Symmetric and Asymmetric (Public) key

EncryptionWeek-8

Symmetric Key EncryptionThe same key is used to encrypt and decrypt messages

• This means key is shared between sender & receiver

• Typically, a company will have many keys, a separate key for each of its

clients (Why?)

• All keys must be recorded but kept secure from theft

• Disclosure of keys compromises message since algorithm is publicly

known

Symmetric Key EncryptionSimple Model

Plaintext, P EncryptionMethod, E

Ciphertext, C = Ek(P)

Plaintext, PDecryptionMethod, D

EncryptionKey, K

DecryptionKey, K

Passive intruderJust listens

Active intruderAlter messages

Symmetric Key EncryptionAlgorithm

• Encryption of plaintext P using key K gives ciphertext C

C = Ek (P)

• Decryption of ciphertext C using key K gives plaintext P

P = Dk (C)

• Therefore:

Dk (Ek (P)) = P

Data Encryption Standard (DES)Most widely used encryption standard – Data Encryption Algorithm

(DEA)

• A joint National Security Agency (NSA) and IBM development (mid-70s)

• Maintained by National Institute of Standards and Technology (NIST)

• DES based on 56-bit key (no longer secure!)

Data Encryption Standard (DES)DES brute-force attack

• Broken in 22 hours by Electronic Foundation Machine (EFF)

• Using special-purpose supercomputer assisted by 10,000 machines

distributed over internet

• Some commercial organisation continue to use DES for less sensitive

messages

Data Encryption Standard (DES)Algorithm

• It is a complex combination of two fundamental building blocks of

encryption: Substitution and Transposition.

• The algorithm derives its strength from repeated application of these

two techniques, one on top of the other, for a total of 16 cycles.

• The algorithm begins by encrypting the plaintext as blocks of 64 bits.

• The key is 64 bits long, but in fact it can be any 56-bit number.

• The extra 8 bits are often used as check digits and do not affect

encryption in normal implementations.

Data Encryption Standard (DES)Algorithm

Triple DESA newer DES standard harder to break (i.e. stronger level of security)

• Involves using original DES 3 times with different keys

• Several versions (i.e. variants of 3DES)

• 3DES - Encryption, Encryption, Encryption

• 3DES - Encryption, Decryption, Encryption

Advance Encryption Standard (AES)A newer DES standard harder to break (i.e. stronger level of security)

• NIST’s (National Institute of Standards and Technology) new standard

designed to replace DES and 3DES

• Rijndael (pronounced “rain doll”) (Daemen and Rijmen, 1998)

algorithm based on AES

• Cracking AES by brute force takes 150 trillion years!

Comparing AES and DESStructure

• Both are block ciphers, with an adaptation permitting them to be used

as stream ciphers

• AES designed for growth: longer key, more cycles for added security

Speed

• DES is table-driven, uses simple operations, lends itself to hardware

implementation

• AES is less table driven; uses even simpler operations; lends itself to

machine implementation

Comparing AES and DESKeys

• DES: fixed 56 bit key (the biggest problem of the algorithm

• AES: can use key of 128, 192, 256 bits; algorithm extends naturally to

even longer keys

Concerns

• Key distribution problem: Key is shared between sender and receiver

• Introduces trusted third party KDC

Comparing AES and DESWeaknesses

• DES: No significant ones discovered in almost 30 years of scrutiny

• Design rational secret

• AES: None discovered, but scrutiny since 1998

• Design rational public

Asymmetric (Public) Key EncryptionOne key to encrypt, another to decrypt

• Based on two keys, called “public” and “private” keys (i.e.

mathematical related pair)

• Public key is widely and openly distributed and used to encrypt

message

• Private key is kept confidential and used to decrypt message

• Addressed problem of key distribution and management with

symmetric encryption

Asymmetric (Public) Key EncryptionProcess

• Alice uses Bob’s public key k to encrypt her message Ek(M), which

sends to Bob

• Bob uses his private key s to decrypt message Alice encrypted using his

public key k: Ds (Ek (M)) = M

• Bob reads message and uses same method as Alice to send a reply

• Alice and Bob can communicate securely

Asymmetric (Public) Key EncryptionProperties

• Computationally infeasible to deduce the private key from the public

key

• Key pair mathematically related (permanently matched to each other)

• The difficulty in deriving private key is based on Number Theory

• Alice and Bob can communicate securely

• Key management problem reduced to the one-site protection of

private key

AlgorithmsSymmetric:

• DES/3DES

• Blowfish

• IDEA (International Data

Encryption Algorithm)

• RC4 / RC5 / RC6 …

• Serpent

• Towfish

• Asymmetric

• Knapsack (old)

• RSA (popular)

• El Gamal

• Other ...

Thank You !