What is the Best Encryption Algorithm?
According to IBM’s Cost of Data Breach Report 2020, the global average total cost of a data breach last year was $3.86 million, but you as an individual are safe, right?
Wrong. Just because you’re not a business doesn’t mean that you should neglect to secure your data and data encryption is one of the best ways to do this.
In this article, we’ll go over some of the most widely used encryption algorithms and try to determine what is the best encryption algorithm today, but before we do that, let’s take a quick look at what encryption is and how it works.
What is Encryption?
Encryption is a security tool one can use to protect sensitive data from being intercepted or read either while in transit or while stored.
Cisco defines encryption as “the process of converting or scrambling data and information into an unreadable, encoded version that can only be read with authorized access to the decryption key”.
From this, we can see that, unlike hash, encryption is a two-way process, consisting of encrypting, or scrambling data so that it becomes unreadable and then reverting that process through decryption to turn the scrambled text back into its original form.
For instance, a simple form of encryption would be using the numbers on your phone dial to spell out your name. Let’s take the name Brian as an example. In numerals that would be spelled as 2, 7, 4, 2, 6.
In this case, “Brian” is plaintext and “27426” is what we call “ciphertext”.
Of course, this type of encryption isn’t very secure and would be a child’s play to break as you already have a key to decode it, but with these next 7 encryption algorithms, cracking won’t be that easy.
7 Most Common Encryption Algorithms Today
First of all, encryption can be divided into two methods - symmetric and asymmetric.
Symmetric encryption uses only one key to encrypt/decrypt a message, like in the example above. This type of encryption is the older of the two (there are actually examples of encryption dating back to ancient times) and is faster, but less secure.
On the other hand, asymmetric encryption uses a pair of keys. In this case, the message is first encrypted using a public key by the sender, but can only be read after decrypting it with the private key that only the recipient has.
Both symmetric and asymmetric encryption use different encryption algorithms, so for example, symmetric encryption algorithms are DES, 3DES, AES, Blowfish, Twofish and IDEA, while asymmetric encryption algorithms are RSA and ECC.
Let’s take a look at each a little more.
DES, or Data Encryption Standard, was developed in 1976 by IBM and adopted by the US federal agencies a year later. Although today it is deprecated and replaced by AES as it is considered weak against brute force attacks, it does hold an important spot in history as it found itself included in TLS 1.0 and 1.1. TLS 1.2 already doesn’t use DES.
DES is a symmetric, block-type encryption algorithm that uses a 56-bit encryption key and converts 64-bit blocks of plaintext into two separate 32-block ciphertext and then encrypts each block separately.
3DES, or TDES, or Triple Data Encryption Standard, was created in the 1990s and was meant to replace DES.
The idea here is to keep the DES algorithm, but apply it three times for each block (hence “triple”), which would make it harder to crack.
However, its days are numbered as well as cybersecurity researchers Karthikeyan Bhargavan and Gaëtan Leurent discovered a vulnerability in 3DES, which they named Sweet32 vulnerability. Following this, the NIST (National Institute of Standards and Technology) announced the deprecation of 3DES in all new applications after 2023.
Despite this, 3DES is widely used in payment systems and the finance industry and is a part of the TLS, OpenVPN and more protocols.
AES, or Advanced Encryption System is a block-type symmetric encryption standard approved by the NIST in 2001 that was developed to replace DES/3DES.
AES works by first turning plaintext into blocks and then encrypting the blocks with the encryption key through several sub-processes (usually 10, 12, or 14) such as sub bytes, shift rows and add round keys.
Today AES is the most common encryption algorithm and we can “see” it in use in SSL/TLS protocols. WiFi and wireless security, VPNs, mobile app encryption and more applications.
Blowfish is another encryption algorithm that was created to replace DES. It is considered very fast, but as it uses a 64-bit block size (AES uses 128-bit blocks), it is vulnerable to birthday attacks, as demonstrated by the 2016 Sweet32 attack.
Blowfish can be found today in password management tools and secure e-commerce payment platforms.
Upon seeing the potential vulnerabilities in Blowfish, its creator Bruce Schneier created a new version of the algorithm that uses a 128, 192 and 256-bit encryption key and 128-bit blocks, called Twofish.
Since Twofish is based on the Feistel network, it is similar to DES and 3DES, but much more complex and secure. Contrary, AES uses substitution and permutation. Comparing the two, AES is more efficient and uses fewer rounds (10-14), while Twofish is fixed on 16 rounds.
Unlike the encryption algorithms we’ve listed so far, which are all symmetric, RSA is an asymmetric algorithm. It stands for Rivest Shamir Adleman which are the last names of the researchers who designed it.
The RSA uses 768, 1024, 2048 and 4096-bit encryption keys, although the 768-bit version is very rarely used today and the 2048-bit is considered the standard (CTemplar uses 4096-bit keys).
Because of this, RSA is today used in TLS/SSL certificates, email encryption and cryptocurrencies.
The ECC, or Elliptic Curve Cryptography is an asymmetric encryption algorithm based on the use of elliptic curve principles originally proposed by Neal Koblitz and Victor S. Miller in 1985 and the algorithm itself was first used in 2004.
The ECC uses much shorter keys than RSA. For instance, the equivalent to a standard 2048-bit RSA key would be a 224-255-bit ECC key. Because of this, ECC uses much less computational power and is faster, while at the same time retaining the security, making it very useful in Smartphones.
Encryption is the process of scrambling a readable plaintext into an unreadable ciphertext to anyone without the proper encryption key. Decryption is the process of reverting the ciphertext back into plaintext.
Encryption takes a plaintext like an email message and scrambles it into an unreadable format, “ciphertext” using an encryption key.
The only way the other side can read the original message is if they use a key to decrypt the message back into the original plaintext. This can be done either using the same key, like in symmetric encryption, or using a second, private or secret key, like in asymmetric encryption.
Encryption and decryption are performed on the Presentation Layer of the OSI Model along with Translation and Compression. The Presentation Layer makes sure that computers can interoperate and that data is understandable by the receiver.
Protecting your data is crucial if you want to avoid data theft, ransomware and hacking, but also if you care about Internet privacy. Fortunately, these encryption algorithms are there to keep your data secure.