In today’s digital era, where our personal data is everywhere online. Whether you are doing online banking, online shopping, having a private chat with someone, or sharing confidential documents, sensitive information is being transmitted over the internet. But have you ever wondered how this data remains secure from prying eyes? Here comes the technique of Encryption, which turns readable data into an unbreakable code. In cryptography there are primarily two type of key based encryption, Symmetric and Asymmetric encryption. During this article, we’ll uncover the magic behind “Key based Encryption”, why it’s vital in today’s digital age, and how it forms the backbone of data security.
My previous article (“Cryptography and Hashing Basics for Beginners” and “What is HMAC and how does it secure data”) It explained the concept of Hashing and HMAC, which ensures data integrity, but hashing cannot help to maintain confidentiality of the data.
A brief history of encryption
The history of encryption dates back thousands of years, when ancient civilizations needed to keep messages secret. The most ancient and famous example is the Caesar Cipher, used by Julius Caesar to keep his army’s bases secure. It was a simple substitution cipher in which each letter was shifted by a specific number so that the message could not be understood without the key.
In ancient Egypt, some complex hieroglyphic symbols were used to conceal meaning, and encrypted formulas have been found on clay tablets from Mesopotamia that date back to 1500 BCE.
Similarly, in ancient Greece, a cipher called the Scytale Cipher was used, in which a secret message was created by aligning letters with a cylindrical tool. These ancient techniques provided a strong foundation for today’s modern cryptography and show how important the protection of secrets was in politics, war, and governance even in ancient times.
Using Encryption for message confidentiality
The objective of confidentiality is to ensure that only intended recipient can read the message correctly. Let’s start with a simple example.
Suppose we want to encrypt the word WORLD and run the text through an encryption algorithm of our own, which gives us some an encrypted output text. This output text is not the original input text, it is not cipherable by anyone else.
In this case, the readable input text is referred as “Plain Text” or “Clear Text”. And the data after it was encrypted is called “Cipher Text”
The objective here is that the sender will pick the plaint text data and generate the encrypted data from the plain text and send the encrypted data (Cipher text) to the receiver.
The only person who can convert the Cipher text back the original plain text (also known as Decryption) will be the intendent recipient.
The above is an example of Simple Encryption, where we took a plain text and converted it to a cipher text. But, there are problem with such simple encryption, let’s take a look.
Problem with Simple Encryption
Let’s say person “A” wants to send the plain text “WORLD” confidentially to person “B”, person “A” will encrypt and generate a cipher text for person “B”, this is simple.
Now person “A” also wants to send the same plain text “WORLD” to another person “C”. With Simple encryption the same plain text will generate the same cipher text.
This will lead to a problem of confidentiality, now both “B” and “C” can decrypt each other’s confidential data.
To avoid this Person “A” need to generate new Cipher text for each recipient.
Imagine the sender need to send to hundred recipients.
This shows that a Simple Encryption is not a Scalable approach, as for every user the sender needs to generate different Cipher text, adjusting our simple encryption algorithm for each user is very difficult to in a secure manner.
As we will be using standard publicly known algorithm, anyone can decrypt another user’s message.
Creating a new encryption algorithm every time is tough job. It takes mathematicians years to come up with a perfectly secure encryption algorithm.
Key Based Encryption
That is why it is an industry standard to use a Key Based Encryption. In a key based encryption, the sender used a publicly known standard algorithm with a Secret Key for each user and encrypt the data.
As we have randomly generated text as Secret Key for each user and combined it the public available encryption algorithm, the generated cipher text will be different for each user. And only the user with their respective secret key can decrypt the cipher text to its original plain text.
As we are using a publicly available algorithm, which is accepted across the industry, and can easily generate the random public keys to produce the different cipher text for each user, makes it a scalable solution for the cyber world.
Please take a look at our simple implementation of the Random Key generation utility
Symmetric and Asymmetric Encryption
Now there are two types of Key based encryption used in the industry, Symmetric and Asymmetric encryption. We will dig deep into these in our next article.
Symmetric Encryption
Symmetric Encryption uses the same key for encryption and decryption. Therefore, the sender needs to generate the key, use it to create the Cipher text and send the Cipher text as well as the key to the recipient user.
Some of the common symmetric encryption algorithms:
| Algorithm | Key Length | Description |
| AES (Advanced Encryption Standard) | 128, 192, or 256 bits | Widely used, highly secure, and efficient. Standard for government and industry data protection. |
| DES (Data Encryption Standard) | 56 bits | An older standard, now considered insecure due to short key length. Paved the way for modern methods. |
| 3DES (Triple DES) | 112 or 168 bits | Applies DES three times for increased security. Slower and less secure than modern algorithms. |
| Blowfish | Variable (32 to 448 bits) | Fast and flexible; commonly used in software. Gradually replaced by newer algorithms. |
| Twofish | Up to 256 bits | Successor to Blowfish; more secure and efficient. Finalist in the AES competition. |
| RC4 (Rivest Cipher 4) | Variable (up to 2048 bits) | Stream cipher, once popular in WEP and SSL. Known vulnerabilities led to its decline. |
| IDEA (International Data Encryption Algorithm) | 128 bits | Used in older PGP versions; relatively secure but less common today. |
| Serpent | 128, 192, or 256 bits | AES finalist with a high level of security but slower than AES. |
| CAST-128 and CAST-256 | 40 to 128 bits (CAST-128); up to 256 bits (CAST-256) | Secure and efficient algorithms used in various applications. |
| Skipjack | 80 bits | Developed by the NSA, once used in the Clipper chip. Less common today due to stronger alternatives. |
Asymmetric Encryption
Asymmetric Encryption uses two keys, one key is used for encryption and another key is used for decryption. These two keys are always in pair. The sender needs to generate the key pair, use one key to encrypt and send the other key to the recipient along with the cipher text.
Some of the common asymmetric encryption algorithms:
| Algorithm | Key Length | Description |
| RSA (Rivest-Shamir-Adleman) | 1024 to 4096 bits | One of the most widely used asymmetric algorithms. It uses large key sizes and is fundamental to many secure communications. |
| ECC (Elliptic Curve Cryptography) | 160 to 512 bits | Offers similar security to RSA but with smaller key sizes, making it faster and more efficient. Popular for mobile and IoT devices. |
| DSA (Digital Signature Algorithm) | 1024 to 3072 bits | Primarily used for digital signatures, ensuring data integrity and authenticity. |
| ElGamal | Variable (2048 bits and higher recommended) | Used for both encryption and digital signatures. It is secure but less efficient compared to RSA. |
| Diffie-Hellman | Variable (2048 bits and higher recommended) | Primarily used for secure key exchange rather than encryption of messages. Essential in protocols like SSL/TLS. |
| PAKE (Password-Authenticated Key Exchange) | Variable | Protocols like SRP (Secure Remote Password) fall under this, focusing on secure key exchange using password-based authentication. |
