Most books and articles on the topic of encryption are written for technical professionals who must use it or implement it in systems and code. They throw around words like cipher, key, algorithm, and initialization vector like they are common vocabulary to all. Interestingly, many technical professionals find it challenging to begin learning about encryption because of this pattern. While some useful books have been written for those starting from scratch, it seems the majority assume much and explain little in the way of foundations. For this reason, I decided to explain the terminology of encryption here in the simplest form possible and in as few words as possible. The goal? One thousand words or less, including this opening paragraph. Let’s get started.
Demystifying Encryption: A Simple Introduction
Encryption is the process of encoding information by one party so it can be decoded by the same or another party possessing the required knowledge. In most cases, this required knowledge includes an algorithm and a key. The algorithm is the “how” of the process. The key is the “what” of the process. We encrypt text or data through an algorithm (how) using a key (what).
So far, so good.
Understanding Encryption Algorithms: A Closer Look
The algorithm is nothing more than a character manipulation process, usually based on a mathematical operation. That was a fancy sentence. Let’s take it apart.
In computing, a character is a number, digit, letter, special character, or simply a binary value (some collection of ones and zeros). Ultimately, all “characters” are stored as binary values in a computer system today and, remember, binary simply means that we use only ones and zeros. So, our encryption algorithm must manipulate these characters in some way so that they are no longer what they were, and yet they can be recovered. This is the perfect scenario for a mathematical operation. How?
Exploring Algorithmic Manipulation in Encryption
Consider that we have the number 6, and we want to “encrypt” it so that we can share it with a friend. We may use the following algorithm:
6 * 2 + 4 * 2 = 12 + 8 = 20
Unlocking Encryption Keys: The Vital ‘What’ in the Process
Therefore, our encrypted value is 20. We can recover the original value because we know the algorithm:
(20 – 4 * 2) / 2 = 12 / 2 = 6
Now, this works, but the algorithm is simple and might be easily guessed. What if we introduce a key to the algorithm? That is, instead of using the number 2 in the above algorithms, we use a key, like this:
6 * k + 4 * k = c
Where k is the key and c is the resulting encrypted number. Let’s use a key of 4:
6 * 4 + 4 * 4 = 24 + 16 = 40
Can we decrypt it? Sure, the decryption algorithm will also use the key k:
(c – 4 * k) / k = p
Where p is the original number, and the actual decryption looks like this:
(40 – 4 * 4) / 4 = 24 / 4 = 6
So, we have seen the implementation of an algorithm based on a key. Now, I know what you’re thinking, “Tom, this will only work for numbers.” You are correct. Completely correct. And all data in computers are numbers. They are binary numbers, but they are numbers. The mathematical operations will look different when using binary math, but they are still numbers and a mathematical algorithm, and a key can still be used.
Encryption algorithms used in computers are more complex than what you’ve seen here; however, they use the same principles. They may add some processes such as rotation (moving numbers from one place to another) and multiple iterations (running an algorithm multiple times), but these extra steps are still mathematically related and are added to further obfuscate the original data and strengthen the cipher.
Now, let’s get a little more technically accurate. In encryption, a cipher is the implementation of an algorithm and, usually, a key that encrypts and decrypts data. The unencrypted data is called plaintext and the encrypted data is called ciphertext because it has been “ciphered” (encoded or enciphered by the cipher).
I used another phrase in the opening paragraph that I should define as well: initialization vector. An initialization vector is a random number used with the key in the encryption process. The initialization vector is used with the key to increase key length and strength and it is only used once. In network communications, the initialization vector is usually transmitted with the encrypted data so that the decryption process (on the receiving end) can use it with the key to decrypt the data. We say that we are salting the encryption process (think of it like adding salt to food. The flavor is stronger; the salt is used to add variability and strength to the encryption as well). The concept of a salt is used elsewhere in encryption, but we will not get into that here, because I’m running out of words.
Enhancing Cipher Strength: Key Considerations
To wrap up our simplified explanation of encryption, let’s consider the term strength. I have discussed actions taken to “strengthen the cipher” and “to add variability and strength” and it is important to know what strength means in the context of encryption. Encryption strength is a measure of the ability of the encryption to resist attacks. An attack against encryption is known as a cryptanalysis. One analyzes the ciphertext (and/or the encryption algorithm) to locate weaknesses that allow for the discovery of the key and/or the plaintext. A strong cipher is more resistant to cryptanalysis and a weak cipher is less resistant. Weaknesses can be related to key length (64 ones and zeros (64 bits) vs. 256 ones and zeros (256 bits), for example) and the algorithm. That is, the algorithm may have inherent flaws that allow the plaintext or key to be discovered regardless of how long the key is.
There you have it. Encryption simplified in less than 1000 words.Â
In today’s digital world, ignorance is a vulnerability. Equip your team with the essential cybersecurity knowledge they need to become your organization’s first line of defense. Don’t let a single click jeopardize your business. Enroll in the AACSP CyberSecure course today and empower your team to be the informed and empowered guardians of your company’s security.
