Cryptographic encryption and confidentiality

This sections discusses how symmetric encryption (AES) and asymmetric encryption (RSA) can be used to protect the confidentiality of data

This section discusses cryptographic encryption and confidentiality. This discussion sheds light on how cryptographic encryption can be used to achieve data confidentiality. This discussion looks at how symmetric encryption and asymmetric encryption work—how scrambling plain text according to some mathematical logic encrypts text into cipher.

  • Confidentiality

  • Symmetric encryption

  • Asymmetric encryption

  • Symmetric encryption vs asymmetric encryption

Confidentiality

Confidentiality refers to the idea of keeping data private and viewable only by authorized users. Encryption is commonly used to enforce data confidentiality. Plain text or clear text is data before it is encrypted. Encrypted data is called cipher text.

Plain text is converted to cipher text using encryption algorithms.

hello —encryption algorithm→lohel (cipher text)

In this example the encryption algorithm shifted the letters forward twice.

hello →ohell →lohel

This type of encryption works by scrambling the text cipher according to some mathematical function – e.g., shifting the letters forward.

In cryptographic encryption you need both an algorithm and a key.

  • Algorithms provide the instructions and mathematical operations used to transform plain text into cipher text (the scrambled form). Different algorithms offer varying levels of security and are suited for different purposes. Some popular examples include AES and RSA.

  • Keys act as the secret ingredients that personalize the encryption process. The algorithm uses the key to manipulate the data in a specific way, making it unreadable without the same key. Strong keys with sufficient length and randomness are crucial for resisting brute-force attacks.

Note, hash functions are algorithms used to generate a unique “fingerprint” of a piece of data. While they scramble the data like encryption, they do not use a key for decryption. Their primary purpose is to verify data integrity, not confidentiality.

The cipher text should be completely opaque and should not provide any clues about the plain text. Only authorized/intended recipients who have the right key should have the ability to decrypt the cipher text and retrieve the original text.

To return to our overly simplified example (hello →lohel), “shifting the letters forward” represents the algorithm and “twice” or “two” represents the key used for that particular transformation.

Industry grade encryption algorithms must be unbreakable, even with the most powerful computers. A publicly known encryption algorithm is combined with a secret key to ensure strong encryption.

Publicly known encryption algorithms, such as AES and RSA, are used because they have stood the test of time in terms of strength and usability. The secret key can be a randomly generated set of characters.

There are two types of cryptographic encryption, symmetric encryption and asymmetric encryption.

Symmetric encryption uses a single shared key for both encryption and decryption. Both message sender and receiver must securely keep this key secret.

Asymmetric encryption uses two different keys for the encryption and decryption of data. Asymmetric encryption uses a pair of keys – a public key and a private key. The public key, like a lock on a mailbox, anyone can use to encrypt data. However, only the private key, like the corresponding mailbox key, can decrypt it. This offers enhanced security as the private key remains confidential.

Encryption finds its application in various scenarios, ensuring data confidentiality:

  • Data storage: Sensitive data like financial records and medical information are often stored encrypted on personal devices and servers. Even if attackers access storage, they’ll only see scrambled gibberish without the decryption key.

  • Data transmission: When sending confidential information over unsecure networks like the Internet, encryption protects it from eavesdropping. For example, HTTPS protocol uses encryption to secure online transactions and communication.

  • Email and messaging: Secure email and messaging services encrypt messages during transmission and storage, guaranteeing confidentiality even if intercepted.

  • Cloud storage: Cloud storage providers often offer encryption options to protect data uploaded to their servers.

Benefits of data confidentiality through encryption:

  • Prevents unauthorized access: Only authorized individuals with the key can decrypt and access the data, mitigating unauthorized data breaches and leaks.

  • Improves data privacy: Encrypted data remains private even if exposed, protecting sensitive information from prying eyes.

  • Boosts trust and security: Using encryption demonstrates a commitment to data security, building trust with users and partners.

Symmetric encryption

Symmetric encryption is an encryption scheme that encrypts and decrypts using the same secret key.

Here is a simple example of symmetric encryption.

hello →khoor

Using a rudimentary symmetric encryption algorithm of “pushing letters forward” and a secret key of 3, we converted the plain text hello to the cipher text khoor.

If we know the encryption algorithm and secret key used in the encryption process, we can apply them in reverse to decrypt khoor back to hello.

Here is another example.

66 →462 (66 x 7)

Here, a symmetric encryption algorithm of multiplication and a secret key of 7 were used. To decipher the text, we inverse the operation. We divide 462 by 7.

The key point here is that we used the same secret key to encrypt and decrypt the text or data.

The encryption algorithm is typically and ideally publicly known. So the strength of the encryption rests on the strength of the secret key. Longer and more random keys are considered more secure.

Here is a table of common symmetric encryption algorithms:

Algorithm

Key size

DES

56 bits

3DES

168 bits

AES

128 bits

AES192

192 bits

AES256

256 bits

2^bits value (key size) gives us the maximum possible combination of numbers for a given key. For example, 2^56 gives us 72,057,594,037,927,936 or 72 quadrillion different combinations. A 128 bit key gives us 340,282,366,920,938,463,463,374,607,431,768,211,456 different possible values (340 undecillion).

Asymmetric encryption

Asymmetric encryption uses different keys to encrypt and decrypt data.

Here is a simple example.

hello —asymmetric encryption (key = 5) →mjqqt

The plain text hello was encrypted with an asymmetric encryption algorithm of pushing letters forward and a secret key of 5.

To decrypt mjqqt, we push the letters forward 21 more times (let’s pretend there are only lower case letters in the alphabet, for a total of 26 possible characters).

mjqqt —asymmetric decryption (key = 21) →hello

This just demonstrates the basic idea of asymmetric encryption, that two different keys are used in encryption and decryption. In this example, moving letters backwards by 5 would decrypt the message, but in real asymmetric encryption attempting to reuse the secret key (applying it backward or forward) would only further scramble the message.

That said, our example demonstrates an important concept in asymmetric encryption: asymmetric keys are mathematically linked. What one key encrypts, only the other key can decrypt. In our example, if we used key 21 to encrypt hello, we can decrypt the cipher with a key of 5.

One of the key pair is private, never shared with anyone else. This is the private key. The other key is the public key, and it is public.

Every participant in asymmetric encryption has their own unique key pair. Each key can be used in different ways to achieve different security features.

Symmetric encryption vs asymmetric encryption

Why symmetric encryption is an ideal/a preferred choice for bulk data encryption:

  • In symmetric encryption, the cipher text is the same size as the plain text (original data).

  • The math involved in symmetric encryption is relatively simpler and less CPU resource intensive. So more data can be encrypted in less time with less CPU usage.

On the downside, symmetric encryption presents a “key exchange problem”, as the secret key must exist in two places, with the sender and with the receiver. Several solutions exist to the key exchange problem (how do we get the key securely from one party to the other?).

In the same vein, symmetric encryption is sometimes considered less secure than asymmetric encryption because of a higher exposure risk or higher attack surface.

The most significant benefit to using asymmetric encryption is that the private key never needs to be shared. Hence asymmetric encryption is regarded as more secure than symmetric encryption.

References

Ed Harmoush. (October 12, 2021). Confidentiality. Practical Networking.

Ed Harmoush. (October 12, 2021). Asymmetric Encryption. Practical Networking.

Ed Harmoush. (December 15, 2015). Symmetric Encryption. Practical Networking.

PreviousUnderstanding hash, digest, checksum, and fingerprintNextThe SSL/TLS handshake

Last updated