Hello everyone, it’s gutsytechster !!
Today, I am going to share an interesting concept of encryption with you all. So get ready with your curiousness and start reading.
Cryptography is probably the most important aspect of communication security and is becoming increasingly important as a building block of network security. By far the most important tool for cryptography is encryption. The two common forms of encryption in use are: conventional or symmetric encryption and public key or asymmetric encryption.
Before beginning we define some terms:
- Plaintext: The original intelligible message is plaintext.
- Ciphertext: The coded message is the ciphertext.
- Encryption: The process of converting from plaintext to ciphertext is known as enciphering or encryption.
- Decryption: The process of converting from ciphertext to plaintext is known as deciphering or decryption.
- Cipher: An algorithm used for transforming the intelligible message into an unintelligible message is known as cryptographic system or cipher.
- Key: Some critical information used by the cipher, known only to the sender& receiver.
The extraction of plaintext from ciphertext without knowledge of enciphering details falls into the category of codebreaking. There are two general ways to attack an encryption scheme:
- Cryptanalysis: This type of attack rely on the nature of encryption algorithm used. This type of attack exploits the characteristic of the algorithm to deduce the specific plaintext or the key being used.
- Bruteforce: The attacker tries every possiible key on a piece of ciphertext until an intelligible message comes out as a result.
If either type of attack able to deduce the key, the result will be catastrophic. All the future and past message encrypted are compromised.
There are two more definitions which require some attention:
- Unconditionally secure: A cipher will be unconditionally secure if the ciphertext generated by the encryption scheme does not contain enough information to determine exactly the corresponding plaintext. Therefore no matter how hard the opponent tries, he or she won’t get the information, simply because the information is not there.
- Computationally secure: An encryption scheme is said to be computationally secure if the cost of decoding the cipher exceeds the value of encrypted information or the time required to break the cipher exceeds the useful lifetime of the information.
There are two building blocks of any encryption technique:
- Substitution: It is the technique in which the letters of plaintext are replaced by other letters or by numbers or symbols. There are a number of substitution techniques like caesar cipher, playfair cipher, one-time pad etc. An example of caesar cipher is given in which every alphabet is replaced by the next third alphabet.
plain: meet me after the toga party cipher: PHHW PH DIWHU WKH WRJD SDUWB
- Transposition: A different kind of mapping which is achieved by performing some sort of permutation on the plaintext letters is known as transposition. An example of rail-fence technique is given as:
m e m a t r h t g p r y e t e f e t e o a a t The encrypted message is: MEMATRHTGPRYETEFETEOAAT
Other two important terms are block cipher and stream cipher:
- Stream Cipher: It is the one which encypts the digital data stream one bit or one byte at a time.
- Block Cipher: It is the one in which the block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.
Symmetric Encryption is a form of cryptosystem in which encryption and decryption are performed using the same key. It is also known as conventional encryption. Symmetric encryption transforms plaintext into ciphertext using a secret key and an encryption algorithm. Using the same key and decryption algorithm, the plaintext is recovered from the ciphertext.
A symmetric encryption scheme has five ingredients:
- Plaintext: This is the original intelligible data that is fed into algorithm as an input.
- Encryption Algorithm: The encryption algorithm performs various substitution and transformations on the plaintext.
- Secret Key: It is also an input to the encryption algorithm. It’s value is independent of the plaintext and of algorithm. The algorithm will produce a different output depending upon the specific key being used at a time.
- Ciphertext: This is the scrambled message which is produced as an output. It depends on the plaintext and secret key. For a given message, two different keys will produce two different ciphertext.
- Decryption Algorithm: This is the encryption algorithm run in reverse. It takes the ciphertext and the secret key to produce the plaintext.
The secret key is shared by both receiver and sender. We assume that it is impractical to decrypt a message on the basis of ciphertext plus knowledge of encryption/decryption algorithm. In other words, we do not need to keep the algorithm secret; we need to keep only the key secret. This feature of symmetric encryption is what makes it feasible for widespread use.
Claud Shannon, a reasercher on cryptographic technique, proposed to develop a product cipher which alternates the confusion and diffusion functions. Now, what are these confusion and diffusion process mean. Let’s see
- Confusion: It means that the key does not relate in a simple way to the ciphertext. In particular, each character of the ciphertext should depend on several parts of the key.
- Diffusion: Diffusion means that if we change a character of the plaintext, then several characters of the ciphertext should change, and similarly, if we change a character of the ciphertext, then several characters of the plaintext should change.
The various symmetric encryption techniques are DES, AES, Triple DES, blowfish etc.
We will have a brief description about the first three:
Data Encryption Standard(DES)
- Initial Permutation
- 16 Fiestal Rounds
- Left-Right swap
- Final Permutation
First a 64 bit plaintext passes through an initial permutation that rearranges the bits to produce the permuted input and it is divided into two equal halves each consist of 32 bit. This is followed by 16 Fiestal rounds which involves both permutation and substitution function. After that, the last round i.e. 16th round is swapped to produce the preoutput. Finally the preoutput is passed through final reverse permutation to produce the required 64 bit ciphertext.
In each Fiestal round, the 64-bit permuted plaintext is divided into 32-bit equal halves i.e. L and R. The round key is of 48 bit and the R input is of 32-bit. So first, R input is expanded to 48-bit. Then, resulting 48-bit is XORed with the key. The result is then passed through S-box which is used to convert the 48-bit back to 32-bit. At each round, the L is equal to the previous value of R and R is a function of previous L and key. As the key size is of 56 bit but in each fiestal round, it uses the key of 48 bit because every eighth bit is ignored.
- With its 168-bit key length, it overcomes the vulnerability to brute force attack of DES.
- The encryption algorithm used in Triple DES is same as used in DES. It has been subjected to more scrutiny than any other algorithm for a long period of time and no effective cryptanalytic attack has been found. Hence it is highly resistant to the cryptanalysis.
Advanced Encryption Standard(AES)
AES is a block cipher, which is developed to replace DES for commercial application. But as Triple DES has been discovered to overcome the drawbacks of DES. Though, the principal drawback of Triple DES is that the algorithm is more sluggish in software. Another drawback is both DES and Triple DES uses block size of 64-bit, where for more security and efficiency, a larger block size is desirable. So, AES has developed which have security strength equal to or better than Triple DES. It uses the block size of 128-bits with key length of 128,192 and 256-bit.
The number of rounds depend on the key size i.e. for 128-bit key, the number of rounds will be 10. For 192 and 256 bit keys, the number of rounds will be 12 and 14 respectively. The key that is provided as an input is expanded into an array of fourty-four 32-bit words. So that 4-distinct words(128-bits) serve as a round key for each round. Each round consist of four different stages:
- Substitute bytes: Use an S-box to perform byte by byte substitution.
- Shift rows: A simple permutation.
- Mix columns: A substitution that makes use of arithmetic.
- Add round key: A simple bitwise X-OR of the current block with a portion of expanded key.
One thing that is to be noted is that one initial round which uses only key is not considered in the total no. of rounds and the last round consist of only three stages i.e. the operation of mix column doesn’t take place in the last round.
Well, with this we have covered an important concept but there is a lot which can’t be covered in this blog. But I hope now you have an idea of symmetric encryption techniques. Meet you in the next blog.