Encryption is an important process of protecting information, which consists in transforming data into an incomprehensible format that can be deciphered only in the presence of an appropriate key. It allows you to ensure the confidentiality and security of information in the digital world. There are two main types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt data, while asymmetric encryption uses a pair of keys (public and private). Encryption has a wide range of applications, including securing Internet transactions, protecting sensitive data in the fields of cybersecurity and information storage, ensuring secure messaging, and protecting financial transactions.
Encryption plays an important role in ensuring the privacy and security of data in the digital world, and its use is widespread in many areas of activity to protect important information. The main types of encryption include symmetric and asymmetric. In symmetric encryption, the same key is used to encrypt and decrypt data. Asymmetric encryption uses a pair of keys – public and private. The applications of encryption are diverse, and it plays an important role in ensuring the security and privacy of information. It is used in Internet security to protect against unauthorized access to personal data and financial transactions. Encryption is used in cyber security to protect against cyber attacks and ensure data integrity. Its important application is in data storage, where important information can be encrypted on data stores and in files. Encryption helps ensure the secure exchange of messages and data in communications. It is also used in the financial sector to ensure the security of financial transactions and customer data. All of this makes encryption a key tool for information security and data privacy in a world where digital technologies are becoming increasingly important.
Many people still underestimate the importance of SSL certificates, because their technology is the basis of the safety and security of all information on the Internet. Encryption is the conversion of data into an unencrypted format so that only authorized users have access to the information. Encryption is done using cryptographic keys combined with various mathematical algorithms. In this article, we will look at the two main types of encryption, symmetric and asymmetric, as well as the 5 most commonly used encryption algorithms. Let’s deal with everything in order.
The symmetric encryption method, as the name suggests, uses a single cryptographic key to encrypt and decrypt data. Using the same key for both operations makes the process simple. Let’s understand the process of symmetric encryption using a simple example:
Two close friends Anton and Alisa live in Kyiv. For some reason, Alice was forced to leave the city. The only way to communicate with each other is through mail. But there is a problem: Anton and Alice are afraid that someone will read their letters.
To protect their letters, they decided to encrypt the messages so that each letter was replaced by a letter seven positions lower in the alphabet. Instead of “Apple” they will write “hwwsl” (A -> H, P -> W, L -> S, E -> L). To decipher the message, each letter must be replaced by seven positions in reverse alphabetical order. This encryption technique was used long ago by the Roman emperor and general Gaius Julius Caesar and is also known as the “Caesar Cipher”.
The most outstanding feature of symmetric encryption is the simplicity of the process, since a single key is used for both encryption and decryption. When you need to encrypt a large chunk of data, symmetric encryption turns out to be a great option. As a result, symmetric encryption algorithms:
Much faster than their asymmetric encryption counterparts (which we will talk about shortly);
Less computing power is required;
Internet speed does not decrease.
“Caesar Cipher” is based on a special logic of data encryption, after solving which information can be easily deciphered. Modern encryption methods are based on very complex mathematical functions that are almost impossible to crack.
There are hundreds of symmetric algorithms! The most common of them are AES, RC4, DES, 3DES, RC5, RC6, etc. Let’s look at the three most popular.
DES (Data Encryption Standard), introduced in 1976, is the oldest method of symmetric encryption. It was developed by IBM to protect sensitive government data and was officially adopted in 1977 for use by United States federal agencies. The DES encryption algorithm is one of the algorithms included in versions 1.0 and 1.1 of TLS (Transport Layer Security).
DES converts 64-bit blocks of plaintext data into ciphertext by splitting them into two separate 32-bit blocks, applying the encryption process to each block separately. Consists of 16 cycles of various processes — such as expansion, permutation, replacement, or other operations — through which data is transmitted in encrypted form.
Finally, 64-bit ciphertext blocks are generated as output. In 2005, DES was officially deprecated and replaced by the AES encryption algorithm. The biggest disadvantage of DES is that the length of the encryption key is too short to be easily decrypted. TLS 1.2, which is widely used today, does not use DES encryption.
