Encryption Techniques and Methods

Symmetric Key Encryption

Symmetric key encryption, also known as private key encryption, uses the same key to encrypt the data as it does to decrypt the data, meaning that when used for data transmissions, symmetric key encryption requires that both the sender and the receiver possess the same cipher key.

The security of the encryption depends heavily on the complexity of the cipher and the key, but this is usually not the weakest link. The sender and receiver must somehow exchange the secret key with each other before encrypting any data. It is during this key exchange that the encryption is most vulnerable. If an attacker were to intercept the key, the attacker could decrypt the data and even send a forged message by re-encrypting the data using that same key. You may have used symmetric key encryption in the past. Consider a group of classmates plotting to exchange secret notes in class. They first agree upon a cipher, such as changing each letter to another letter. Then they agree upon a key, such as the number of letters before or after the original letter. With that information, you could both encrypt and decrypt the messages. Unfortunately for these classmates, not only is the cipher simple to determine, but the key is easy to guess, having only 26 possible combinations.

 Shared secret key used to encrypt and decrypt data from sender to recipient

Diagram. Symmetric key encryption.

This does not mean that symmetric encryption is weak. A sufficiently complex cipher and key can keep data secret for a long time. For example, in World War II the German army used a symmetric key cipher in their Enigma machine, an advanced cryptograph that incorporated the date into the key, rendering the code unbreakable by Allied forces for years.

In addition to its simplicity, the other advantage to symmetric key ciphers is the speed at which they can calculate the encryption and decryption sequences. When encrypting a large amount of data, it is significantly faster to encrypt the data using a symmetric key cipher than an asymmetric key cipher, but as with the Enigma machine, if given enough time and computing power, the key will be eventually compromised, and the code broken.

Asymmetric Key Encryption

Asymmetric key ciphers rely on two different keys to encrypt and decrypt the traffic. This is particularly useful on the internet where the encryption of the data being sent to and from e-commerce and banking websites is needed. The customers have no reliable and secure means to exchange a secret key prior to the data transfer, so public key infrastructure (PKI) is relied upon.

PKI is an asymmetric key solution that allows two parties to exchange encrypted data without having first exchanged a private or shared key with one another. In PKI systems, each party that could either send or receive encrypted data must first create a key pair consisting of a public key and a private key. The key pair is created using an algorithm that enables one key to decrypt ciphertext that the other key has encrypted. Once the pair is created, the public key is published to a public repository, whereas the private key is kept secret by the owner of the key. If you wish to send this person an encrypted file, you would retrieve their public key from the internet and then use it to encrypt the file. You could then send the encrypted file to the person or even post it for them to download. The only way to decrypt the file is to use the recipient’s private key, which should be stored in a very safe place.

In addition to encrypting data for secrecy, PKI can also be used for nonrepudiation and to verify the validity and integrity of data that was sent. If you encrypt a file using your own private key, the data can be decrypted by anyone who can download your public key. This is not a security breach, it is a feature known as a digital signature. By encrypting the data, you create a ciphertext block that cannot be decrypted if it is altered after you signed it, thereby guaranteeing that the data has not changed since you signed it.

One downside to asymmetric key ciphers is the computational power required to perform the encryption on large blocks of data. This has led to a hybrid use of symmetric and asymmetric ciphers in bulk data encryption as well as for data encrypted in transit. Transport Layer Security (TLS) encryption, as well as bulk data encryption, is performed using a symmetric key to optimize its speed, but that key is exchanged using an asymmetric key cipher to ensure perfect secrecy of the key exchange. In this way, you get the best of both worlds: speed and security.

 Recipient's public key used to encrypt data, and the recipient's private key used to decrypt data from sender to recipient

Diagram. Asymmetric key encryption.

Elliptic Curve Cryptography

  Equation y^2=x^3+ax+b graphed on an x-y coordinate plane

Diagram. Example of elliptic curve cryptography.

One of the weaknesses of PKI is that it is based on mathematical formulas. With modern computers able to process incredibly complex equations, the secrecy of these keys became very uncertain. In order to add complexity to the keys that defies current brute force attack methods, a new breed of asymmetric key creation was unveiled: elliptic curve cryptography (ECC). ECC uses the algebraic structure of elliptic curves to create a key that is even smaller than traditional asymmetric keys, yet it is substantially more difficult to crack without the aid of quantum computers.