Encryption

Encryption scrambles data so only someone with the right key can put it back. Unlike hashing, it's fully reversible — that's the point. Unlike encoding, the reversal is gated: without the key, the ciphertext is useless.

AES-GCM is the modern default, and the name is two pieces. AES — the Advanced Encryption Standard — does the actual scrambling. GCM— Galois/Counter Mode — wraps it with an authentication tag, a short check value that makes a wrong key or altered ciphertext fail loudly instead of quietly returning nonsense. We'll unpack both below.

Encryption is thousands of years older than computers. The whole history is a back-and-forth: someone invents a way to hide a message, someone else finds the pattern that gives it away.

1. ~50 BCE

   The Caesar shift

   Rome moves every letter a fixed number of places. Secret for exactly as long as nobody thinks to try the other 24 shifts.

2. 9th century

   Frequency analysis

   The polymath al-Kindi notices some letters appear more than others, and cracks any simple letter-for-letter substitution. Codes now have to be cleverer than the codebreakers.

3. 1553

   The Vigenère cipher

   A keyword changes the shift letter by letter. Dubbed le chiffre indéchiffrable — the unbreakable cipher — for three centuries, until Babbage and Kasiski broke it anyway.

4. 1940s

   Enigma

   Germany's rotor machine scrambles each keystroke differently. Bletchley Park — Turing among them — breaks it, and the line between cryptography and computing starts to blur.

5. 1976–77

   Public keys

   Diffie–Hellman, then RSA (named for its inventors Rivest, Shamir, and Adleman), crack the oldest problem: agreeing on a key with someone you've never met, over a line everyone can hear. Modern secure communication starts here.

6. 2001

   AES

   A worldwide competition picks the algorithm you used a moment ago. Two decades on, still no practical break.

Caesar's cipher is where it starts — shift every letter by a fixed amount. Try it:

Skip ahead two millennia. Underneath modern encryption is one humble operation: XOR (exclusive or). It compares two bits and returns 1 only when they differ. Its magic property is that applying the same value twice cancels out — p ⊕ k ⊕ k = p — so the same key both scrambles and unscrambles.

But XOR against a single fixed key is a toy: reuse the key and patterns leak straight through. AES's real job is to manufacture a flood of unpredictable, key-dependent material to XOR against — and to scramble the bits so thoroughly in between that the output looks random while staying perfectly reversible.

AES (the Advanced Encryption Standard) is a block cipher: it encrypts data in fixed-size chunks of 16 bytes at a time, not letter by letter. You hand it one block plus a key — 128, 192, or 256 bits long — and it hands back a scrambled block the same size.

The scrambling isn't a single step; it's a short recipe repeated many times. With a 256-bit key, AES runs 14 rounds, and each round does three jobs:

• Substitute. Every byte is swapped for another through a fixed lookup table called the S-box (substitution box). This breaks any simple relationship between key and output — what cryptographers call confusion.
• Mix. The bytes are shuffled and blended across the block, so touching one byte ripples into all the rest — diffusion.
• Add the key. A slice of key material for that round gets XOR'd in — the same XOR from above.

Confusion and diffusion (named by Claude Shannon in 1945) are the whole game. Confusion hides the key; diffusion spreads your data so thoroughly that flipping one input bit changes the entire block unpredictably — the same avalanche idea you met in hashing. After 14 passes there's no thread left to pull without the key.

One catch: that only encrypts a single 16-byte block. To cover a whole message you need a mode of operation that chains blocks together — and that's the GCM in AES-GCM (Galois/Counter Mode). It turns the block cipher into a stream so any length works, and computes the authentication tag that catches tampering or a wrong key.

In 1997 the US National Institute of Standards and Technology (NIST) ran a public, international contest to replace the aging DES (the Data Encryption Standard, the 1970s cipher then in use). Fifteen designs were submitted and attacked in the open by cryptographers worldwide. A Belgian design, Rijndael, won in 2001 and became AES. That openness is the point: nothing about it is secret, so there's nowhere to hide a backdoor.

It's also fast — and faster still in hardware, since modern CPUs run AES instructions natively. Your laptop encrypts at gigabytes a second, which is why it's everywhere: HTTPS, Wi-Fi, disk encryption, password managers, the demo on this page. Twenty-plus years of public attack later, there's still no practical break of full AES. “Industry standard” here means exactly that: open, fast, everywhere, and stubbornly unbroken.

Two families. Symmetric (like AES) uses the same key to lock and unlock — fast, good for data at rest and bulk traffic. Asymmetric uses a pair: a public key to lock, a private key to unlock, which solves “how do two strangers agree on a key over an open line?”

In practice they team up. HTTPS uses asymmetric encryption to swap a symmetric key, then switches to fast symmetric encryption for the rest of the conversation. The demo below is symmetric.

Encrypt with one key, then try to decrypt with another. Change the unlock key by a single character. The failure isn't a bug — it's the guarantee.

• HTTPS — every site you visit encrypts traffic in transit.
• Messaging — end-to-end encryption keeps even the provider from reading along.
• Files at rest — disk and database encryption protect data if a device is lost or stolen.