash drive (data at rest).

Devices like modems, set-top boxes, smartcards and SIM cards all use encryption or rely on protocols like SSHS/MIME, and SSL/TLS to encrypt sensitive data. Encryption is used to protect data in transit sent from all sorts of devices across all sorts of networks, not just the internet; every time someone uses an ATM or buys something online with a smartphone, makes a mobile phone call or presses a key fob to unlock a car, encryption is used to protect the information being relayed. Digital rights management systems, which prevent unauthorized use or reproduction of copyrighted material, are yet another example of encryption protecting data.

Cryptographic hash functions

Encryption is usually a two-way function, meaning the same algorithm can be used to encrypt plaintext and to decrypt ciphertext. A cryptographic hash function can be viewed as a type of one-way function for encryption, meaning the function output cannot easily be reversed to recover the original input. Hash functions are commonly used in many aspects of security to generate digital signatures and data integrity checks. They take an electronic file, message or block of data and generate a short digital fingerprint of the content called a message digest or hash value. The key properties of a secure cryptographic hash function are:

  • Output length is small compared to input
  • Computation is fast and efficient for any input
  • Any change to input affects lots of output bits
  • One-way value -- the input cannot be determined from the output
  • Strong collision resistance -- two different inputs can't create the same output

The ciphers in hash functions are optimized for hashing: They use large keys and blocks, can efficiently change keys every block and have been designed and vetted for resistance to related-key attacks. General-purpose ciphers used for encryption tend to have different design goals. For example, the symmetric-key block cipher AES could also be used for generating hash values, but its key and block sizes make it nontrivial and inefficient.

Contemporary encryption issues

For any cipher, the most basic method of attack is brute force; trying each key until the right one is found. The length of the key determines the number of possible keys, hence the feasibility of this type of attack. Encryption strength is directly tied to key size, but as the key size increases so, too, do the resources required to perform the computation.

Alternative methods of breaking a cipher include side-channel attacks, which don't attack the actual cipher but the physical side effects of its implementation. An error in system design or execution can allow such attacks to succeed.

Attackers may also attempt to break a targeted cipher through cryptanalysis, the process of attempting to find a weakness in the cipher that can be exploited with a complexity less than a brute-force attack. The challenge of successfully attacking a cipher is easier if the cipher itself is already flawed. For example, there have been suspicions that interference from the National Security Agency (NSA) weakened the Data Encryption Standard algorithm, and following revelations from former NSA analyst and contractor Edward Snowden, many believe the NSA has attempted to subvert other cryptography standards and weaken encryption products.

More recently, law enforcement agencies such as the FBI have criticized technology companies that offer end-to-end encryption, arguing that such encryption prevents law enforcement from accessing data and communications even with a warrant. The FBI has referred to this issue as "Going Dark," while the U.S. Department of Justice has proclaimed the need for "responsible encryption" that can be unlocked by technology companies under a court order.

History of encryption

The word encryption comes from the Greek word kryptos, meaning hidden or secret. The use of encryption is nearly as old as the art of communication itself. As early as 1900 B.C., an Egyptian scribe used nonstandard hieroglyphs to hide the meaning of an inscription. In a time when most people couldn't read, simply writing a message was often enough, but encryption schemes soon developed to convert messages into unreadable groups of figures to protect the message's secrecy while it was carried from one place to another. The contents of a message were reordered (transposition) or replaced (substitution) with other characters, symbols, numbers or pictures in order to order to conceal its meaning.

In 700 B.C., the Spartans wrote sensitive messages on strips of leather wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of exactly the same diameter, the recipient could recreate (decipher) the message. Later, the Romans used what's known as the Caesar Shift Cipher, a monoalphabetic cipher in which each letter is shifted by an agreed number. So, for example, if the agreed number is three, then the message, "Be at the gates at six" would become "eh dw wkh jdwhv dw vla". At first glance this may look difficult to decipher, but juxtaposing the start of the alphabet until the letters make sense doesn't take long. Also, the vowels and other commonly used letters like T and S can be quickly deduced using frequency analysis, and that information, in turn, can be used to decipher the rest of the message.

The Middle Ages saw the emergence of polyalphabetic substitution, which uses multiple substitution alphabets to limit the use of frequency analysis to crack a cipher. This method of encrypting messages remained popular despite many implementations that failed to adequately conceal when the substitution changed, also known as key progression. Possibly the most famous implementation of a polyalphabetic substitution cipher is the Enigma electromechanical rotor cipher machine used by the Germans during World War II.

It was not until the mid-1970s that encryption took a major leap forward. Until this point, all encryption schemes used the same secret for encrypting and decrypting a message: a symmetric key. In 1976, Whitfield Diffie and Martin Hellman's paper "New Directions in Cryptography" solved one of the fundamental problems of cryptography: namely, how to securely distribute the encryption key to those who need it. This breakthrough was followed shortly afterward by RSA, an implementation of public-key cryptography using asymmetric algorithms, which ushered in a new era of encryption.

This was last updated in May 2019

Continue Reading About encryption

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Will the industry ever reach a point where all encryption algorithms can be broken by brute force and rendered useless or uneconomic?
I would like to say that this could never happen, given the strength of today's encryption and the robustness of the algorithms, but "never" is a long time. Technology tends to advance in exponential leaps, so I guess it's possible that it "could" happen someday. However, it is not possible today, even with existing super computers. The NSA is trying to get to the point where it can crack anything, but I doubt it's there yet and probably won't be for a while.
I would like to say that this will happen in the near future
I suspect this is more like an arms race where as one side gains temporary advantage, the other innovates and we are back to the middle. The bad guys will figure out how to create a trojan that steals CPU cycles from all over the world to break encryption - meanwhile the good guys will find a way to add another 64 bits, making the decrypt cycles take exponentially longer for brute force -- and on and on it will go.
I think you are right
Watson, cometh here.
I believe this will happen if a workable large-scale quantum computer can be developed.  It's hard to speculate when such a breakthrough might occur, but I believe it could happen sooner than we expect.

It is also possible that a government-sponsored research program could uncover a way to defeat current encryption, and keep it a secret.
How does strong end-to-end encryption work to benefit you or your organization?
One of the biggest threats to good encryption is the passwords of the operators broken and stolen. The more effective the encryption becomes, the harder the criminals' endeavour on breaking/stealing passwords will be. A bigger attention could be paid to this issue when talking about cryptography.

As hitoshianatomi points out, getting the crypt/decrypt keys stolen is an issue. Put a different way: People like to be helping, and preying on that ("Social Engineering") will continue to be a bigger threat than these sort of technical discussions. 

Madam is it possible to know the date this article was published? thank you


File Extensions and File Formats

Powered by: