# What is encryption?

Encryption is used to protect data from being stolen, changed, or compromised and works by scrambling data into a secret code that can only be unlocked with a unique digital key.

Encrypted data can be protected while at rest on computers or in transit between them, or while being processed, regardless of whether those computers are located on-premises or are remote cloud servers.

Google Cloud offers a variety of ways to encrypt data and protect an organization’s cryptographic keys. Learn more about key management, confidential computing, and Google Cloud’s security offerings.

## Encryption defined

At its most basic level, encryption is the process of protecting information or data by using mathematical models to scramble it in such a way that only the parties who have the key to unscramble it can access it. That process can range from very simple to very complex, and mathematicians and computer scientists have invented specific forms of encryption that are used to protect information and data that consumers and businesses rely on every day.

## How encryption works

Encryption works by encoding “plaintext” into “ciphertext,” typically through the use of cryptographic mathematical models known as algorithms. To decode the data back to plaintext requires the use of a decryption key, a string of numbers or a password also created by an algorithm. Secure encryption methods have such a large number of cryptographic keys that an unauthorized person can neither guess which one is correct, nor use a computer to easily calculate the correct string of characters by trying every potential combination (known as a brute force attack).

One early example of a simple encryption is the “Caesar cipher,” named for Roman emperor Julius Caesar because he used it in his private correspondence. The method is a type of substitution cipher, where one letter is replaced by another letter some fixed number of positions down the alphabet. To decrypt the coded text, the recipient would need to know the key to the cipher, such as shifting down the alphabet four places and over to the left (a “left shift four”). Thus, every “E” becomes a “Y” and so on.

Modern cryptography is much more sophisticated, using strings of hundreds (even thousands, in some cases) of computer-generated characters as decryption keys.

## Types of encryption

### The two most common types of encryption algorithms are symmetric and asymmetric.

Symmetric encryption, also known as a shared key or private key algorithm, uses the same key for encryption and decryption. Symmetric key ciphers are considered less expensive to produce and do not take as much computing power to encrypt and decrypt, meaning there is less of delay in decoding the data.

The drawback is that if an unauthorized person gets their hands on the key, they will be able to decrypt any messages and data sent between the parties. As such, the transfer of the shared key needs to be encrypted with a different cryptographic key, leading to a cycle of dependency.

Asymmetric encryption, also known as public-key cryptography, uses two separate keys to encrypt and decrypt data. One is a public key shared among all parties for encryption. Anyone with the public key can then send an encrypted message, but only the holders of the second, private key can decrypt the message.

Asymmetric encryption is considered more expensive to produce and takes more computing power to decrypt as the public encryption key is often large, between 1,024 and 2,048 bits. As such, asymmetric encryption is often not suited for large packets of data.

## Common encryption algorithms

### The most common methods of symmetric encryption include:

Data Encryption Standard (DES): An encryption standard developed in the early 1970s, DES was adopted by the US government in 1977. The DES key size was only 56 bits, making it obsolete in today’s technology ecosystem. That being said, it was influential in the development of modern cryptography, as cryptographers worked to improve upon its theories and build more advanced encryption systems.

Triple DES (3DES): The next evolution of DES took the cipher block of DES and applied it three times to each data block it encrypted by encrypting it, decrypting it, and then encrypting it again. The method increased the key size, making it much harder to decrypt with a brute force attack. However, 3DES is still considered insecure and has been deprecated by the US National Institute of Standards (NIST) for all software applications beginning in 2023.

Advanced Encryption Standard (AES): The most used encryption method today, AES was adopted by the US government in 2001. It was designed on a principle called a “substitution–permutation network” that is a block cipher of 128 bits and can have keys at 128, 192, or 256 bits in length.

Twofish: Used in both hardware and software, Twofish is considered the fastest symmetric encryption method. While Twofish is free to use, it’s not patented nor open source. Nevertheless, it’s used in popular encryption applications like PGP (Pretty Good Privacy). It can have key sizes up to 256 bits.

