- What are Encryption and Decryption?
- Importance of Encryption
- Benefits of Encryption
- What is Cryptography?
- What is End to End Encryption?
- How does encryption work?
- What are the different types of encryption?
- What is an Encryption algorithm?
- What is an Encryption Protocol?
- Disadvantages of Encryption
- How to break encryption?

We live in the digital era, where our worlds spin digitally, and we tend to share our personal information over the internet. It’s time to understand that it’s pretty dangerous since hackers can misuse** **this data for various purposes. Hackers** **can eavesdrop on the conversation between different parties to gain sensitive information. Let’s decipher what encryption and decryption are all about in detail.

**What are Encryption and Decryption?****Importance of Encryption****Benefits of Encryption****What is Cryptography?****What is End to End Encryption?****How does encryption work?****What are the different types of encryption?****What is an Encryption algorithm?****What is an Encryption Protocol?****Disadvantages of Encryption****How to break encryption?**

**What are Encryption and Decryption?**

**Encryption**

Encryption is the process of securing digital data using mathematical techniques with the help of a key used to **encrypt **and **decrypt** the data.

**The encryption key** is the heart and soul of the encryption process, a string of characters generated based on various encryption algorithms. Encryption is the process of converting **plaintext** into **Ciphertext.**

Plain text is data in a readable format, and Ciphertext is data in an unreadable format.

Encrypted data is called Ciphertext, whereas unencrypted data is called plain text.

**Decryption**

**Decryption** is the method of converting cipher text into plain text. The reverse process of encryption is carried out using decryption keys.

**Importance of Encryption**

Encryption protects private information and sensitive data between the client and the server.

Encryption focuses on **Confidentiality, Integrity, Non-repudiation, and Authentication**.

**Confidentiality –**Confidentiality ensures that only the intended receiver can understand the information.- Integrity ensures that no one alters confidential information without detecting the change.
**Non-repudiation –**Non-repudiation ensures that the information creator cannot deny their information creation and transmission intent.**Authentication –**Authentication ensures that the sender and receiver confirm their identity to each other with the origin and destination of the information.

**Benefits of Encryption**

- Protects the privacy of data and identity
- Protects sensitive data in lost devices from being misused by hackers
- Easy and cheap to implement
- Ensures integrity of data

**What is Cryptography?**

**Cryptography** is the study of techniques for secure communication between sender and receiver. Cryptography is also known as **Cryptology**.

Cryptography is derived from the Greek word Kryptos, meaning “**hidden**,” and graphein meaning “**to write**.”

The significant difference between **Encryption and Cryptography** is that encryption is the technique of securing sensitive data from hackers. In contrast, Cryptography studies techniques for securing sensitive data from hackers.

**What is End to End Encryption?**

**End-to-end encryption** secures a communication network from third parties while data is transferred from one device to another.

WhatsApp is the best example that implements end-to-end encryption.

**How does encryption work?**

Let’s understand in detail what encryption is all about.

For example, consider Reena as the sender and Veena as the receiver.

Reena wants to message “hello” to Veena, where “hello” is the plain text and consistently represented in lowercase letters, whereas **Ciphertext** is represented in uppercase letters.

Reena’s message “hello” is passed through an encryption algorithm where the plain text is converted into Ciphertext. The receiver, Veena, can only decrypt the Ciphertext if she has the decryption key. The key distribution center distributes the decryption key, and the key is known only to the sender, Reena, and the receiver, Veena.

The **encryption key** and the **decryption key** can be the same and different.

**What are the different types of encryption?**

**Symmetric Encryption**

It is a type of encryption that uses the **same secret key** for encryption and decryption.

**Symmetric encryption** is also known as **secret key encryption**.

A few popular symmetric encryption algorithms are **Twofish, Blowfish, DES, Triple-DES, AES,** etc.

Symmetric encryption is fast and efficient when compared to Asymmetric Encryption.

Symmetric encryption is categorized as **Block cipher **and** stream cipher.**

**Block cipher**

In **Block cipher**, blocks of plain text are converted into blocks of Ciphertext.

