# What is Encryption?

### Aditi Chaudhry Aug 1 '17

*This article was first published on Medium. You can take a look at it here*

Lately, thereâs been a lot of buzz about encryption. A lot of people have this misconception that encryption is complicated and only a rocket scientist can understand the concept. False, encryption is everywhere and contrary to popular thought, it isnât very complicated. Encryption can be as simple as a secret code that two 5 year olds came up. Fundamentally, encryption is when you take some readable/understandable information and scramble it up into gibberish. The goal of encryption is to stop anyone, besides the intended recipients, from reading the message.

Encryption is not a new concept. The technique dates back millennia, to the times of Julius Caesar. In 45 BC, in ancient Rome, Julius Caesar used the âCaesar Cipherâ to encode messages to his top generals. Since then, modern warfare has expanded the use of encryption. In World War II, the Germans created Enigma, a machine to encrypt their messages. The British created Colossus in response to decrypt the Nazi messages. Today, encryption is used very frequently, especially in messaging applications.

So what exactly is encryption and how does one go about implementing it. Before we walk through an example, letâs define a few terms.

- PlaintextâââThis is the text/data in raw form, this is what will encrypted
- CipherâââThis is the algorithm, or group of steps performed on the data, that is used to encrypt the plaintext.
- CiphertextâââThis is the encrypted text/data obtained when applying a cipher to the plaintext
- EncryptionâââThis is the process of obtaining a ciphertext from plaintext
- DecryptionâââThis is the process of obtaining a plaintext from a ciphertext (the reverse of encryption)

Letâs walk through an example with the sentence âyou are awesomeâ. This sentence is our plaintext. Our cipher will be moving each letter down one space in the alphabet, so that A becomes B, B becomes C and so on. Our ciphertext then becomes âzpv bsf bxftpnfâ. This encryption method is an example of the Caesar Cipher. To decrypt the message, the intended recipient must know that it was encrypted by shifting each letter down one. Then the recipient simply reverses the process to decrypt the message!

There are two types of encryption used today, symmetric and asymmetric. The difference between these methods is the way they use keys to encrypt and decrypt messages. In symmetric encryption, the sender and receiver use the same key to encrypt and decrypt the message. The Caesar Cipher (mentioned above) is an example of symmetric encryption. Caesar and his generals would both use the same agreed upon key (shifting the alphabet by one) when encrypting and decrypting the message. Symmetric key encryption is a great way to transfer information among a small group of people. However, it is not scalable. If Caesar wanted to send one general a message he didnât want the other generals to read, he would have to have a separate encryption key for that specific general. As the number of generals who would receive different messages grows, so does the number of symmetric keys. The formula to calculate how many symmetric keys are needed for n participants is n*(n-1)/2. The number of keys needed can get out of hand very quickly for large groups.

Asymmetric key encryption solves the scalability problem by providing each user with a pair of keys, a public key and a private key. A message encrypted with one key from the pair, can only be decrypted with the other key from the pair. Letâs walk through an example with cryptographyâs favorite characters, Alice and Bob. Alice and Bob each have a public and private key. Their public keys are distributed freely to any use. If Alice wants to send Bob a message, she encrypts it with Bobâs public key, which everyone knows. When Bob receives the message, he uses his private key, known only to him, to decrypt the message. This solves the scalability issue by requiring only two keys per user or 2n. The table below demonstrates the number of keys required per the number of participants for both encryption scenarios.

Number of Participants (n) | Number of Symmetric Keys | Number of Asymmetric Keys |
---|---|---|

2 | 1 | 4 |

4 | 6 | 8 |

10 | 45 | 20 |

100 | 4,950 | 200 |

1,000 | 499,500 | 2,000 |

10,000 | 4,999,500 | 20,000 |

But what if thereâs a malicious attacker who is trying to intercept Aliceâs message to Bob? If Eve is eavesdropping between Alice and Bob, she may be able to obtain the encrypted message, but she can only decrypt it using Bobâs private key which only Bob has. This is a fundamental principle in security called Kerckhoffs' principle. It states that the details of the algorithm used to encrypt/decrypt messages can be publicly known but not the key.

*Why would we want our algorithm to be exposed to everyone? Isnât that contradictory to being secure?*

It actually isnât; having a secret algorithm is bad practice in security. This is referred to as âsecurity through obscurity.â Security through obscurity is bad because it implies that obscurity is the principal means of security. Obscurity is fine until it is discovered. Once found, the system is vulnerable again which is basically like having no security at all. Consider the scenario of burying $1000 under a tree. The only way your money is safe is if no one know it is there. Real security would be putting your money in a safe. There are thousands of the same safe but if someone found your safe, they would not be able to get your money because only you have the combination. The safe in this example is the algorithm, it is publicly known but the security lies within your combination, or the key.

While these are the basics of encryption, it is important to note that encryption is not entirely foolproof. A malicious attacker could still gain access to your message by simple means such as reading the message on your screen or by a more involved attack such as man-in-the-middle. There are ways to prevent such attacks but protecting data online is not an easy task. Rest assured though that the underlying mathematics of current day encryption algorithms are much more sophisticated than the examples provided in this article. While the actual algorithms are complicated, the basic fundamentals of symmetric and asymmetric encryption are less intimidating!

*This is the fifth post in my "What is" tech blog series. I'll be writing more every week here and on my blog!*

(open source and free forever â¤ď¸)

Your explanation was very straight to the point and I was in tuned the whole writing. Great article and keep the great writing!

Thank you so much!

Super intro.

It's called "Kerckhoffâs principle".

"Kerchoff" established laws for the zero-sum effect of values and direction of voltages and currents in a perfect electrical circuit.

Thank you! I fixed it =)

Great explanation of encryption for those new to the topic!

I also found "The Code Book" to be an interesting read. It includes descriptions of how different types of ciphers work and the evolution of cryptography itself, starting with the Ceasar cipher and explaining significant developments in cryptography up to Quantum proof ciphers.

Did you know that Turing was not the first person to crack ciphertext created by the enigma machine?

Here is a link to the book if anyone is interested:

amazon.com/Code-Book-Science-Secre...

Nice analogy to the $1k buried under a tree; I hadn't seen that before, but it's a very clear analogy. :)

That was a great explanation!