Encryption algorithms are used everywhere, even though you might not realize it. They are used by WhatsApp to keep your messages private and your bank uses them to keep your life savings secure.
But how strong are they and what is the most secure encryption algorithm out there today?
Well, that’s exactly what I wanted to find out, so I did some research on the topic. Here’s what I found out.
In cryptography, the most secure encryption algorithm is the one-time pad (OTP), which cannot be cracked if used correctly. The OTP uses a new random key for each message that is encrypted, making it impossible to break the code by analysing a series of messages.
So, with that said, let’s look at the OTP in a little more detail and see how it works.
The One-Time Pad algorithm
The reason that the OTP is so strong is because each encryption is unique, so it can’t be compared to the next encryption or the one before it. So it is impossible to detect a pattern.
The problem is, if someone else wants to decrypt it, then they must have access to the same key that was used to encrypt the message.
So the problem then is, how you actually get that key to a third party safely and perhaps more importantly, how do you keep the key secure.
The key that is used in a one-time pad is called a secret key because, if it is revealed, then any messages that are encrypted using that key, can easily be decrypted.
One-time pads were used a lot in World War II and during the Cold War, however, due to the difficulty in keeping the keys secure, it is not used as often anymore and it is for this reason that public key cryptography was invented.
Check out the video below for a fantastic explanation of how the one-time-pad algorithm actually works.
What is encryption?
So you might be wondering what encryption is and what it actually means. So in a nutshell, encryption is basically a way to conceal information by altering it so that it appears to be complete gibberish.
Encryption is used everywhere to keep information secure and is essential in keeping information (such as credit card details and emails) secure on the Internet.
Encryption works by scrambling data so that only those that need to read the message can understand it.
Scrambling data in this way means that we convert plaintext into what is known as ciphertext.
Once the information is converted, it appears completely random so that only those with an encryption key can understand it.
An encryption key is basically a set of mathematical values that only the sender and the receiver of the message know.
So, although the message appears to be random, encryption happens in a logical way so that the key that was used to encrypt the message can also be used to decrypt it and so you can get the original message back as plaintext.
If the encryption method is secure enough, then it will be very difficult to decrypt the ciphertext by guessing (often using a brute force attack)
Encryption types
So now that we are clear on what encryption is, let’s look at a couple of encryption types:
RSA Encryption
RSA, which stands for Rivest–Shamir–Adleman, is what is known as an asymmetric algorithm.
What this means is that there are two keys involved and belongs under the banner of Public Key Cryptography.
In public key cryptography, one of the keys can be freely distributed to anyone, however the other key, must be kept private and secure.
The idea behind RSA and the reason why it is so secure, is that it relies on the fact that although it is easy to multiply large numbers, it is difficult to factorize them. And it is these large prime numbers that are used to generate the private keys.
As an example, if we multiply the numbers 56 and 32, the answer is 1792, but trying to find the factors of 1792 will take much longer.
In RSA, the public key is generated by multiplying two large prime numbers together, whilst the private key is generated using a different process, but using the same two prime numbers.
Anyone can have access to the public key and they can encrypt their message using this public key.
If the recipient wants to read the message, then they have to decrypt it using the private key and only then will they be able to read the original message.
If you don’t have access to the private key, then it will be very difficult to decrypt the message because of the practical difficulty involved in factoring large numbers into the product of two prime numbers.
Because of the inherent difficulty in breaking RSA, it is used everywhere from password exchange, banking, online shopping and is even used to ensure websites are legitimate.
“Encryption Blue with icon” by Infosec Images is licensed under CC BY 2.0
AES Encryption
The Advanced Encryption Standard (AES) is one of them most famous encryption algorithms and is used to keep a significant amount of our communications safe and is used in messaging apps that we use everyday such as WhatsApp.
AES is a symmetric block Cypher which basically means that blocks of a certain size are encrypted.
Stream cyphers on the other hand encrypt characters one at a time.
The symmetric part means that an identical key is used to encrypt the message and also decrypt the message.
AES was developed in the late 90s and was basically created to replace the Data Encryption Standard (DES) and also the Triple Data Encryption Standard (3DES).
The reason for replacing DES, was because it was based on a 56 bit algorithm which was no longer considered secure as computer processing power increased.
In order to replace DES, fifteen different cryptographic algorithms were proposed in a five year long process by the US government.
AES was actually submitted by a pair of Belgian cryptographers Vincent Rijmen and Joan Daemen which then became known as the ‘Rijndael proposal,’ from a mash of the two developer’s names.