**The block size** depends on the algorithm, but it shouldn’t be too large or small. It should be multiples of eight, and it usually processes 64 bits or more.

**Block cipher **is simple but slower when compared to a stream cipher.

**Stream cipher**

In**-Stream cipher**, one byte of data is converted at a time from plain text to Ciphertext.

It processes 8 bits of data at a time.

**Asymmetric Encryption**

It is a type of encryption that uses **a public key and a private key for decryption**.

**Asymmetric encryption** is also known as **public-key encryption**.

In Asymmetric Encryption, two keys are involved. One is a public key known to all, and the other is the private key known only to the owner. The public key and the private key should be connected.

*Also Read: Cryptography Tutorial*

**What is an Encryption algorithm?**

An encryption algorithm is a mathematical procedure used to encrypt data. Encryption algorithms prevent data fraud and are usually a part of a company’s risk management protocols.

Few popular encryption algorithms are:

**Triple-DES Algorithm****RSA Algorithm****AES Algorithm****Blowfish Algorithm****Twofish Algorithm**

**Triple-DES Algorithm **

**The Triple-DES** algorithm is also known as **TDES.**

TDES stands for triple data encryption standard. It is a symmetric key block cipher.

In triple DES, the DES cipher is applied thrice to each data block. The critical size of the DES cipher is 56 bits.

The DES cipher was susceptible to brute force attack, but developing a new algorithm would consume more money and time, so the existing algorithm was modified by increasing the critical size. That’s when triple DES came into the picture.

The critical size of triple-DES is 112 or 168 bits.

There are two types of triple-DES algorithms.

**Triple DES with 2 keys****Triple DES with 3 keys**

When two keys are used, the key size is 112 bits. When three keys are used, the key size is 168 bits. The block size of triple-DES is 64 bits.

When two keys are used, the security of triple-DES is 2112.

When three keys are used, the security of triple-DES is 2168.

Triple DES is more secure but slower when compared to DES.

**P represents plain text, and C represents Ciphertext**.

**DES cipher** represents the encryption algorithm.

Initially, consider 64-bit plain text. The **64-bit plain text **is passed through an encryption algorithm where **key K1 **is applied. When the plain text is passed through an encryption algorithm, we get a ciphertext which is again passed through a decryption algorithm.

DES reverse cipher represents a decryption algorithm.

At this stage, **key K2** is applied.

So, when the Ciphertext is passed through a decryption algorithm, we get back the plain text. This plain text is then passed through an encryption algorithm. At this stage, we use the **same key K1** used initially. We get a ciphertext when the plain text is passed through an encryption algorithm. In the end, we get a 64-bit ciphertext.

**P represents plain text, and C represents Ciphertext. **

**DES cipher** represents the encryption algorithm.

Initially, consider **64-bit plain text.**

The 64-bit plain text is passed through an encryption algorithm. At this stage, **key K1** is applied.

We get a ciphertext when the plain text is passed through an encryption algorithm. This Ciphertext is passed through a decryption algorithm.

DES reverse cipher represents a decryption algorithm.

At this stage**, key K2 **is applied.

So, when the Ciphertext is passed through a decryption algorithm, we get back the plain text. This plain text is then passed through an encryption algorithm. At this stage, we use the **key K3**.

We get a ciphertext when the plain text is passed through an encryption algorithm.

In the end, we get a **64-bit ciphertext**.

**RSA Algorithm**

The acronym **RSA** is derived from its designers, **Ron Rivest, Adi Shamir, and Leonard Adleman.**

It is one of the oldest asymmetric cryptographic algorithms.

This algorithm is used to encrypt and decrypt messages using a public and a private key.

