Introduction to symmetric cryptography
Symmetric cryptography gets its name from the fact that the same secret key is used for encryption and decryption, thus making the process symmetrical. The main advantage of symmetric cryptography over asymmetric cryptography is that it tends to be faster and more efficient. The main disadvantage is that for symmetric cryptography to work, you need a means of sharing a secret key in a secure fashion between the sender and the recipient. For these reasons, symmetric and asymmetric cryptography are often used together for encrypting data traveling between two locations.
A number of different symmetric encryption algorithms exist, and some are more popular and famous than others. An important distinction between the different types of symmetric encryption algorithms is whether they are block or stream ciphers.
A block cipher is designed to break the plaintext into fixed-size chunks and encrypt each chunk separately. If the plaintext isn’t a perfect multiple of the chunk size, then it is padded to the correct size. At the other end, decryption is also performed using the same size chunks.
The mode famous block cipher is the Advanced Encryption Standard (AES). It was selected as the result of a multi-year contest put on by the National Institute of Standards and Technology (NIST) to find a replacement for the Data Encryption Standard (DES), the previous official encryption algorithm of the US government. Despite being over 20 years old, AES is still secure, with the best-known attacks only decreasing its effective key length by no more than four bits in all variants.
Block cipher modes of operation
The messages to be encrypted don’t always fit into a single block for encryption (for example, an AES block is only 128 bits). Block cipher modes of operation define how the different blocks of a plaintext/ciphertext should be combined for encryption/decryption.
Electronic Codebook (ECB) mode (shown above) is the simplest block cipher mode of operation. In ECB mode, each block is encrypted completely independently. This makes it simple to implement and parallelize ECB mode encryption.
The problem with ECB mode is that it leaks information about the plaintext. The image above shows the Linux penguin encrypted using ECB mode. While the colors are off, you can still see the penguin. This is because, with ECB mode, identical plaintext blocks encrypt to identical ciphertext blocks. ECB mode is insecure and should never be used.
A simple alternative to ECB mode is Counter (CTR) mode. As shown above, CTR mode uses the combination of a random nonce and an incrementing counter as the input to encryption. The result is XORed with the plaintext to produce the ciphertext. Since every block has a different input due to that incrementing counter, identical blocks produce different ciphertexts. However, it is essential that the nonce is unique for each stream of encryption; otherwise, corresponding blocks in two streams will be encrypted using the same values.
These are only some of the block cipher modes of operation used to make block ciphers possible. Other commonly-used ones include:
- Cipher Block Chaining Mode (CBC)
- Cipher Feedback Mode (CFB)
- Output Feedback Mode (OFB)
- Galois Counter Mode (GCM)
Of these, GCM is the best choice, since it also provides a message authentication code (MAC) for integrity checking. It is also important to do your research before using these, since some may be insecure for certain operations.
Stream ciphers take a different approach to converting plaintext into ciphertexts. Instead of breaking the plaintext into fixed-size blocks, encryption is performed bitwise.
Stream ciphers are based upon the one-time pad (shown above). The one-time pad is the only provably secure encryption algorithm in existence, but it is rarely used since it needs a shared secret key of the same length as the plaintext. If you can secretly share such a long key, why not just share the plaintext over that secure channel instead? The main application of the one-time pad is using preshared key material to perform encryption later.
Stream ciphers sacrifice some of the one-time pad’s security for usability. A much shorter secret key is used as an input to a function that generates a stream of key material. This key material is then used as the secret key in a one-time pad algorithm. However, since the secret key is much shorter than the plaintext, doing this sacrifices the perfect security of the one-time pad.
Rivest Cipher 4 (RC4)
RC4 is one of the most famous stream ciphers. It was one of several encryption algorithms invented by Ron Rivest, the R in the RSA encryption algorithm and company. RSA is a trade secret of the company but was publicly leaked in 1994. It was used in WEP and WPA for Wi-Fi security and in TLS until 2015.
RC4 is considered insecure due to the discovery of a number of weaknesses in the protocol. It has been demonstrated that the first several bits of key material generated by RC4 are strongly correlated with the secret key, making it potentially vulnerable to attack.
Symmetric encryption algorithms are typically faster and more efficient when performing bulk data encryption. This is why they’re commonly used for encrypting data at rest (for full-disk encryption) or doing the heavy lifting for encrypting data in transit. However, symmetric encryption algorithms require a preshared key, which is why algorithms like TLS use both symmetric and asymmetric cryptography.
- Block Cipher Modes of Operation, CommonLounge
- Introduction to Cryptography, cs.purdue.edu