How many benefits has encryption brought to corporate security and beyond? At least $250 billion, according to the US Department of Commerce’s National Institute of Standards and Technology. It is the value produced, in terms of economic impact, by the development of its Advanced Encryption Standard (AES) over the last 20 years. The figure emerged from a study conducted by NIST .
The algorithm, used as a standard by the US government (we will talk about it later), is just one of the cryptographic tools used and which has made it possible to guarantee the security of public and corporate data of considerable importance.
Businesses can reduce the likelihood of a data breach if they choose to use encryption to ensure the privacy of personal data. The concept of encryption is explicitly mentioned as a possible technical and organizational measure to protect data also from the GDPR.
In the business context, a lot of data is private and sensitive. This requires security, which in turn requires encryption. In the cybersecurity world, cryptography is considered critical infrastructure, even referred to as the “backbone” of digital trust. It is how we can get more secure and robust connections to elevate our privacy.
Before explaining its importance, let’s find out what it is and how it works. We will thus discover that, although so important for the present era and even more in the future, it has a multi-millennial history that has its origins even from the ancient Egyptians.
What is encryption
Cryptography is the discipline of using mathematics to encrypt and decrypt data. It is part of cryptology , which in turn also includes cryptanalysis . The latter studies how to decrypt a message without being “authorized” and whose essential value is to make people understand how secure an encryption/decryption system is.
Encryption allows sensitive information to be stored or transmitted over insecure networks (such as the Internet) so that it cannot be read by anyone except the recipient. More specifically, it uses an algorithm and a cryptographic key and thus allows you to create the conditions of confidentiality of information otherwise prey to cyber criminals.
Furthermore, it can also be defined as the study of the protection of communications from external observers. It derives from the Greek crypto “hidden” and graphia “writing” and the meaning is clear: the encryption algorithms take the original message ( plaintext ), and convert it into encrypted text (ciphertext), not understandable to those who do not have to. The key allows the recipient user to decrypt the message, thus ensuring that they can read the message.
It focuses on four objectives:
- Confidentiality – Ensures that only the intended recipient can decrypt the message and read its contents.
- Non-repudiation – means that the sender of the message cannot go back in the future and deny his reasons for sending or creating the message.
- Integrity : Focuses on being able to be certain that the information contained in the message cannot be changed during storage or transit.
- Authenticity – Ensures that the sender and recipient can verify each other’s identity and the destination of the message.
There are some specific terms when dealing with encryption. When we talk about key we refer to the parameter of the encryption or decryption algorithm. With encryption algorithm we mean the one that allows to carry out substitutions and transformations on the clear text. Instead, the decryption one performs the reverse work of the encryption algorithm. Encryption security depends on the secrecy of the key rather than the secrecy of the algorithm.
The operating principle of cryptography is based precisely on the cryptographic algorithm, or cipher , an effective algorithm in combination with a key – word, number or phrase – to encrypt the clear text (i.e. the original message) and thus make it unintelligible to a intruder. The same plaintext encrypts itself in different ciphertexts with different keys. The security of encrypted data depends on the strength of the cryptographic algorithm and the secrecy of the key.
Two different types
Encryption can be divided into two types: symmetric (secret key) and asymmetric (public key) encryption.
Symmetric uses a single key to encrypt and decrypt data, making it the simplest form of encryption.
Asymmetric uses two keys to encrypt data. One is used for encryption, while the other key can decrypt the message. Unlike symmetric, if one key is used to encrypt, it cannot decrypt the message, rather the other must be used.
Symmetric encryption
Also known as secret key cryptography, symmetric cryptography involves using a single shared secret to share encrypted data between parties. More simply, the sender encrypts the data using a password, and the recipient must know that password to access the data.
The symmetric cryptographic algorithm uses the key in a cipher to encrypt data, and when the data needs to be accessed again, a person who is entrusted with the secret key can decrypt the data. Secret key encryption can be used on both data in transit and data at rest (at rest).
Asymmetric encryption
Public key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys, one public and one private, to encrypt and decrypt a message and protect it from unauthorized access or use.
Bitcoin and other cryptocurrencies are based on asymmetric cryptography. Users have public keys that anyone can see and private keys that are kept secret. Bitcoin uses a cryptographic algorithm to ensure that only the rightful owners can spend the funds.
An evolution of asymmetric is end-to-end encryption , used for example in Whatsapp messaging.
Many protocols rely on asymmetric encryption, including the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which make HTTPS possible.
Increasing data security is the main benefit of asymmetric encryption. It is the most secure encryption process because users should never reveal or share their private keys, thus decreasing the chances of a cybercriminal discovering a user’s private key during transmission.
When encryption is used
Encryption is used in many applications such as bank cards, computer passwords and electronic commerce transactions.
Its most important use in the “civil” field concerns the security of network communications.
It is also used for e-commerce, where data privacy is paramount. In this regard, the Secure Electronic Transaction (SET) should be mentioned, a system that guarantees the security and integrity of electronic transactions made with credit cards. SET is not a system that allows payment, but it is a security protocol applied to these payments. It uses various encryption techniques to secure internet payments made with credit cards. The SET protocol has been supported in its development by large organizations such as Visa or Mastercard.
Another important use of cryptography concerns the digital signature and authentication of documents, which has applications in public administration (e-government) and in general in the stipulation of contracts, in the presentation of forms, official documents, for example.
Some examples
Cryptography has examples dating back to the Egyptian civilization, in which the use of encrypted hieroglyphics is witnessed or, in Roman times, the Caesar cipher , one of the oldest cryptographic algorithms, has assumed great importance up to the present day. The same algorithms are still of significant importance today. The most common ones are the Advanced Encryption Standard ( AES ), an algorithm that has become standard by the US government and many organizations. While highly efficient in 128-bit form, AES also uses 192- and 256-bit keys for mission-critical documents. AES has replaced DES– Data Encryption Standard, the later Triple DES, which owes its name to the fact that in this block cipher the Data Encryption Standard is repeated, which uses three individual keys with 56 bits each.
Finally, we should mention the asymmetric cryptographic algorithm RSA, an acronym that recalls the initials of its inventors: the cryptographers Ronald Rivest, Adi Shamir and Leonard Adleman, who developed it in 1977 at MIT in Boston.
RSA is a public key encryption algorithm and the standard for encrypting data sent over the internet. It is also one of the methods used in PGP and GPG programs. Unlike Triple DES, RSA is considered an asymmetric algorithm due to its use of a key pair.
The prospects: post-quantum cryptography
One consideration of what the future evolution of cryptography will be has to do with quantum computers, a technology in its infancy today, but with enormous potential. In recent years, there has been a significant amount of research into these machines. If one day they are made on a large scale, they will be able to defeat many of the public key cryptographic systems currently in use. This would seriously compromise the privacy and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and that can interoperate with existing communication networks and protocols.
As NIST writes , in this regard, some engineers even predict that within the next twenty years, quantum computers will be built large enough to break essentially all public key schemes currently in use. “Historically, it has taken nearly two decades to implement our modern public key cryptographic infrastructure. Therefore, whether or not we can estimate the exact time of the arrival of the quantum computing era, we need to start preparing our cybersecurity systems now to be able to withstand quantum computing.”
The fears are concrete. A recent article on Forbes highlights the risks associated with the possibility of violating the cryptographic systems that protect bank accounts, but also military codes or other top secret information of extraordinary importance. $100 trillion (!) at risk: IBM reports that quantum computing will create new exposure risk as quantum computers can quickly solve the complex mathematical problems that underpin today’s security. Google allegedly speculated that quantum computing could “end cryptography” within five years.