3DES is also known as TDEA (Triple Data Encryption Algorithm), as the name suggests, it is an updated version of the DES algorithm. 3DES was developed to overcome the shortcomings of the DES algorithm and came into use in the late 1990s. The updated algorithm applies the DES cycle three times to each block of data. As a result, 3DES is much more difficult to crack than its predecessor, DES. TDEA has become a widely used encryption algorithm in payment systems and other technologies in the financial industry. It is also part of encryption protocols such as TLS, SSH, IPsec, and OpenVPN.
All encryption algorithms eventually succumb to the forces of time, and 3DES is no exception. The Sweet32 vulnerability in the 3DES algorithm was discovered by Karthikeyan Bhavargan and Gaetan Lerant. This discovery forced the security industry to consider the possibility of aging algorithms, and the US National Institute of Standards and Technology (NIST) officially announced this in a draft guidance published in 2019.
According to this draft, after 2023, the use of 3DES will be phased out in all new applications. It’s also important to note that TLS 1.3, the latest SSL/TLS protocol standard, also makes 3DES obsolete.
AES(advanced encryption system), also known as Rijndael, is one of the most common encryption algorithms. It was developed as an alternative to DES and after its approval by NIST in 2001 became the new encryption standard. AES is a family of block ciphers with different key lengths and different block sizes.
AES works by substitution and permutation methods. First, the unencrypted data is converted into blocks, and then encryption is applied using the key. The encryption process consists of various processes such as row shifting, column shuffling, and key addition. Depending on the length of the key, 10, 12 or 14 such transformations (rounds) are performed. It is worth noting that the last round is different from the previous ones and does not include the mixing sub-process.
The advantage of using the AES encryption algorithm
What it all boils down to is that AES is secure, fast and flexible. The AES algorithm is much faster than DES. Variants with different key lengths are the biggest advantage: the longer the keys, the more difficult they are to break.
Today, AES is the most popular encryption algorithm – it is used in many applications, including:
Processor security and file encryption;
SSL/TLS protocol (site security);
Encryption of mobile applications;
VPN (virtual private network), etc.
Many US government agencies use the AES encryption algorithm to protect their confidential information.
Asymmetric encryption, unlike symmetric, consists of several keys for encrypting and decrypting data, which are mathematically related to each other. One of these keys is called the public key and the other is called the private key. The asymmetric encryption method is also known as public key cryptography. Symmetric encryption works well when our Alice and Anton want to exchange information with each other. But what if Anton wants to communicate securely with hundreds of people? It is impractical and inconvenient to use different keys for each interlocutor.
To solve the problem, Anton uses public key encryption ie. He gives the public key to anyone who sends him information and keeps the private key with him. It requires them to encrypt the information with a public key so that the data can only be decrypted with the private key. This eliminates the risk of the key being broken, as the data can only be decrypted using the private key that Anton has.
Under this plan, the use of 3DES will be phased out in all new programs after 2023. It’s worth noting that TLS 1.3, the latest SSL/TLS protocol standard, also makes 3DES obsolete.
The first (and most obvious) benefit of this type of encryption is the security it provides. In this method, the public key (public key) is used to encrypt the data, while the decryption of the data is done using the private key, which must be kept in a secure state. This ensures that data remains protected from man-in-the-middle (MiTM) attacks. Web servers and email servers that connect to hundreds of thousands of clients all the time require a single key to be managed and secured.
Another important point is that public-key cryptography allows you to create an encrypted connection without having to first meet in offline mode to exchange keys. The second important function of asymmetric encryption is authentication. As we have seen, data encrypted with a public key can only be decrypted with its associated private key. This way, it ensures that the data is only viewed and decoded by the intended recipient. Simply put, it verifies that you are talking or exchanging information with a real person or organization.
Let’s consider two main types of asymmetric encryption algorithms.
