Symmetric Key Algorithms?

Symmetric key algorithms are a type of cryptographic technique that

uses a shared secret key for both encryption and decryption. This means
that the same key is used to encode and decode the message. Symmetric
key algorithms are generally faster and more efficient than asymmetric
key algorithms, but they require that the sender and receiver of a
message share a secret key.
Here are some of the basic principles of symmetric key algorithms −
 The same key is used for both encryption and decryption − In
symmetric key algorithms, the same key is used to both encrypt and
decrypt the message. This means that the sender and receiver of a
message must share the same secret key in order to communicate
securely.
 Symmetric key algorithms are faster and more efficient than
asymmetric key algorithms − Symmetric key algorithms are
generally faster and more efficient than asymmetric key algorithms,
as they do not require the use of complex mathematical operations
such as exponentiation. This makes them well-suited for applications
that require fast encryption and decryption, such as securing
communication over the internet.
 Symmetric key algorithms are less secure than asymmetric key
algorithms − While symmetric key algorithms are generally faster
and more efficient than asymmetric key algorithms, they are also
less secure. This is because the same key is used for both encryption
and decryption, which means that if the key is compromised, the
security of the entire system is compromised.

Cryptographic Strength of Symmetric Algorithms

The cryptographic strength of a symmetric key algorithm refers to its
ability to resist attacks and protect the confidentiality of the information
it is used to encrypt. The cryptographic strength of a symmetric key
algorithm is determined by a variety of factors, including −
 Key size − The size of the key used in a symmetric key algorithm is
a major determinant of its cryptographic strength. In general, the
larger the key size, the stronger the algorithm.
 Block size − The block size of a symmetric key algorithm refers to
the size of the blocks of data that are encrypted and decrypted using
the algorithm. A larger block size can increase the cryptographic
strength of the algorithm.
 Number of rounds − The number of rounds in a symmetric key
algorithm refers to the number of times that the encryption and
decryption process is repeated. A larger number of rounds can
increase the cryptographic strength of the algorithm.
 Resistance to attacks − The resistance of a symmetric key
algorithm to attacks, such as brute-force attacks or differential
cryptanalysis, is another factor that determines its cryptographic
strength. Algorithms that are resistant to these types of attacks are
generally considered to be stronger.

Types of Symmetric Key Algorithms

There are several different types of symmetric key algorithms, including

−
 Block ciphers − Block ciphers are symmetric key algorithms that
operate on fixed-size blocks of data and use a secret key to encrypt
and decrypt the data. Examples of block ciphers include the
Advanced Encryption Standard (AES) and Blowfish.
 Stream ciphers − Stream ciphers are symmetric key algorithms that
operate on a stream of data and use a secret key to encrypt and
decrypt the data. Stream ciphers are generally faster and more
efficient than block ciphers, but they are also generally considered to
be less secure.
 Feistel ciphers − Feistel ciphers are a type of block cipher that are
based on a structure known as a Feistel network. They are widely
used in symmetric key algorithms and are known for their efficiency
and ease of implementation.
 Substitution-permutation ciphers − Substitution-permutation
ciphers are a type of block cipher that use both substitution and
permutation operations to encrypt and decrypt data. They are known
for their strong cryptographic properties and are used in many
modern symmetric key algorithms.

DES (Data Encryption Standard) and AES (Advanced Encryption

Standard)

What is DES?

The Data Encryption Standard (DES) is a symmetric-key block cipher.

In the year 1977, DES is published by the National Institute of
Standards and Technology (NIST). It is based on the Feistel structure in
which the plaintext is separated into two halves. It takes input as 64-
bit plaintext and a 56-bit key to produce 64-bit ciphertext. Before
processing, the entire plain text is separated into two pieces of 32
bits each, and the same operations are done on each portion. Each piece
goes through 16 rounds of operations before the final permutation is
used to obtain the 64-bit ciphertext.
Expansions, permutations, and substitutions are some of the functions
used in the rounds, as well as an XOR operation with a round key.
Decryption is done in the same way as encryption but in the opposite
sequence. Although DES was regarded to be less safe for encrypting
highly confidential data of government because it uses a smaller shared
key, triples-DES was invented to counter this. Still, it was also not
considered a good algorithm because it encrypts data very slowly.
In DES, even a minor change in the input text results in a completely
new ciphertext.

Why DES is no Longer Effective

In order to demonstrate that the DES was insufficient and should no
longer be utilised in important systems, a series of challenges were
sponsored to test how long it would take to decrypt a message.
The Electronic Frontier Foundation (EFF) and distributed.net both
played major contributions in breaking DES.

o The DES I contest (1997) took 84 days to break the encrypted

message using a brute force attack.
o In 1998, two DES II challenges were issued. The encrypted text
for the first challenge took slightly over a month, and it read: "The
mysterious message is: Many hands make light work". The
second challenge took less than three days, with the plain text
message "it's time for those 128-, 192- and 256-bit keys".
o The last DES III challenge in early 1999 took only 22
hours and 15 minutes. Electronic Frontier Foundation's Deep
Crack computer (built for less than $250,000) and distributed.net's
computing network found the 56-bit DES key, deciphered the
message, and they (EFF & distributed.net) won the contest. The
decrypted message stated, "See you in Rome (Second
AES Candidate Conference, March 22-23, 1999)," and was
discovered after searching around 30% of the key space, indicating
that DES was obsolete.

What is AES?

Advanced Encryption Standard (AES) is also a symmetric key block

cipher. The National Institute of Standard and Technology published
AES in 2001. Because DES utilises a relatively short cipher key and the
algorithm was quite slower, AES was introduced to replace it.
It is currently one of the most popular symmetric block cipher
algorithms. It is at least six times faster than triple-DES encryption.
Unlike DES, it is based on the "Substitution and Permutation'. It takes
a step-by-step method. In AES, bytes are used instead of bits.

In AES, plain text is considered 126 bits equivalent to 16 bytes with

a 128-bit secret key to generate a 44-bit matrix (having 4 rows and 4
columns). It then does 10 rounds after this step. Each round has its own
subprocesses, with 9 rounds including Sub bytes, Shift Rows, Mix
Columns and Add Round Keys. The 10th round includes all the above
operations excluding 'Mix columns' in order to produce the 126-
bit ciphertext.

The number of rounds in AES is determined by the key size, which

is 10 for 128-bit keys, 12 for 192-bit keys, and 14 for 256-bit keys. We
can use it in several protocols such as TLS, SSL and numerous modern
application which need high encryption security. We can also
use AES for hardware which needs high throughput.

Why AES Replaced DES Encryption?

One of the primary objectives for the DES replacement algorithm from
the National Institute of Standards and Technology (NIST) was that
it had to be proficient in both software as well as hardware
implementation. (DES was originally only practical in hardware
implementations). C and Java reference implementation were used for
performance analysis of all the algorithms.

AES was chosen in an open competition that included 15 candidates

from as many research teams as possible from around the world, and the
overall number of resources allocated to that process was enormous.

Finally, in October 2000, the National Institute of Standards and

Technology (NIST) announced Rijndael as the proposed Advanced
Encryption Standard (AES).
Comparison Chart

Basis For DES (Data AES (Advanced Encryption Standard)

Compariso Encryption
n Standard)

Basic The data block The entire block in AES is processed as a

in DES is split single matrix.
into two halves.

Principle It works The substitution and permutation principle

on Feistel Cipher s are used in AES.
structure.

Year of DES (Data AES (Advanced Encryption

Creation Encryption Standard) creation year is 1999.
Standard) creatio
n year is 1976.

Designed By DES (Data AES (Advanced Encryption Standard) was

Encryption designed by Vincent Rijmen and Joan
Standard) was Daeman.
designed by IBM.

Rounds 16 rounds 10 rounds for 128-bit algo

12 rounds for 192-bit algo
14 rounds for 256-bit algo

Speed DES is slower AES is faster than DES.

than AES.

Security Because DES uses Because AES uses a large secret key, it
a smaller key, it is more secure.
is less secure.

Key size In comparison In comparison to DES, AES has a larger key

to AES, the key size,
size of DES is
lower.

Rounds Expansion Subbytes, Shiftrow, Mix columns, Add

Names Permutation, Xor, roundkeys.
S-box, P-box, Xor
and Swap.

Plaintext Plaintext is of 64 Plaintext can be of 128,192, or 256 bits.

bits.

Identified Linear crypt- There is no identified attack.

Attacks analysis,
Differential crypt-
analysis, and
Brute-force.

Block Size 128 bits 64 bits

Originate DES originate AES originate from the square cipher.

From from the Lucifer
cipher.

Key Differences Between DES and AES

o The main difference between DES and AES is that in DES, the
block is split into two halves before being processed further, but in
AES, the entire block is processed to get ciphertext.
o DES has a key size of 56 bits, which is less than AES, which has a
secret key size of 128, 192, or 256
o AES is comparatively faster than DES.
o The smaller key size of DES makes it less secure than AES.
o The Feistel Cipher principle is used in the DES algorithm, while
the substitution and permutation principle are used in the AES
o Expansion Permutation, Xor, S-box, P-box, Xor, and Swap. On the
other hands, rounds in AES include Subbytes, Shiftrows, Mix
columns, and Addroundkeys.

Introduction to Block Cipher modes

There are five types of operations in block cipher modes, ECB

(Electronic Code Block) mode, CBC (Cipher Block Chaining) mode,
CFB (Cipher Feedback) mode, OFB (Output Feedback) mode and CTR (
Counter) mode. Where ECB and CBC mode works on block ciphers,
and CFB and OFB mode works on block ciphers acting as stream
ciphers. ECB is used for transmitting a single value insecure manner,
CBC is used for encrypting blocks of text authentication, CFB is used
for transmitting an encrypted stream of data authentication, OFB is used
for transmitting an encrypted stream of data, CTR is used for
transmitting block-oriented applications.
Block Cipher Modes of Operation
There are 5 modes of operation in the block cipher.

1. ECB mode

 ECB mode stands for Electronic Code Block Mode. It is one of the
simplest modes of operation. In this mode, the plain text is divided
into a block where each block is 64 bits. Then each block is
encrypted separately. The same key is used for the encryption of
all blocks. Each block is encrypted using the key and makes the
block of ciphertext.
 At the receiver side, the data is divided into a block, each of 64
bits. The same key which is used for encryption is used for
decryption. It takes the 64-bit ciphertext and, by using the key
convert the ciphertext into plain text.
 As the same key is used for all blocks’ encryption, if the block of
plain text is repeated in the original message, then the ciphertext’s
corresponding block will also repeat. As the same key used for tor
all block, to avoid the repetition of block ECB mode is used for an
only small message where the repetition of the plain text block is
less.
2. CBC Mode

 CBC Mode stands for Cipher block Mode at the sender side; the
plain text is divided into blocks. In this mode, IV(Initialization
Vector) is used, which can be a random block of text. IV is used to
make the ciphertext of each block unique.
 The first block of plain text and IV is combined using the XOR
operation and then encrypted the resultant message using the key
and form the first block of ciphertext. The first block of ciphertext
is used as IV for the second block of plain text. The same
procedure will be followed for all blocks of plain text.
 At the receiver side, the ciphertext is divided into blocks. The first
block ciphertext is decrypted using the same key, which is used for
encryption. The decrypted result will be XOR with the IV and
form the first block of plain text. The second block of ciphertext is
also decrypted using the same key, and the result of the decryption
will be XOR with the first block of ciphertext and form the second
block of plain text. The same procedure is used for all the blocks.
 CBC Mode ensures that if the block of plain text is repeated in the
original message, it will produce a different ciphertext for
corresponding blocks.
Note that the key which is used in CBC mode is the same; only the
IV is different, which is initialized at a starting point.
3. CFB Mode

 CFB mode stands for Cipher Feedback Mode. In this mode, the
data is encrypted in the form of units where each unit is of 8 bits.
 Like cipher block chaining mode, IV is initialized. The IV is kept
in the shift register. It is encrypted using the key and form the
ciphertext.
 Now the leftmost j bits of the encrypted IV is XOR with the plain
text’s first j bits. This process will form the first part of the
ciphertext, and this ciphertext will be transmitted to the receiver.
 Now the bits of IV is shifted left by j bit. Therefore the rightmost j
position of the shift register now has unpredictable data. These
rightmost j positions are now filed with the ciphertext. The process
will be repeated for all plain text units.

