## Encryption

*Encryption is a cryptographic process.*

It encodes data so that only authorized parties can read it. Encryption schemes use a cryptographic algorithm, called cipher, and a secret encryption key to transform original data, the plaintext, into encrypted data, the ciphertext. Ciphertext can be sent across insecure networks and stored on insecure or publicly accessible storage providers. Any authorized recipient in posession of the decryption key can at any time decrypt the ciphertext to obtain the original.

The practical security of every encryption scheme is based on the fact that an attacker cannot guess or calculate the decryption key or the original data in reasonable time with available resources. Each encryption algorithm is based on a mathematical problem that is considered extremely hard to solve today. Progress in algorithm research and computing power can, however, quickly obsolete entire families of algorithms.

Hence, it is reasonable to assume that confidentiality and integrity of encrypted data are only a temporary state. Before selecting an encryption scheme and key length you must think about how long your data needs protection.

The most secure encryption key would have to be as long as the plaintext. Since this is clearly impractial all modern encryption schemes internally derive an arbitrary long key sequence from the original encryption key and the output of a cryptographic random number generator. This allows most schemes to use keys shorter than 4096 bit. However, it also makes the effectiveness of an encryption scheme depend on multiple factors:

Keeping key material secret is an obligation of the end-user. Technology can help in making key management more intuitive and less error-prone. The quality of an encryption scheme can only be assessed when implementations of algorithms and random number generators are freely available for public scrutiny by security researchers. This is unfortunately often not the case for proprietary and closed source software, even by very large vendors. Open-source, even when products are still commercial, is necessary for establishing trust.

In a symmetric-key scheme the keys for encryption and decryption are identical. Symmetric schemes are simple and fast (an implemenation can reach higher throughputs when encrypting and decrypting). However, all parties need to secretly exchange the symmetric key first and safely store it. The mere existance of such a shared secret is often undesired since it increases the attack surface. Today, the majority of deployed encryption built into other protocols is symmetric, such as WPA encryption in WLANs, transport encryption in TLS and encryption used in Digital Rights Management systems.

Public-key encryption, sometimes called asymmetric key encryption, is an encryption scheme that uses two related keys, a public key which can be published openly and a private key which is kept secret by its owner. Data encrypted with the public key can only be decrypted using the related private key and vice versa. Generating key pairs is computationally simple. Obtaining the private key from any ciphertext in combination with the public key is extremely hard, even when an attacker is in possession of the plaintext.

Public-key encryption opens up some interesting use cases:

(1) Message Encryption: a third party can encrypt a message with the public key of a recipient, while only the recipient is able to read it, thus protecting confidentiality and integrity.

(2) Digital Signatures: an author can encrypt a message or a cryptographic checksum of the message (HMAC digest) with her private key, while everyone else is able to verify the authenticity and integrity of the message, simply by decrypting the ciphertext with the available public key of the sender.

This assumes every communication party in a public-key system owns an individual key-pair and all public keys are published somewhere. The tricky part is to ensure everyone can trust a public key's identitiy, i.e. that it really belongs to a particular person or organization. This issue can be solved either by direct mutual verification of key fingerprints (used in PGP) or by employing a central agent as mutually trusted authority who creates digitally signed certificates for keys that everyone can check (as done by TLS and X509 certificates).

Public-key encryption is a fundamental part of many secure protocols and applications today. Because asymmetric encryption is computationally more complex than symmetric encryption, it is in practice mostly used for small messages such as emails (PGP) and for transferring symmetric keys at the start of a communication session (TLS).

Always be careful when using obscure or very new algorithms. Never use security software implemented by people who are no experts in security.

The practical security of every encryption scheme is based on the fact that an attacker cannot guess or calculate the decryption key or the original data in reasonable time with available resources. Each encryption algorithm is based on a mathematical problem that is considered extremely hard to solve today. Progress in algorithm research and computing power can, however, quickly obsolete entire families of algorithms.

Hence, it is reasonable to assume that confidentiality and integrity of encrypted data are only a temporary state. Before selecting an encryption scheme and key length you must think about how long your data needs protection.

Algorithms considered to be secure as of 2016 are AES, ElGamal, Blowfish, and RSA (the latter with keys >= 2048 bit). Algorithms known to be broken and insecure to use are RC4, DES, IDEA.

**Security of encryption schemes**The most secure encryption key would have to be as long as the plaintext. Since this is clearly impractial all modern encryption schemes internally derive an arbitrary long key sequence from the original encryption key and the output of a cryptographic random number generator. This allows most schemes to use keys shorter than 4096 bit. However, it also makes the effectiveness of an encryption scheme depend on multiple factors:

- the secrecy of the decryption key
- the cryptographic strength of the employed encryption algorithm
- the cryptographic quality of the random number generator
- sometimes also the length of the encryption key

Keeping key material secret is an obligation of the end-user. Technology can help in making key management more intuitive and less error-prone. The quality of an encryption scheme can only be assessed when implementations of algorithms and random number generators are freely available for public scrutiny by security researchers. This is unfortunately often not the case for proprietary and closed source software, even by very large vendors. Open-source, even when products are still commercial, is necessary for establishing trust.

Advice for end-users: Always keep your security software up-to-date. Change your keys after every update that fixes a critical weakness and re-encrypt your data (if it is still worth protecting).

**Symmetric-key encryption**In a symmetric-key scheme the keys for encryption and decryption are identical. Symmetric schemes are simple and fast (an implemenation can reach higher throughputs when encrypting and decrypting). However, all parties need to secretly exchange the symmetric key first and safely store it. The mere existance of such a shared secret is often undesired since it increases the attack surface. Today, the majority of deployed encryption built into other protocols is symmetric, such as WPA encryption in WLANs, transport encryption in TLS and encryption used in Digital Rights Management systems.

**Public-key encryption**Public-key encryption, sometimes called asymmetric key encryption, is an encryption scheme that uses two related keys, a public key which can be published openly and a private key which is kept secret by its owner. Data encrypted with the public key can only be decrypted using the related private key and vice versa. Generating key pairs is computationally simple. Obtaining the private key from any ciphertext in combination with the public key is extremely hard, even when an attacker is in possession of the plaintext.

Public-key encryption opens up some interesting use cases:

(1) Message Encryption: a third party can encrypt a message with the public key of a recipient, while only the recipient is able to read it, thus protecting confidentiality and integrity.

(2) Digital Signatures: an author can encrypt a message or a cryptographic checksum of the message (HMAC digest) with her private key, while everyone else is able to verify the authenticity and integrity of the message, simply by decrypting the ciphertext with the available public key of the sender.

This assumes every communication party in a public-key system owns an individual key-pair and all public keys are published somewhere. The tricky part is to ensure everyone can trust a public key's identitiy, i.e. that it really belongs to a particular person or organization. This issue can be solved either by direct mutual verification of key fingerprints (used in PGP) or by employing a central agent as mutually trusted authority who creates digitally signed certificates for keys that everyone can check (as done by TLS and X509 certificates).

Public-key encryption is a fundamental part of many secure protocols and applications today. Because asymmetric encryption is computationally more complex than symmetric encryption, it is in practice mostly used for small messages such as emails (PGP) and for transferring symmetric keys at the start of a communication session (TLS).