Encryption algorithms or ciphers are mathematical formulas or functions applied to data to transform the plaintext or cleartext information, into an unintelligible format commonly referred as ciphertext. An encryption algorithm takes two inputs: a key and the plaintext.
The main goal of an encryption algorithm is not really to make the ciphertext undecryptable but to make it very hard to decrypt. A good encryption algorithm is an algorithm in which the time it would take to decipher the ciphertext without the key, it’s much longer than the time-value of the original plaintext.
There are two types or families of encryption algorithms, based on how the secret key is generated and used
- Symmetric Key Algorithms - Here, both sender and receiver use the same secret key to encrypt and decrypt information.
- Asymmetric Key Algorithms - Here, the sender and receiver use different keys. The sender encrypts the message with one key and the receiver uses another key, mathematically related to the sender’s key, to decrypt the message.
In this post, we’ll dive into the Symmetric key encryption family.
Symmetric Key Algorithms
Symmetric key encryption algorithms are cryptographic methods that use the same key for both encryption and decryption of data. These algorithms are fundamental in securing data and ensuring privacy, especially in scenarios where speed and efficiency are critical.Symmetric encryption is often referred as private key encryption because in this type of encryption only one key is required to encrypt and decrypt and this key must remain private to both parties.
Both parties in the communication should know the shared secret key before they start the communication. This means that sender and receiver need to exchange the private key in advanced, normally using another mechanism to secure the exchange.
We normally use symmetric encryption for bulk encryption, that is, for encrypting a whole document, an entire file or all the data to be exchanged in a secured communication. The most important piece of information is the secret key. If it is compromised, any interceptor or man-in-the-middle would be able to decrypt all communication.
Symmetric encryption is way less heavy computational than asymmetric, that is why symmetric encryption is the preferred method for bulk data encryption. However asymmetric encription is needed to secure the exchange of the symmetric shared key.
Encryption Techniques for Symmetric Key Algorithms
Substitution and Transposition
There are two techniques for symmetric encryption: substitution and transposition- With substitution, we replace each character with another one. The algorithm will have the logic/formula to calculate each equivalent character
- With transposition, you move each character to another position in the text
In a diffusion algorithm, original characters are replaced with other values and also spread throughout the ciphertext. This guarantees that the same character is not always encrypted into a different one, its encryption will depend as well on its location in the plaintext and the data that precedes it. This makes the algorithm much more robust.
Block and Stream Ciphers
Symmetric algorithms can also be classified into block and stream ciphers. Block ciphers use a fixed size block of plaintext to encrypt. Stream ciphers continuously encrypt data as it is presented in plaintext.Current symmetric algorithms also have a property called Avalanche effect. A tiny change, just one bit, in the plaintext results in changes in approximately one-half of the ciphertext.
Most common Symmetric Algorithms
DES (Data Encryption Standard)
- It’s a block cipher, encrypts and decrypts bits of 64 blocks
- It uses a 56 bit key, but it’s very often stored with additional parity bits, extending the key length to 64 bits
- At the time it was created (1977) the effort required to crack it was considered enormous, but currently it is considered insecure and has become obsolete due to the short length of its key.
- It is a very elegant algorithm and the most cryptanalized algorithm in the world
Triple DES (3DES)
- It consists of three consecutive encryption with DES
- With three DES encryption we can get 56*3=168 bits for the key space with the strength of the DES algorithm
- Used properly, 3DES is as unbreakable as any other secret-key algorithm, but it is slow
AES (Advanced Encryption Standard)
- It is based on the Rjindael algorithm
- It’s a fast block cipher, with variable key length and block sizes (they can be set independently to 128, 192, or 256 bits)
- AES replaced DES and became an official US Gov standard in 2022. Now is used widely for commercial and private encryption purposes
- AES is public, there are no royalties or licenses, anyone can use it.
Blowfish
- It is a block cipher, encrypts and decrypts bits of 64 blocks
- It uses a variable key size, from 32 to 448 bits
- It’s known for its speed and effectiveness, and often used in password management systems
RC4
- It’s a stream cipher
- The only complexity of the algorithm is the generation of the keystream, which can potentially be an infinite sequence of key values, starting with a 40 or 128 bits key and a 24 bit initialization vector (IV)
- Once we know the keystream, the encryption itself is extremely simple. It’s just the XOR operation between the plaintext and the keystream
- Using the same key and Initialization Vector, the receiver can reproduce completely the keystream and decrypt the message
- RC4 is 10 times faster than DES
RC5
- It’s a block cipher with variable block size (32, 64 and 128 bits), variable key length (0 to 2040bits) and a variable number of rounds (0 to 255) or individual encryption steps.
In summary, Symmetric key encryption remains a crucial part of modern cryptography, providing a balance between security and performance. Its effectiveness depends on the strength of the algorithm and the security of the key management process.