Encryption is the cornerstone of security and data privacy. Without it, every piece of information you share with anyone would be open for the whole world to see. The ability to share information in secret is built into modern society at every level, from your online passwords to your bank account data.

People have used encryption for thousands of years, but modern encryption methods use computer science to create codes that are nearly impossible to crack. Understanding how encryption works will help you ensure the privacy of the data you share with others.

The three main encryption schemes explained:

1. Encryption at rest

This encryption scheme applies to data stored on a device. In this scenario, encryption is implemented on the filesystem that stores the data. Anyone who tries to access the data will have to provide a decryption key to interpret it.

Three types of encryption at rest include file-level encryption, folder-level encryption, and drive-level encryption. Apple iPhones and Windows devices equipped with Bitlocker apply encryption to the entire disk partition, including the operating system, preventing unauthorized access to anything stored on the device.

2. Encryption in-transit

This encryption scheme refers to data being transferred between two nodes of a network. Both SMS messages sent over your mobile network and text messages sent through a messaging app are examples of data in-transit. SMS messages are not encrypted as they travel through the mobile network system, while most modern chat apps offer some level of encryption in-transit to users.

Under this scheme, data may still be accessible in an unencrypted form. Data in-transit encryption does not guarantee the data’s source or destination. If you send encrypted data from an encrypted device to an unencrypted destination, the data will not be secure once it arrives.

3. End-to-end encryption

In the end-to-end encryption scheme, a single encryption protocol protects data at its source, in transit, and at its destination. The data is inaccessible in its unencrypted form at any point. End-to-end encryption is the standard for reliable messaging security.

To build end-to-end encryption into a chat application, the developers must use public-private encryption to give every user a unique pair of encryption keys. This ensures that any messages sent between any two users on the platform remain encrypted.

Symmetric encryption vs. asymmetric encryption

There are two main types of encryption:

• Symmetric Encryption: One key is used for both encrypting and decrypting the data. Imagine using a key to lock and unlock a door. Both the sender and receiver need to share this key in secret.
• Asymmetric Encryption: This type of encryption uses a public key for encrypting the data and a private key for decrypting it. This makes it more like a mailbox. Anyone can drop a letter in the box using the public key, but only you can open it with the private key.

In general, symmetric encryption is faster and better suited for large volumes of data. Asymmetric encryption is slower but more secure, making it a good choice for high-security applications and verifying identities.

7 encryption techniques and how they work

AES encrypts 128-bit data blocks at a time and uses 128-bit, 192-bit, or 256-bit keys. Even with today’s fastest supercomputers, it would take at least a billion years to break a 128-bit AES encryption key using a brute force attack.

As one of the best-known and widely used encryption algorithms, AES is a common feature in:

• Secure file and application solutions
• Wi-Fi security
• VPNs
• Secure internet and communications protocols

2. Triple Data Encryption Standard (3DES)

The Triple Data Encryption Standard, sometimes shortened to Triple DES or 3DES, is also an enhanced version of the DES algorithm. First introduced in 1998, 3DES upgrades the original 56-bit key length and uses a total of three encryption rounds to secure data.

3DES was a popular and trustworthy technique for many years, but has been phased out in favor of AES. The original limitations of the DES encryption method it is based on have held it back. It is now possible to decrypt 3DES encryption using brute force methods supported by modern hardware.

Because of its security weaknesses, 3DES is no longer in wide use. Nevertheless, you may encounter it in older applications. Instead of switching 3DES for a more modern method, some organizations may simply add another encryption technique on top of 3DES for the sake of simplicity.

You may still find this encryption technique in use for:

• ATM pins
• UNIX passwords in legacy computer systems.
• Old payment systems used by banks and clearinghouses.

3. Rivest-Shamir-Adleman (RSA)

The Rivest-Shamir-Adleman algorithm uses asymmetric encryption. It encrypts data in-transit as it travels across the internet. RSA works by calculating using two large random prime numbers to generate a third large prime number. To decrypt the data, you must know what these numbers are. RSA encryption is secure because factoring large prime numbers is very difficult with modern computing technology.

RSA has some limitations. The process is resource intensive, which makes it run very slowly when encrypting large volumes of data. Security researchers are actively investigating whether new developments in quantum computing can break RSA encryption as well. If this happens, RSA will no longer be secure.

You may find RSA encryption on:

• Small documents accessed directly through your web browser.
• Files sent over email or messaging platforms.
• Some payment processors and financial service providers.

4. Blowfish

Blowfish is a symmetric encryption algorithm designed to replace the DES standard. It uses 64-bit block sizes and encrypts them individually with a variable length key of up to 448 bits.

This encryption technique is a good choice for use cases that require flexibility, speed, and resilience. It is available in the public domain, making it a popular foundation for other security applications and use cases.

Blowfish is commonly used on:

• Retail consumer applications and platforms.
• Password management systems, usually with additional development.
• Email data encryption tools.

5. Twofish

This symmetric encryption technique is an extension of Blowfish. It encrypts 128-bit data blocks, compared to the 64-bit blocks used by Blowfish. Twofish also utilizes a more complicated key schedule capable of encrypting data in 16 rounds regardless of how large the encryption key is. Like Blowfish, it is publicly available, but it’s much faster and easier to apply in a wide range of use cases.

Theoretically, Twofish can be more resistant to brute force attacks than AES encryption. However, the additional security comes at the cost of encryption speed. In most practical applications, the difference in security between Twofish and AES isn’t worth the additional overhead.

Since Twofish is highly secure and easy to implement, you can find it used in file and folder encryption apps. It’s widely used in hardware applications with access to significant computing resources, where its lower speed is less of an issue.

6. Format-Preserving Encryption (FPE)

As its name suggests, this algorithm retains the format and length of data during the encryption process. For example, if you encrypt a nine-digit Social Security Number using FPE, the encrypted version of the number will still have nine digits.

By comparison, a nine-digit number encrypted with 16-bit AES and encoded in Base64 would look like a random string of 24 characters. A ten-digit phone number would also look like a random string of 24 characters.

FPE is useful in contexts where data formats are important. If you want to anonymize business or healthcare data while still being able to process that data in an application, FPE allows you to do that. If you try to input a 24-character string in a web form asking for your phone number, it probably won’t be accepted.

This makes FPE useful for securing cloud management software and tools. Both Google Cloud and AWS use it to encrypt cloud data while keeping the data usable in a variety of contexts.

7. Elliptic Curve Cryptography (ECC)

This is a relatively new encryption method that uses a curve diagram to plot points that solve a complex mathematical equation. It produces shorter keys than other cryptography methods without compromising on security. This makes it an appealing option for building apps that require both speed and security.

Blockchain developers prefer using ECC because they often work with incredibly complex authentication chains. They must often manage these chains with limited computational resources, making ECC a popular choice for cryptocurrency development, NFTs, and Web3 technologies. You may also encounter ECC in modern web communication security and digital signatures.

What is the best encryption method for mobile messaging?

End-to-end encryption is the most important feature for secure mobile messaging. The technical differences between AES and other encryption techniques are less important for most users. If your encryption is complex enough to resist brute force attacks, it’s unlikely anyone will take the time to try.

Instead, they will look for other weaknesses to exploit. If your data is encrypted in-transit but stored on your device in an unencrypted format, attacking the device makes more sense. End-to-end encryption ensures that your data has the same level of security at every point it travels across.