The most common methods of asymmetric encryption include:

RSA: Stands for Rivest-Shamir-Adelman, the trio of researchers from MIT who first described the method in 1977. RSA is one of the original forms of asymmetric encryption. The public key is created by the factoring of two prime numbers, plus an auxiliary value. Anyone can use the RSA public key to encrypt data, but only a person who knows the prime numbers can decrypt the data. RSA keys can be very large (2,048 or 4,096 bits are typical sizes) and are thus considered expensive and slow. RSA keys are often used to encrypt the shared keys of symmetric encryption.

Elliptic Curve Cryptography (ECC): An advanced form of asymmetric encryption based on elliptic curves over finite fields. The method provides the robust security of massive encryption keys, but with a smaller and more efficient footprint. For instance, a “256-bit elliptic curve public key should provide comparable security to a 3,072-bit RSA public key.” Often used for digital signatures and to encrypt shared keys in symmetric encryption.

## Importance of data encryption

People encounter encryption every day, whether they know it or not. Encryption is used for securing devices such as smartphones and personal computers, for protecting financial transactions such as making a bank deposit and buying an item from an online retailer, and for making sure messages such as email and texts are private.

If you’ve ever noticed that a website’s address starts with “https://” (the “s” means “secure”) it means that the website is using transport encryption. Virtual private networks (VPNs) use encryption to keep data coming and going from a device private from prying eyes.

Data encryption is important because it helps protect people’s privacy, and secures data from attackers and other cybersecurity threats. Encryption is often mandatory from a regulatory perspective for organizations such as in healthcare, education, finance and banking, and retail.

Encryption performs four important functions:

• Confidentiality: keeps the contents of the data secret
• Integrity: verifies the origin of the message or data
• Authentication: validates that the content of the message or data has not been altered since it was sent
• Nonrepudiation: prevents the sender of the data or message from denying they were the origin

### Protects data across devices

Data is constantly on the move, be it messages between friends or financial transactions. Encryption paired with other security functions like authentication can help keep data safe when it moves between devices or servers.

### Ensures data integrity

In addition to keeping unauthorized people from seeing the plaintext of data, encryption safeguards the data so that malicious actors cannot use it to commit fraud or extortion, or change important documents.

### Protects digital transformations

With more organizations and individuals using cloud storage, encryption plays a key role in protecting that data while it is in-transit to the cloud, once it is at rest on the server, and while it’s being processed by workloads. Google offers different levels of encryption, as well as key management services.

### Helps meet compliance requirements

Many data privacy and security regulations require strong encryption. That includes healthcare data with the Health Insurance Portability and Accountability Act (HIPAA), credit and debit card transactions with Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulations (GDPR), and retail transaction data with the Fair Credit Practices Act (FCPA).

### Ransomware

While encryption is generally used to protect data, malicious actors can sometimes use it to hold data hostage. If an organization is breached and its data accessed, the actors can encrypt it and hold it ransom until the organization pays to have it released.

### Key management

Encryption is much less effective if the cryptographic keys that encrypt and decrypt the data are not secure. Malicious actors often concentrate their attacks on obtaining an organization’s encryption keys. In addition to malicious actors, losing encryption keys (such as during a natural disaster that compromises servers) can lock organizations out of important data. This is why a secure key management system is often used by organizations to manage and secure their keys.

### Quantum computing

Quantum computing poses an existential threat to modern encryption techniques. When it is ready, quantum computing will be able to process massive amounts of data in a fraction of the time of normal computers. As such, quantum computing has the potential to break existing encryption. In the future, all organizations will have to adapt encryption techniques by using quantum encryption techniques. Currently, quantum computing is relatively limited and not yet ready to break modern encryption standards. However, NIST has announced their support of four new “quantum-resistant” algorithms that are designed to withstand quantum computer attacks.