In 1977, the algorithm was invented by three scientists from the Massachusetts Institute of Technology, Ron Rivest, Adi Shamir and Leonard Adleman (Ron Rivest, Adi Shamir, Leonard Adleman, hence “RSA”). Today, it is the most widely used asymmetric encryption algorithm. Its effectiveness lies in the “prime factorization” method. Essentially, two different random prime numbers of a given size (eg 1024 bits each) are chosen and multiplied to create another giant number. The task is to determine the original prime numbers from the multiplied giant. It turns out that this puzzle is practically impossible for modern supercomputers, not to mention humans.
In 2010, a group of volunteers did a study and it took them more than 1,500 years of computing time (spread across hundreds of computers) to crack a 768-bit RSA key, far below the standard 2,048-bit key used today.
The advantage of using the RSA encryption algorithm
The great advantage of RSA is its scalability, keys can be of different encryption lengths: 768-bit, 1024-bit, 2048-bit, 4096-bit, etc.
RSA is based on a simple mathematical approach, so its implementation in a public key infrastructure (PKI) becomes easy. Adaptability and security have made RSA the most widely used asymmetric encryption algorithm for a variety of applications, including SSL/TLS certificates, cryptocurrencies, and email encryption.
In 1985, two mathematicians named Neil Koblitz and Victor Miller proposed the use of elliptic curves in cryptography. Almost two decades later, their idea became a reality, the ECC (Elliptic Curve Cryptography) algorithm began to be used in 2004-2005.
In the ECC encryption process, an elliptic curve represents a set of points that satisfy the mathematical equation (y 2 = x 3 + ax + b).
Like RSA, ECC also works on the principle of irreversibility. Simply put, an ECC number representing a point on a curve is multiplied by another number to give another point on the curve. Now, to crack this puzzle, you have to figure out a new point on the curve. The ECC math is built in such a way that it is almost impossible to find a new point even if you know the starting point.
Despite the fact that compared to RSA, ECC uses a shorter key length, it provides greater security (against modern hacking methods).
Another advantage of using shorter keys in ECC is higher performance. Short keys require less network load and computing power, and are great for devices with limited storage and processing capabilities. Using the ECC algorithm in SSL/TLS certificates significantly reduces the time required for encryption and decryption, which helps the website load faster. The ECC algorithm is used for encryption applications, digital signatures, pseudorandom generators, etc.
However, the problem with the widespread use of ECC is that many server applications and control panels have not yet added support for ECC SSL/TLS certificates. We hope this will change soon, and for now, RSA will continue to be the most used asymmetric encryption algorithm.
Let’s be clear from the start that hybrid encryption is not a “single method” like symmetric or asymmetric, it takes advantage of both methods and creates a powerful compilation of strong encryption systems.
Each encryption algorithm has its own weaknesses. For example, symmetric encryption is ideal for quickly encrypting large amounts of data. But it doesn’t offer identity verification, which is important when it comes to online security. On the other hand, asymmetric encryption allows access to the recipient’s data. However, this check significantly slows down the encoding process.
The idea of hybrid encryption was born when it became important to encrypt data at high speed, providing proof of identity. A hybrid method of encryption is used in SSL/TLS certificates during serial communication between a server and a client (web browser) in a process called the TLS handshake. First, the identities of both parties are verified using the private and public keys.
After both parties confirm their identity, the data is encrypted using symmetric encryption using a temporary (session) key. This helps to quickly transfer the large amounts of data we send and receive online every minute.
If you’re wondering, “So which type of encryption is better?”, there is no clear winner. From a security perspective, asymmetric encryption is definitely better because it provides authentication. However, performance is an aspect that cannot be ignored, so symmetric encryption will always be necessary.
We have collected the advantages of symmetric and asymmetric encryption in a table, which we offer you to familiarize yourself with:
Most modern SSL certificates use a hybrid method: asymmetric encryption for authentication and symmetric encryption for privacy. Such a certificate prevents fraudsters from intercepting or changing personal data of users: contact information, bank card numbers, logins, passwords, e-mail addresses, etc.