Encryption transforms readable data (plaintext) into an unreadable scrambled form (ciphertext) using a mathematical algorithm and a key. Only someone with the correct key can decrypt the ciphertext and recover the original message — making encryption the cornerstone of secure communication on the internet.
Why does encryption matter for GCSE computing?
Every time you log into a website, make an online payment, or send a message, encryption protects your data from eavesdroppers. The AQA, OCR, and Edexcel GCSE Computer Science specifications all require students to understand encryption principles, trace simple ciphers, and explain the difference between symmetric and asymmetric encryption. Understanding encryption also links directly to cyber security and networking topics in the same specifications.
What is the Caesar cipher?
The Caesar cipher is one of the oldest and simplest encryption methods. Each letter in the plaintext is shifted a fixed number of positions along the alphabet. The shift value is the key.
Worked example — encrypt "HELLO" with a shift of 3:
| Plaintext | H | E | L | L | O |
|---|---|---|---|---|---|
| Position | 8 | 5 | 12 | 12 | 15 |
| +3 | 11 | 8 | 15 | 15 | 18 |
| Ciphertext | K | H | O | O | R |
Result: HELLO → KHOOR
To decrypt, subtract the key: K (11) − 3 = 8 = H, and so on.
The Caesar cipher is symmetric: the same key (the shift value) is used for both encryption and decryption. It is trivially broken by trying all 25 possible shifts — known as a brute-force attack. More sophisticated classical ciphers (Vigenère, Enigma) use multiple keys or rotating mechanisms, but all classical ciphers have been superseded by modern methods.
What is the difference between symmetric and asymmetric encryption?
| Feature | Symmetric encryption | Asymmetric encryption |
|---|---|---|
| Keys used | One shared key for encrypt and decrypt | Two mathematically linked keys: public + private |
| Speed | Very fast | Slower (computationally expensive) |
| Key distribution problem | Both parties must securely share the key — how? | Public key is freely shared; private key is never shared |
| Example algorithms | AES (Advanced Encryption Standard) | RSA |
| Common use | Encrypting large amounts of data (bulk file encryption) | Establishing secure connections (HTTPS handshake, email) |
The key distribution problem is the fundamental weakness of symmetric encryption: if you want to send an encrypted message to someone, you first need to securely send them the key — but if you could do that securely, you might not need encryption in the first place. Asymmetric encryption solves this elegantly.
How does asymmetric (public-key) encryption work?
Asymmetric encryption uses a mathematically linked key pair:
- Public key — shared openly with anyone. Used to encrypt data.
- Private key — kept secret by the owner. Used to decrypt data encrypted with the matching public key.
Analogy: Think of the public key as an open padlock that anyone can use to lock (encrypt) a box. Once locked, only the person with the private key (the one who made the padlock) can open (decrypt) the box. You can give out thousands of copies of the open padlock — sharing the public key is safe.
In practice for HTTPS:
- Your browser requests a secure connection to a web server.
- The server sends its public key (embedded in its digital certificate).
- Your browser uses the public key to encrypt a randomly generated symmetric key.
- Only the server's private key can decrypt this — so the symmetric key is now shared securely.
- All further communication uses the much faster symmetric key.
This hybrid approach — asymmetric for key exchange, symmetric for bulk data — is how TLS (and therefore HTTPS) actually works.
What is a digital certificate?
A digital certificate binds a public key to the identity of the organisation that owns it. Certificates are issued by trusted Certificate Authorities (CAs) — organisations such as DigiCert or Let's Encrypt. When your browser sees a padlock icon, it has verified that:
- The server's public key certificate was signed by a trusted CA.
- The domain name on the certificate matches the address you are visiting.
- The certificate has not expired or been revoked.
A certificate that fails these checks triggers a browser warning. This prevents man-in-the-middle attacks, where an attacker intercepts traffic and substitutes their own public key.
What makes modern encryption hard to break?
The Caesar cipher has only 25 possible keys — easily brute-forced. Modern encryption derives its security from mathematical problems that are:
- Easy to do in one direction — multiply two large prime numbers together is fast.
- Computationally infeasible to reverse — factoring the product back into its prime components, when the numbers are hundreds of digits long, would take longer than the age of the universe on current hardware.
The key length (measured in bits) determines security. AES-128 (128-bit key) has 2¹²⁸ ≈ 340 undecillion possible keys — brute-forcing this is practically impossible. AES-256 (256-bit) is used where the highest security is required (government, military).
Frequently asked questions
What is the difference between encoding and encryption?
Encoding transforms data into a different format for compatibility or efficient transmission — for example, converting text to binary or Base64. It does not require a key and provides no security; anyone can decode it. Encryption specifically aims to conceal meaning from unauthorised parties and requires a key to reverse. A Base64-encoded string is not encrypted — it is merely encoded and can be decoded by anyone.
What does "end-to-end encryption" mean?
End-to-end encryption means that data is encrypted on the sender's device and only decrypted on the intended recipient's device. No intermediary — not the messaging platform, not the internet service provider, not a government agency — can read the content in transit. WhatsApp and Signal use end-to-end encryption by default. Standard email (without additional tools) is not end-to-end encrypted.
Why is a longer key more secure?
A longer key exponentially increases the number of possible values an attacker must try in a brute-force attack. A 1-bit key has 2 possibilities; a 128-bit key has 2¹²⁸ ≈ 3.4 × 10³⁸ possibilities. Even if an attacker could try a billion keys per second, cracking AES-128 would take approximately 10²¹ years. Key length is one of the most important factors in determining how long it would take to break encryption by brute force.
What is a man-in-the-middle attack?
A man-in-the-middle (MitM) attack occurs when an attacker intercepts communication between two parties without their knowledge. In a MitM attack on HTTPS, an attacker could attempt to substitute their own public key for the server's, then decrypt and re-encrypt traffic as it passes through. Digital certificates prevent this by providing a way to verify that the public key genuinely belongs to the claimed server, signed by a trusted third party.
For Socratic GCSE Computer Science tutoring on encryption, cyber security, and networks, visit aitutors.me.