Symmetric encryption, also known as conventional encryption, secret-key, or single-key encryption, was the only encryption method used before the advent of public-key encryption in the late 1970s. It remains the most widely used type of encryption.
This chapter starts by examining a general model for the symmetric encryption process to understand the context in which these algorithms are applied. It then explores three key block encryption algorithms: DES, Triple DES, and AES. Following this, there is a discussion on random and pseudorandom number generation. Next, the chapter introduces symmetric stream encryption, highlighting the commonly used stream cipher RC4. Finally, it covers the important topic of block cipher modes of operation.
A symmetric encryption scheme consists of five components:
1. Plaintext: The original message or data input into the algorithm.
2. Encryption algorithm: This applies various substitutions and transformations to the plaintext.
3. Secret key: Input to the algorithm that determines the specific substitutions and transformations made.
4. Ciphertext: The scrambled message produced as output, dependent on both the plaintext and secret key. Different keys for the same message yield different ciphertexts.
5. Decryption algorithm: Essentially the encryption algorithm in reverse, it uses the ciphertext and the same secret key to reproduce the original plaintext.
The secure use of symmetric encryption requires two key elements:
1. A robust encryption algorithm that prevents an opponent, who knows the algorithm and has access to one or more ciphertexts, from deducing the plaintext or discovering the key.
2. Secure transmission and maintenance of the secret key by both sender and receiver. If the key is discovered, all communications using that key become readable.
The security of symmetric encryption relies on keeping the key secret, not the algorithm. This allows manufacturers to develop low-cost chip implementations of data encryption algorithms, which are widely integrated into various products. The main security concern is keeping the key confidential.
Cryptography
Cryptographic systems are classified along three dimensions:
1. Type of operations: Encryption algorithms are based on substitution, mapping each plaintext element to another element, and transposition, rearranging elements. These operations must be reversible.
2. Number of keys: Systems where the sender and receiver use the same key are referred to as symmetric or conventional encryption, while systems with different keys are called asymmetric or public-key encryption.
3. Plaintext processing: Block ciphers process input in blocks, producing an output block for each input block. Stream ciphers process input continuously, producing output one element at a time.
Cryptanalysis
Cryptanalysis aims to discover the plaintext or key. The strategy depends on the encryption scheme and available information. Cryptanalytic attacks are often categorized by the amount of information known to the analyst, with the most challenging scenario being when only ciphertext is available. Sometimes the encryption algorithm is unknown, but it is generally assumed that the opponent knows the encryption method. A brute-force attack, which involves trying all possible keys, may be used, but this is impractical if the key space is vast. Therefore, opponents often rely on statistical analysis of the ciphertext.
The most straightforward defense is against ciphertext-only attacks, where the opponent has the least information. Analysts may have more details, such as capturing plaintext and ciphertext pairs or identifying known plaintext patterns. A probable-word attack assumes the encryption of specific information, allowing the analyst to deduce the key more quickly. A chosen-plaintext attack is possible if the analyst can insert a message of choice into the system. Chosen ciphertext and chosen text are also possible attack avenues.
Only weak algorithms are susceptible to ciphertext-only attacks, and encryption algorithms are typically designed to withstand known-plaintext attacks. An encryption scheme is computationally secure if the cost or time required to break it exceeds the value or usefulness of the information.
Feistel Cipher Structure
Many symmetric block encryption algorithms, such as DES, use a structure described by Horst Feistel. It involves dividing the plaintext block into halves, passing them through multiple rounds of processing with subkeys to produce the ciphertext block. Each round includes substitution and permutation operations, with complexity enhancing security.
Key parameters in symmetric block cipher design include block size (larger for greater security), key size (greater for higher security), the number of rounds (more rounds equal increased security), subkey generation algorithm, and round function complexity.
Finally, for faster software encryption/decryption, ease of analysis is crucial to uncover any vulnerabilities. In symmetrical block ciphers, the decryption process mirrors encryption by using subkeys in reverse order. This requires only one algorithmic implementation for both purposes.
0 Comments