The Basics of Encryption: Protecting Sensitive Data with Symmetric and Asymmetric Encryption

August 1, 2022 – Reading Time: 7-9 minutes

In today's world, sensitive information is being transmitted and stored online more than ever before. This sensitive information can include personal data, financial information, and confidential business data.

...

With so much sensitive information being transmitted and stored online, it's critical to have effective security measures in place to protect that information. One of the most important security measures is encryption. In this post, we'll explore the basics of encryption, including symmetric and asymmetric encryption, and provide an overview of some of the most common encryption algorithms, including AES, RSA, and elliptic curve cryptography.

What is Encryption?

Encryption is a method of converting plaintext data into a code to protect its confidentiality and integrity. The encrypted data can only be decrypted and read by authorized users with the correct decryption key. Encryption is used to protect sensitive information transmitted over a network and to protect data stored on disk.

At the end of the encryption process, the encrypted data is indistinguishable from random data, making it very difficult for an attacker to determine the original plaintext without the encryption key.

Symmetric Encryption

Symmetric encryption, also known as secret key encryption, uses the same key for both encryption and decryption. The key must be kept secret between the two parties involved in the communication, otherwise anyone with the key could read the encrypted data. Symmetric encryption is fast and efficient, but it requires a secure method of distributing the key to the parties involved in the communication.

Asymmetric Encryption

Asymmetric encryption, also known as public key encryption, uses two different keys, a public key and a private key. The public key is used to encrypt the data and the private key is used to decrypt the data. Asymmetric encryption is slower than symmetric encryption, but it provides a secure method for distributing the public key and protects the confidentiality of the private key.

AES

AES, or Advanced Encryption Standard, is a symmetric encryption algorithm that is widely used to encrypt data. The development of AES was the result of a public competition, with submissions from leading encryption experts from around the world. The competition was designed to find a new encryption standard that was secure, fast, and flexible, and could be used for a variety of applications.

The winning submission, Rijndael, was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. Rijndael was chosen for its combination of security, efficiency, and flexibility, and was officially standardized as AES by the US National Institute of Standards and Technology (NIST) in 2001. Since then, AES has become a dominant encryption algorithm and is widely used, for instance for VPNs, disk encryption, and HTTPS (on the basis of SSL/TLS) which you are using right now to read this article.

AES uses a combination of substitution and permutation to encrypt the data. During encryption, the plaintext is divided into blocks of 128 bits (16 bytes) and then each block is processed through several rounds of substitution and permutation operations.

Each round of the encryption process adds a round key derived from the secret key to scramble the data. AES uses 10, 12, or 14 rounds of encryption, depending on the key length. AES supports key lengths of 128, 192, and 256 bits.

In each round, the data is transformed using a series of mathematical operations. In the substitution operation, plaintext data is transformed into a different form using a substitution table (the so-called S-Box). In the permutation operation, the data is rearranged and mixed according to a predefined pattern.

To decrypt the encrypted data, each round’s operations are undone in reverse and the round key is subtracted from the data.

RSA

RSA is an asymmetric encryption algorithm that is based on the mathematical concept of prime factorization (i.e. calculating which prime numbers, when multiplied together, make up a number) which is very hard to solve even on modern computers. RSA was developed by Ron Rivest, Adi Shamir, and Leonard Adleman and is widely used for secure data transmission and digital signatures.

Two large prime numbers, p and q, each consisting of several hundreds of digits and chosen uniquely per key, are multiplied together to produce n, which is used as part of both the public and private keys. The length of n is known as the key length. For the public key an additional number e is used, while the private key additionally consists of a number called d. e and d are computed so that d undoes the effect of e when used in a calculation. Because the prime factorization problem is very hard to solve, the original prime numbers p and q which are required to compute d cannot be feasibly extracted from the public key by an attacker.

To encrypt data using RSA, the sender first converts the data into a number m. The sender then computes the exponentiation of m and e as c, and sends c to the recipient. To decrypt the data, the recipient computes the original message m as the exponentiation of c and d.

Because the encryption and decryption operations are based on exponentiation modulo n, RSA is much slower than AES. However, RSA provides an effective way of securly transmitting a secret key for AES which is then used for subsequent encrypted transmissions.

Elliptic Curve Cryptography

Elliptic curve cryptography (ECC) is a public key encryption algorithm that is based on the mathematics of elliptic curves. ECC is considered to be comparable RSA in security for smaller key sizes and more efficient in terms of computation time and memory usage. ECC often used as another choice to securely negotiate a secret key for a symmetric algorithm.

The Impact of Quantum Computing on Traditional Cryptography

Quantum computing has the potential to revolutionize many areas of computing, including cryptography. Theoretically, quantum computers would be able to break many traditional encryption algorithms by solving the underlying mathematical problems much faster than classical computers. However, quantum computers are still in their infancy, and it is uncertain when, or even if, they will reach the level of performance required to break most encryption algorithms. Until that time, traditional encryption algorithms will remain secure and will continue to be used to protect sensitive information.

Conclusion

Encryption is a critical tool for protecting sensitive information in today's connected world. Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a public key for encryption and a private key for decryption. AES, RSA, and elliptic curve cryptography are some of the most widely used encryption algorithms. While quantum computing has the potential to break traditional encryption algorithms in the future, for the time being, traditional encryption algorithms will continue to provide strong protection for sensitive information. By understanding the basics of encryption, organizations and individuals can make informed decisions about how to protect their sensitive information and ensure its confidentiality and integrity.