Encryption
What Is Encryption?
Encryption is the process of transforming readable data, called plaintext, into an unintelligible form, called ciphertext, using a mathematical algorithm and a key, such that only parties possessing the correct key can reverse the transformation and recover the original data. The practice is foundational to information security across computing, networking, and communications infrastructure. It protects data in transit over networks, data at rest in storage systems, and authentication credentials that verify the identity of communicating parties. Encryption is governed by two primary models: symmetric encryption, which uses the same key for both encrypting and decrypting, and asymmetric encryption, which uses a mathematically related key pair in which a public key encrypts and a private key decrypts (or vice versa for digital signatures).
The history of encryption extends from mechanical cipher machines used in the mid-twentieth century to the formal mathematical discipline of modern cryptography. Claude Shannon's 1949 paper "Communication Theory of Secrecy Systems" established the theoretical foundations for analyzing cipher security, and the development of public-key cryptography by Diffie, Hellman, Rivest, Shamir, and Adleman in the 1970s transformed encryption from a government and military specialty into a technology embedded in everyday computing.
Symmetric Encryption and Ciphers
Symmetric encryption uses a single shared secret key for both encryption and decryption. Block ciphers, which process fixed-size chunks of data, are the dominant form. The Advanced Encryption Standard (AES), standardized by NIST as FIPS 197 in 2001, operates on 128-bit blocks with key lengths of 128, 192, or 256 bits. AES is used pervasively in disk encryption, Wi-Fi security (WPA2 and WPA3), transport layer security (TLS), and many other protocols. Its security has remained intact through decades of cryptanalytic analysis. Stream ciphers, such as ChaCha20, encrypt data bit by bit or byte by byte and are favored in contexts where latency is a constraint, including mobile TLS implementations. The security of any symmetric cipher depends fundamentally on keeping the key secret and on using sufficiently long keys to resist brute-force search.
Asymmetric Encryption
Asymmetric encryption, also called public-key encryption, resolves the key-distribution problem inherent in symmetric systems by using mathematically related key pairs. RSA, developed in 1977, derives its security from the computational difficulty of factoring the product of two large primes. Elliptic-curve cryptography (ECC), which provides equivalent security to RSA at much shorter key lengths, has become the preferred choice for key exchange and digital signatures in constrained environments. The Elliptic Curve Diffie-Hellman (ECDH) protocol and the Elliptic Curve Digital Signature Algorithm (ECDSA) are standardized in NIST Special Publication 800-133r2 on cryptographic key generation and are deployed in TLS 1.3, secure shell (SSH), and code-signing infrastructure. In practice, asymmetric encryption is rarely used to encrypt bulk data because of its computational cost; instead, it is used to establish a shared session key that then drives a faster symmetric cipher for the actual data transfer.
Post-Quantum Cryptography
RSA and ECC derive their security from mathematical problems, specifically integer factorization and the discrete logarithm, that a sufficiently capable quantum computer could solve efficiently using Shor's algorithm. In response, NIST ran a multi-year evaluation of candidate post-quantum cryptographic algorithms and in 2024 finalized three standards based on different mathematical foundations: lattice-based and hash-based constructions that are believed to resist both classical and quantum attacks. The NIST Post-Quantum Cryptography standardization project documents the selected algorithms and the rationale for their selection, and the transition timeline for retiring vulnerable algorithms in federal and commercial systems.
Applications
Encryption is applied across virtually every domain in computing and communications, including:
- Securing data in transit over the internet via TLS and HTTPS
- Protecting stored data on laptops, mobile devices, and cloud storage
- Authenticating users and devices through digital certificates and signatures
- Securing financial transactions and electronic payment systems
- Protecting communications in virtual private networks (VPNs)
- Enforcing access control and rights management for digital content