AES is an open standard and was designed through transparency and was designed with the goal of ease of use for both the hardware and software standpoint.
Although AES was originally designed for the US government, it’s use is widespread. For example, it is used to keep file transfers private across the Internet via a HTTPS connection and it is also used to encrypt the Wi-Fi on your home router.
It is usually combined with the WPA2 protocol, so you might have seen the term AES/WPA2 on your router somewhere.
SSL encryption also uses AES to secure the transmission of data across the Internet.
Can encryption be broken?
Encryption is based on digital keys, which involve prime numbers.
The definition of a prime number is that they are only divisible by 1 and itself.
For example 5 and 7 are prime numbers, but 15 isn’t, because 15 can be divided by 3 and 5.
So we can think of 3 and 5 as keys, so when we multiply 3 and 5 we get 15. In other words, 15 is like a lock.
In this simple example only 3 and 5 unlock this encryption because 15 divided by 3 is equal to 5 without any remainder.
So in answer to the question “can encryption be broken?”, well yes it can as long as someone can find the prime number in other words the key.
With encryption algorithms these days we rely on big prime numbers but as processing capacity increases, sophisticated encryption algorithms could be broken in the future.
The other way to break encryption is if there is an internal mathematical flaw in the algorithm which one can analyse and exploit to break the encryption process.
What is end-to-end encryption?
So if you’ve ever used WhatsApp you have heard or seen end-to-end encryption.
So what does this actually mean?
Well end-to-end encryption basically means that no one one apart from you and the person that you’re communicating with can read the message.
So if you’re using WhatsApp which is secured with end-to-end encryption, then not even WhatsApp can read your messages.
Most companies don’t offer end-to-end encryption.
So for example if you send an email using a service that doesn’t support end-to-end encryption, such as Gmail or Hotmail, then because the company holds the encryption keys they can access the content of your messages.
This type of encryption is known as Transport Layer Encryption and the companies involved encrypt messages as they move across the Internet.
The key difference with WhatsApp though is that they do not actually possess the decryption key so it is a much stronger form of encryption.
Let’s have a look at a little example.
Traditionally, when we talk about encryption, we use the names Bob and Alice.
So say Bob and Alice are both using WhatsApp and let’s say that Bob wants to send a message to Alice.
Alice has a public key and a private key which are both related mathematically.
The public key can be shared with anyone but only Alice has the private key.
So the first thing that happens is that Bob uses Alice’s public key to encrypt his message. He turns “hello Alice” into ciphertext, which basically looks like scrambled random letters.
This message is now encrypted and it is sent over the Internet.
As the message is sent across the Internet it passes through multiple servers, including the servers that belong to the email service and servers belonging to Internet service providers.
Even though these companies could try to read the message it will be impossible to turn the ciphertext back into a message that is readable.
Only Alice can turn the cypher text back into plain text with her private key.
If Alex wants to reply to her message then she simply repeats the process and she will use Bob’s public key to encrypt her reply.
As I said before the public key can be shared with anyone who wants to encrypt a message, but the private key on the other hand which is used to decrypt messages that are sent to you never actually leave your device.
it’s a bit like a mailbox, in other words, anyone that has access to the public key can put something into your mailbox and lock it, but only you can unlock it with your own private key
The future of encryption
So what does the future hold for encryption?
Well even some of our strongest encryption algorithms could be rendered useless once quantum computers become more mainstream.
This is because quantum computers will be able to work out the prime numbers that are used for private keys.
So what are we doing about this?
Well researchers are currently working on quantum safe classical cryptographic algorithms. These are algorithms that can’t be cracked by quantum computers or classical computers (computers that we have today).
In parallel to that, other research is being carried out around Quantum Key Distribution (QKD). QKD doesn’t actually encrypt any user data at all, but it does allow users to securely distribute keys to each other which can then be used for subsequent encrypted communication.
Wrapping up
So in this article we have seen that the most secure encryption algorithm is the One Time Pad but it isn’t in widespread use because of the practicality involved in distributing the keys securely.
We have examined two alternative algorithms which are in widespread use today. These are AES and RSA.
These algorithms are ultra secure in the sense that they can’t be cracked in any reasonable amount of time using the current state of the art computers that we have today.
However, once quantum computers do become mainstream, algorithms such as RSA and AES will come under threat and that is why security experts are desperate to find ways to protect Our Data before it is too late.
