Symmetric vs. Asymmetric Encryption – Which is best?

Asymmetric encryption

Asymmetric encryption, also known as public-key encryption, utilizes a pair of keys – a

public key and a private key. If you encrypt data with the public key, only the holder of

the corresponding private key can decrypt the data, hence ensuring confidentiality.An asymmetric encryption scheme AE = (K, E, D) consists of three algorithms, as

follows:

• The randomized key generation algorithm

• The encryption algorithm

• The deterministic decryption algorithm

An asymmetric encryption algorithm typically involve exponential operations, they are

not lightweight in terms of performance. For that reason, asymmetric algorithms are often

used to secure key exchanges rather than used for bulk data encryption.

Symmetric encryption

Symmetric encryption, as the name suggests, means that the encryption and decryption

operations utilize the same key. For two communicating parties using symmetric

encryption for secure communication, the key represents a shared secret between the two.

There exist many symmetric encryption algorithms. A few of the well-known ones

include AES, DES, Blowfish, and Skipjack.

Symmetric encryption is typically more efficient than asymmetric encryption, and is

often used for bulk data encryption.

Attack a cryptosystem

Given enough computing resources, both symmetric and asymmetric encryption can be

broken. The most basic way to attack a symmetric cryptosystem is brute-force attacks,

where you essentially try every combination of a key. For a 128-bit key, there are 2^128

combinations to attempt, which requires extensive computing resources. Other

cryptanalysis attacks, including chosen-ciphertext and chosen-plaintext attacks, can be

more efficient than brute-force, but they require a priori knowledge to work.

To guard against brute-force attacks, the key length of a symmetric cryptosystem needs to

be sufficiently long. The Advanced Encryption Standard (AES) algorithm with 256-bit

key is considered secure enough for most purposes. And the implementation can be made

relatively efficient.The best way to attack a well-designed RSA implementation is

through factoring of RSA’s public modulus, which is a large number. Factoring largenumbers, with today’s best known factoring techniques, is a compute-intensive problem.

RSA (the company), ran a factoring challenge from 1991 to 2007, during which an RSA

768-bit modulus was factored successfully. In 2010, a 1024-bit RSA modulus was

factored with relatively low cost.Today, RSA implementations typically require a 2048-

bit key to be secure. For ultra sensitive operations, you would want 4096-bit keys. Of

course the longer the key length, the more expensive it is to run the encryption and

decryption operations.

Which Method Is Right For You?

How to choose symmetric vs. asymmetric cryptosystems? Here are a few tips:

The case for symmetric-key cryptography

Symmetric key cryptosystems have been shown to be more efficient and can

handle high rates of data throughput

Keys for symmetric-key cryptosystems are shorter, compared to public key

algorithms

Symmetric key ciphers can be composed together to produce a stronger

cryptosystem.

The case for asymmetric-key cryptography

In a large network, asymmetric key cryptography yields a more efficient system

for key management, as you don’t have to manage pair-wise keys for every

communicating pair.

Asymmetric key cryptosystems are good for digital signatures and key exchange

use cases

In many cases, the public and private key pairs in an asymmetric-key

cryptosystem can remain intact for many years without compromising the security of

the system. SSL certificates are one such example.

One of the most interesting facts about asymmetric key cryptosystems is that the security

of these systems is based on a small set of number-theory problems that are presumed

difficult but were never mathematically proven to be difficult. Factoring, for instance, is

one such problem. Advances in number theory could one day render factoring a much

easier problem hence diminishing security of many asymmetric key cryptosystems.

For CipherCloud, as we routinely protect customer data migrating to the cloud. We chose

AES, a symmetric cipher, with a strong 256-bit implementation. With this choice, not

only our implementation remains efficient, it also lends itself to a model where our

customers retain exclusive control of the key.

SHA-512SHA-512 is the version of SHA with a 512-bit message digest. This version, like the

others in the SHA family of algorithms, is based on the Merkle-Damgard scheme.

Messages digest creation SHA-512

Message Preparation

SHA-512 insists that the length of the original message be less than 2128 bits.

SHA-512 creates a 512-bit message digest out of a message less than 2128.

Padding and length field in SHA-512:

What is the number of padding bits if the length of the original message is2590 bits?

Solution

The padding consists of one 1 followed by 353 0’s.

1 . Do we need padding if the length of the original message is already a multiple

of 1024 bits?

SolutionYes we do, because we need to add the length field. So padding is needed to make

the new block a multiple of 1024 bits.

What is the minimum and maximum number of padding bits that can be addedto a message?

Solutiona. The minimum length of padding is 0 and it happens when

(−M − 128) mod 1024 is 0. This means that |M| = −128 mod 1024 = 896 mod

1024 bits. In other words, the last block in the original message is 896 bits. We

add a 128-bit length field to make the block complete.

b. The maximum length of padding is 1023 and it happens when (−|M| −128) = 1023

mod 1024. This means that the length of the original message is |M| = (−128

−1023) mod 1024 or the length is |M| = 897 mod 1024. In this case, we cannot just

add the length field because the length of the last block exceeds one bit more than

1024. So we need to add 897 bits to complete this block and create a second block

of 896 bits. Now the length can be added to make this block complete.

Words:

A message block and the digest as words

Compression Function

Compression function in SHA-512

WHIRLPOOLWhirlpool is an iterated cryptographic hash function, based on the Miyaguchi-Preneelscheme, that uses a symmetric-key block cipher in place of the compression function.The block cipher is a modified AES cipher that has been tailored for this purpose.

Whirlpool hash function

General idea of the Whirlpool cipher

Block and state in the Whirlpool cipher

Structure of Each Round

Each round uses four transformations.

SubBytes transformations in the Whirlpool cipher

SubBytes in the Whirlpool cipher

ShiftColumns transformation in the Whirlpool cipher

MixRows transformation in the Whirlpool cipher

AddRoundKey transformation in the Whirlpool cipher

Key expansion in the Whirlpool cipher

Diffie-Hellman Method For Key Agreement

The "Diffie-Hellman Method For Key Agreement" allows two hosts to create and share asecret key.

1) First the hosts must get the "Diffie-Hellman parameters". A prime number, 'p' (largerthan 2) and "base", 'g', an integer that is smaller than 'p'. They can either be hard coded orfetched from a server.

2) The hosts each secretly generate a private number called 'x', which is less than

"p 1".

3) The hosts next generate the public keys, 'y'. They are created with the function:

y = g^x % p

4) The two host now exchange the public keys ('y') and the exchanged numbers areconverted into a secret key, 'z'.

z = y^x % p

'z' can now be used as the key for whatever encryption method is used to transferinformation between the two hosts. Mathematically, the two hosts should have generatedthe same value for 'z'.

z = (g^x % p)^x' % p = (g^x' % p)^x % p

All of these numbers are positve integers

x^y means: x is raised to the y powerx%y means: x is divided by y and the remainder is

returned