The RSA algorithm includes four steps:

**Key generation****Key distribution****Encryption****Decryption**

**Key generation**

- Let us consider
**two large prime numbers, p and q**. It is better to consider large prime numbers instead of small prime numbers. If you consider small prime numbers, the public and private keys will be the same. **Calculate the value of n:**

n=p*q

n represents the modulus for encryption and decryption

**Calculate Ф(n)**

Ф(n)=(p-1)*(q-1)

Ф(n) represents Euler’s totient function

**Calculate the value of e and d**

e represents encryption and d represents decryption

gcd(e,Ф(n))=1; 1<e<Ф(n)

d≡e-1(mod(Ф(n))

d*e modФ(n)=1

Public key={e,n}

Private key={d,n}

**Key distribution**

Let’s understand what key distribution is with the help of an example.

Suppose Reena wants to send a message to Veena using the RSA algorithm; before Reena can encrypt the message, she should know Veena’s public key. Only after Reena receives Veena’s public key will Reena be able to encrypt the message. At the same time, Veena will be able to decrypt the message only using the private key. The private key of Veena is never distributed, whereas the public key of Veena is transmitted to Reena before Reena can encrypt the message.

**Encryption**

** **At this step, plain text is converted into Ciphertext.

**c=me mod n; m<n**

c represents Ciphertext, and m represents plain text.

**Decryption**

** **At this step, Ciphertext is converted into plain text.

** m=cd mod n**

m represents plain text, and c represents Ciphertext.

**AES Algorithm**

**AES** stands for Advanced encryption standard. AES algorithm is also known as **Rijndael**. It converts blocks of **128-bit plain text **into **Ciphertext** using keys of **128,192, and 256 bits**.

This is one of the most popular symmetric encryption algorithms.

**Triple DES replaced the DES cipher**, but it was comparatively slower. So, the AES algorithm was designed, which is super fast compared to triple DES.

**The US National standards and technology established the AES algorithm** in 2001 to encrypt electronic data.

AES algorithm is based on a substitution permutation network.

A substitution permutation network is a series of mathematical operations used in symmetric encryption algorithms. The **block size in AES is 128 bits**, and the **key sizes** are **128,192 and 256 bits.**

The number of rounds depends on the critical size.

**One hundred twenty-eight bits means 10 rounds.**

**One hundred ninety-two bits means 12 rounds.**

**Two hundred fifty-six bits means 14 rounds.**

**Blowfish Algorithm**

**The blowfish Algorithm** is an alternative to the DES algorithm.

It is an asymmetric encryption algorithm that is fast and efficient compared to the DES algorithm.

The **block size is 64 bits**, and the **critical size** varies from **32 bits to 448 bits**.

There are **18 subkeys,16 rounds, and 4 substitution boxes**.

**The substitution box **is responsible for confusion between plain text and Ciphertext.

One of the significant advantages of the blowfish algorithm is that it is unpatented and can be used by anyone.

Blowfish algorithm is used in password management, operating systems, backup tools files, and disk encryption.

**Twofish Algorithm**

**Twofish algorithm** is a symmetric key block cipher.

It is suitable for both software and hardware environments.

Twofish algorithm was a finalist to become the industry standard for encryption, but it lost to the AES algorithm due to its slower speed.

One distinct feature of the Twofish algorithm is that it has pre-computed **key independent S boxes.**

The **critical sizes** in the Twofish algorithm are** 128,192, and 256 bits**. The **block size is 128 bits** with **16 rounds**.

**What is an Encryption Protocol?**

**Encryption protocols** are security protocols used along with encryption algorithms to secure data efficiently.

Few popular encryption protocols are

**TLS/SSL****IPsec****SSH****PGP**

**TLS/SSL**

**TLS **stands for **Transport layer security**, and **SSL** stands for **secure sockets layer**.

TLS is an upgraded version of SSL.

It is one of the most popular and secure encryption protocols.

The HTTPS in the URL indicates that the website is secured using TLS/SSL protocol, whereas HTTP indicates that the website is not secure. TLS/SSL doesn’t perform the encryption process alone, and it uses encryption algorithms such as RSA encryption, AES encryption, etc., to encrypt the communication.

TLS includes two layers, and they are:

**Handshake protocol****Record protocol**

**Handshake protocol**

**The handshake protocol**is used to initiate the communication between client and server. The client and server authenticate each other, choose an encryption algorithm and generate a shared key using public-key encryption.

