Symmetric Cryptography

Symmetric cryptography is also called traditional, secret-key or private-key cryptography. It utilizes transformation techniques to transform the message to achieve the message encryption. The symmetric cryptosystem architecture can be depicted as shown in Figure 2.8. In the figure, the left side of the dotted line is encryption procedure while the right side is decryption procedure.

Figure 2.8 Architecture of symmetric cryptosystem

Broadly speaking, the symmetric cryptosystems is composed via following five factors, namely: plaintext, encryption algorithm, secret key, ciphertext and decryption algorithm.

z Plaintext is a message in its native form which one could simply read it;

z Encryption Algorithm is the algorithm which is the mathematical process for the scrambling and descrambling of a data stream;

z Secret Key is the value stream which is unrelated to the plaintext, and is the input of the encryption/decryption algorithm as well. The encryption algorithm would produce different output via different secret key. In symmetric cryptosystem, one must use the same secret key for a encryption/decryption cycle, that means one cannot use other secret key to decrypt a ciphertext which is decrypted by specific secret key;

z Ciphertext is the result of encryption operation and it should appear as an incomprehensible flow of byte, and

z Decryption Algorithm is the inverse function of encryption algorithm and could transform the ciphertext into the plaintext via the secret key.

The relationship between these factors and the formal definitions of symmetric cryptography can be expressed by the following formulae.

The encryption function E can be expressed by Equation 2.1:

E: (M) × K = C (2.1)

M: The set of plaintexts

K: The set of secret keys

C: The set of ciphertexts

or by the following equation:

E

× (M) = C (2.2)

in which EK is the encryption algorithm with secret key K. The decryption function D can be expressed by Equations 2.3 or 2.4:

D: (C) × K = M (2.3)

D

× (C) = M (2.4)

From the above equations, one can understand that while one knows the secret key, then the plaintext can be computed easily. Thus, in essence, there are two major conditions on the security of symmetric cryptosystems:

z It is necessary to strengthen the secret key protection to prevent attackers from cracking the ciphertext or secret key even though they might know the encryption algorithms or gotten a part of the ciphertext already.

z The transmitter and the receiver have to gain the secret key via a secure way and a safe space to arrange the secret key as well. If one owns both the secret key and

the encryption algorithms, the ciphertext can be cracked easily.

After knowing these two conditions, in symmetric cryptosystems, it is important to safeguard the secret key strictly. Therefore, how to establish a secure space and transmission method to store and transmit the secret keys are more important than the encryption/decryption algorithm adoption.

On the other hand, the symmetric cryptosystems can be divided into two categories:

stream cipher and block cipher. The stream algorithms perform on strings of arbitrary length by handling the plaintext as a continuous input stream and generating ciphertext output stream at the same time. In block algorithms, the plaintext is handled by blocks, and therefore, the length of the plaintext must be multiple of the block size. In addition, the block cipher consumes less core resource than stream cipher; thus, the block cipher becomes the main stream nowadays. As follows, the common block cipher techniques of symmetric cryptosystems are introduced.

(a) DES

Data Encryption Standard (DES) is developed by Walter Tuchman and Carl Meyer who are the employees of IBM, and is adapted as Federal Information Processing Standard (FIPS PUB 46-2) by the National Bureau of Standards (NBS) in 1977. After

that, DES had been widely used by industry ^{[24] [28]}.

The basic and principal techniques of DES are confusion and diffusion. The confusion method makes ciphertexts give no clue to the attackers about the plaintext, and the diffusion technique ensures that the slightest difference in plaintexts will result in diffusion, and hence, the results in totally different ciphertexts.

The size of a single message block in DES is limited in 64 bits and the length (size) of secret key is only 56 bits to be used. Therefore, the security level of DES declines rapidly along with the dramatically growth of computability of modern computers due to 56-bit secret key length, and which has become the greatest weakness when one attacks the protected system by brute-force attack nowadays. Figure 2.9 shows the encryption and the decryption procedures of the DES cipher algorithms.

Figure 2.9 Encryption and decryption procedures of DES

(b) Blowfish

Blowfish is developed by Bruce Schneier in 1993 and has the following advantages^[28]: z The architecture of Blowfish cipher algorithms is simple and the operation is not

complex as well;

z The memory Blowfish used is less than 5K;

z The operation rate is fast;

z The secret key is changeable, the maximum secret key length could be 448 bits, and the user could improve the security level via increasing the secret key length.

(c) Triple-DES

As the characteristics of DES, the short length secret key is the major misgiving for DES. Because of it, the National Institute of Standard and Technology (NIST, known as NBS) publishes the new standards for DES－Triple Data Encryption Standard (Triple-DES, 3-DES, T-DES) in 1999. The most important modification is to increase the secret key length to 168 bits via triple DES operations (see Figure 2.10).

Triple-DES had been subjected to many severe tests, so far, beside brute-force attack;

one could conclude that there was no single attack could crack it effectively. However, some defects of Triple-DES restrict the behaviours. For instance, due to achieving the triple DES operation, it might increase loading onto the core system, making the operation efficiency to worsen, and on the other hand, the message block size still limits only 64 bits as DES.

Figure 2.10 Encryption and decryption procedures of Triple-DES

(d) AES

Advanced Encryption Standard (AES) is the newly encryption standard which was developed by two Belgian cryptographers－Dr. Joan Deamen and Dr. Vincent Rijmen and announced by NITS after DES and Triple-DES on November, 2001.

Although, the existing AES algorithm is not the original Rijmen pattern which supports a large range of block and secret key length as the block size is fixed at 128 bits and the secret key length could be chosen for 128, 192 or 256 bits. In computer computing, 1 byte equals 8 bits, the 128 bits fixed block is normally 128÷8=16 bytes. AES operates on a 4×4 array of bytes, called state, and most AES calculations are done in a special finite field.

As other cryptography algorithms, the encryption procedures are applied to make up rounds of keyed transformations between the input plaintext and the final output ciphertext. The encryption procedures could divide into four operations (stages) which one utilizes the transposition method and others use substitution techniques as Figure

2.11 shown, namely:

• SubBytes operation is to utilize S-box to carry out substituting for each bit of message block;

• ShiftRows operation is a simple raw transposition process of the 4×4 array;

• MixColumns operation is to utilize GF(2⁸) calculation to carry out substituting for each column of the 4×4 array, and

• AddRoundKey is a substitution operation via XOR operation.

Generally speaking, RSA cryptography is the major algorithm of symmetric cryptosystem today. Thus, this research adopts RSA cipher algorithm to be the consideration for the security mechanism establishment as well. The internal detail operation of RSA cryptography could refer to Appendix Two.

AddRoundKey

SubBytes MixColumns

ShiftRows SubBytes

AddRoundKey ShiftRows

MixColumns

Figure 2.11 Encryption and decryption procedures of AES