In part two of this video series, we will learn about what encryption is and how it is used to ensure data confidentiality. We had learned that encryption is used to ensure data confidentiality-- in other words, to keep data secret from others. Now we will look at encryption in more detail and see how it ensures data confidentiality. We will also look at some applications where encryption is used.

The components required to achieve encryption are an encryption algorithm, also called cipher, and a key. The image to the right of the screen shows how encryption achieves data confidentiality. The transmitter, called Bob in this image, passes a key, along with plain text to an encryption algorithm. The encryption algorithm generates seemingly random data, which is called cipher text. Bob transmits the cipher text to the receiver, called Alice in this image.

After receiving cipher text from Bob, Alice passes the cipher text and a key into the encryption algorithm to get back the original plain text. If the receiver does not have the necessary key, the data cannot be decrypted. So it will be very difficult for an eavesdropper to gain access to the cipher text to derive the original data without knowing the key. This helps in maintaining data confidentiality.

The process of converting plain text to cipher text is called encryption, and the process of converting cipher text to plain text is called decryption. Throughout this tutorial, encryption is sometimes used to mean both encryption and decryption. For example, encryption algorithm here means an algorithm that can perform both encryption and decryption. There are two types of encryption algorithms-- symmetric key encryption algorithm, also called private key encryption algorithm, and public key encryption algorithm, also called asymmetric encryption algorithm.

In symmetric key encryption, the same key is used for both encryption and decryption. Symmetric key encryption as shown in the image to the right of the screen-- here, the transmitter, Bob, passes plain text and the shared secret key to the encryption algorithm to generate cipher text. Bob then transmits this the cipher text to the receiver, Alice. After receiving cipher text from Bob, Alice passes the cipher text and the same shared secret key used by Bob to the encryption algorithm to get back the original plain text.

There are two types of symmetric key encryption algorithms, or ciphers. The first one is called stream cipher, which operates on one bit or byte of data at a time. The second type is block cipher, which operates on a block of data as a single unit. Some of the well known symmetric key encryption ciphers are advanced encryption standard, abbreviated as AES, data encryption standard, abbreviated as DES, and triple DES. Symmetric key ciphers are relatively fast, hence they are useful for encryption of both small and large messages. The main disadvantage of symmetry key cipher is that the shard key has to be exchanged securely.

Public key encryption uses two different keys-- public key, which is available to anyone, and private key, which is kept private. These keys are used in pairs-- one to encrypt, and the other to decrypt. It is not possible to decrypt a message with the same key that was used to encrypt it. The image to the right shows a simplified version of how public key encryption works to ensure data confidentiality.

Here, the public of receiver Alice is easily available to the transmitter, Bob, but the private key of Alice is available only to her. Bob passes plain text and Alice's public key to the encryption algorithm to generate cipher text. Bob then transmits the cipher text to the receiver, Alice. After receiving cipher text from Bob, Alice passes the cipher text and her private key to the encryption algorithm to generate back the original plain text. The advantage of public key encryption is that there is no need to send keys securely. This improves the security of the system, but public key encryption requires more processing and might not be feasible for encrypting large amounts of data, because of which, it is mostly used to encrypt small messages.

We have discussed how data confidentiality can be achieved by using the receiver's public key to encrypt data and private key to decrypt data, but public key encryption can also be used to achieve non-repudiation-- that is, the sender of the information cannot deny that the information was sent by it. The image on the right shows a simplified version of how public key encryption can be used to achieve an non-repudiation.

Here, the public key of transmitter, Bob, is easily available to the receiver, Alice, but the private key of Bob is available only to him. Bob passes plain text and his private key to the encryption algorithm to generate cipher text. Bob then transmits the cipher text to the receiver, Alice. After receiving cipher text from Bob, Alice passes the cipher text and Bob's public key to the encryption algorithm to get back the original plain text. If Alice is successful in decrypting the cipher text with Bob's public key, then Bob cannot deny sending the information, as he alone possesses the private key. Non-repudiation along with data integrity validation are required to implement digital signatures. Hashing algorithms, covered in part three of this video tutorial, provide means to validate data integrity.