**Record protocol**

**Record protocol**secures the data packet transferred between the client and the server using the shared keys generated during the handshake protocol.

**IPsec**

**IPsec**stands for**internet protocol security.**- It is commonly used in
**VPN**. VPN stands for**the virtual private network**. As the name suggests, it is a secure private network for sending data into a network via an internet connection. - VPN hides the user’s IP address and redirects to the server where the VPN host handles it.
**IPsec**uses encryption algorithms such as triple DES encryption, AES encryption, etc.**IPsec**is fast and easy to implement.

IPsec is implemented in two modes, and they are:

**Tunnel mode****Transport mode**

**Tunnel mode **

- In
**Tunnel mode**, payload and header are encrypted and sent in a new packet with another header.

**Transport mode**

- In
**Transport mode**, only the payload is encrypted and not the header.

**SSH**

**SSH** stands for **secure shell**. The working of SSH is similar to that of VPN. In SSH, an encrypted tunnel is created to transfer files.

SSH works at 3 different levels, and they are:

**Transport level****User authentication level****Connection level**

**Transport level**

- The
**Transport level**is responsible for establishing a secure connection between two parties, authenticating the two parties, and encrypting the data.

**User authentication level **

- At the
**User authentication level**, the client authenticates its identity using the authentication method specified by the server at the transport level.

**Connection level**

**The connection level**handles all the connections between server and client.

**PGP**

- Its actual name is
**OpenPGP**. PGP stands for**pretty good privacy**. - It is used with algorithms such as RSA, TRIPLE DES, AES, Twofish, etc.
- It allows the users to encrypt the data and digitally sign over it to ensure that it is authenticated. It also ensures integrity.
**PGP**is mainly used to secure confidential email information.

**Disadvantages of Encryption**

Every topic has its pros and cons. Similarly, encryption has its disadvantages.

Encryption protects confidential data from hackers, but it might also sometimes prevent the data owner from accessing it.

One of the significant disadvantages of encryption is **key management**.

**Key management** should be done efficiently as Encryption and decryption keys cannot be compromised, which might invalidate the data security measures taken.

**Key management**

Key management is fundamental to data security, and it is the process of setting up standards to secure encryption and decryption keys in an organization.

Key management includes the creation, deletion, storage, and exchange of keys.

**How to break encryption?**

There are various methods to break encryption, such as **brute force attack,side-channel attack, and cryptanalysis.**

**What is a Brute force attack? Is encryption?**

**A brute force attack** is made to damage an organization’s reputation or to steal confidential information.

A brute force attack is a **trial and error procedure** used by hackers to crack passwords and encryption keys to gain unauthorized access.

One of the most significant advantages of brute force attack is that it is easy to implement, and its disadvantage is that it is slow.

Brute force attacks can be prevented by increasing the strength of passwords by using multi-factor authentication and limiting failed login attempts.

**Multi-factor authentication** is the process of authenticating the user at multiple steps.

A few types of Brute force attacks are **simple brute force attacks, hybrid brute force attacks, reverse brute force attacks, and credential stuffing.**

A few popular tools used in brute force attacks are **NL Brute, RainbowCrack, THC Hydra, Hashcat, Aircrack-ng.**

**What is a Side-Channel attack?**

In **a Side-channel attack**, the cipher isn’t attacked directly, and the attack is based on the information collected during implementation.

This attack occurs when there is a flaw in system design or program execution.

Few types of side-channel attacks are **Electromagnetic, Acoustic, Power, Optical, Timing, Memory cache, Hardware weaknesses.**

**What is Cryptanalysis?**

**Cryptanalysis** is identifying weaknesses in a cipher to attack the cipher.

A few types of Cryptanalytic attacks are:

- Known-plaintext
**attack.** **Ciphertext only attacks.****Chosen plain text attack.****Differential cryptanalysis attack.****Integral cryptanalysis attack.****Dictionary attack.****Man-in-the-middle attack.**

A few popular tools used in Cryptanalysis are **CrypTool, EverCrack, Cryptol, AlphaPeeler, CryptoBench.**