4. OFB mode

 OFB Mode stands for output feedback Mode. OFB mode is similar
to CFB mode; the only difference is in CFB, the ciphertext is used
for the next stage of the encryption process, whereas in OFB, the
output of the IV encryption is used for the next stage of the
encryption process.
 The IV is encrypted using the key and form encrypted IV. Plain
text and leftmost 8 bits of encrypted IV are combined using XOR
and produce the ciphertext.
 For the next stage, the ciphertext, which is the form in the previous
stage, is used as an IV for the next iteration. The same procedure is
followed for all blocks.

5. CTR Mode
 CTR Mode stands for counter mode. As the name is counter, it
uses the sequence of numbers as an input for the algorithm. When
the block is encrypted, to fill the next register next counter value is
used.
Note: the counter value will be incremented by 1.
 For encryption, the first counter is encrypted using a key, and then
the plain text is XOR with the encrypted result to form the
ciphertext.
 The counter will be incremented by 1 for the next stage, and the
same procedure will be followed for all blocks. For decryption, the
same sequence will be used. Here to convert ciphertext into plain
text, each ciphertext is XOR with the encrypted counter. For the
next stage, the counter will be incremented by the same will be
repeated for all Ciphertext blocks.

CRYPTANALYSIS
Cryptology has two parts namely, Cryptography which focuses on
creating secret codes and Cryptanalysis which is the study of the
cryptographic algorithm and the breaking of those secret codes. The
person practicing Cryptanalysis is called a Cryptanalyst. It helps us to
better understand the cryptosystems and also helps us improve the
system by finding any weak point and thus work on the algorithm to
create a more secure secret code. For example, a Cryptanalyst might try
to decipher a ciphertext to derive the plaintext. It can help us to deduce
the plaintext or the encryption key.
Parts Of Cryptology

To determine the weak points of a cryptographic system, it is important

to attack the system. This attacks are called Cryptanalytic
attacks. The attacks rely on nature of the algorithm and also
knowledge of the general characteristics of the plaintext, i.e., plaintext
can be a regular document written in English or it can be a code written
in Java. Therefore, nature of the plaintext should be known before
trying to use the attacks.
Types of Cryptanalytic attacks :

The Five Types of Cryptanalytic Attacks

 Known-Plaintext Analysis (KPA) : In this type of attack, some

plaintext-ciphertext pairs are already known. Attacker maps them in
order to find the encryption key. This attack is easier to use as a lot
of information is already available.
 Chosen-Plaintext Analysis (CPA) : In this type of attack, the
attacker chooses random plaintexts and obtains the corresponding
ciphertexts and tries to find the encryption key. Its very simple to
implement like KPA but the success rate is quite low.
 Ciphertext-Only Analysis (COA) : In this type of attack, only some
cipher-text is known and the attacker tries to find the corresponding
encryption key and plaintext. Its the hardest to implement but is the
most probable attack as only ciphertext is required.
 Man-In-The-Middle (MITM) attack : In this type of attack,
attacker intercepts the message/key between two communicating
parties through a secured channel.
 Adaptive Chosen-Plaintext Analysis (ACPA) : This attack is
similar CPA. Here, the attacker requests the cipher texts of additional
plaintexts after they have ciphertexts for some texts.
 Birthday attack: This attack exploits the probability of two or more
individuals sharing the same birthday in a group of people. In
cryptography, this attack is used to find collisions in a hash function.
 Side-channel attack: This type of attack is based on information
obtained from the physical implementation of the cryptographic
system, rather than on weaknesses in the algorithm itself. Side-
channel attacks include timing attacks, power analysis attacks,
electromagnetic attacks, and others.
 Brute-force attack: This attack involves trying every possible key
until the correct one is found. While this attack is simple to
implement, it can be time-consuming and computationally
expensive, especially for longer keys.
 Differential cryptanalysis: This type of attack involves comparing
pairs of plaintexts and their corresponding ciphertexts to find
patterns in the encryption algorithm. It can be effective against block
ciphers with certain properties.