Encryption Overview

There are three basic encryption methods: hashing, symmetric cryptography, and asymmetric cryptography. Each of these three encryption methods have their own uses, advantages, and disadvantages. Hashing, for example, is very resistant to tampering, but is not as flexible as the other methods. All three forms of encryption rely on cryptography, or the science of scrambling data.

Basic Function

People use encryption to change readable text, also called plaintext, into an unreadable secret format, called ciphertext. Encrypting data provides additional benefits besides protecting the confidentiality of a message. These advantages include ensuring that messages have not been altered during transit and verifying the identity of the sender. All of these benefits can be realized by using any of these three encryption methods.

Hashing Encryption

The first encryption method, called hashing, creates a unique and fixed-length signature for a message or data set. Hashes are created with an algorithm, or hash function, and people commonly use them to compare sets of data. Since a hash is unique to a specific message, even minor changes to that message result in a dramatically different hash, thereby alerting a user to potential tampering.

A key difference between hashing and the other two encryption methods is that once the data is encrypted, the process cannot be reversed or deciphered. This means that even if a potential attacker were able to obtain a hash, they would not be able to use a decryption method to discover the contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA).

Symmetric Methods

Symmetric cryptography, also called private-key cryptography, is one of the oldest and most secure encryption methods. The term “private key” comes from the fact that the key used to encrypt and decrypt data must remain secure because anyone with access to it can read the coded messages. A sender encodes a message into ciphertext using a key, and the receiver uses the exact same key to decode it.

People can use this encryption method as either a “stream” cipher or a “block” cipher, depending on the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data one character at a time as it is sent or received, while a block cipher processes fixed chunks of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), and International Data Encryption Algorithm (IDEA).

Asymmetric Forms

Asymmetric, or public key cryptography is potentially more secure than symmetric methods of encryption. This type of cryptography uses two keys, a “private” key and a “public key”, to perform encryption and decryption. The use of two keys overcomes a major weakness in symmetric key cryptography, since a single key does not need to be securely managed among multiple users. Public-key encryption was first described in a secret document in 1973, before then all encryption schemes were symmetric-key.

In asymmetric cryptography, a public key is freely available to everyone and used to encrypt messages before sending them. A different, private key remains with the receiver of ciphertext messages, who uses it to decrypt them. Algorithms that use public key encryption methods include RSA and Diffie-Hellman.

Symmetric Algorithms Available

AES Encryption

AES stands for Advanced Encryption Standard. AES is a symmetric key encryption technique which replaces the commonly used Data Encryption Standard (DES). It was the result of a worldwide call for submissions of encryption algorithms issued by the US Government’s National Institute of Standards and Technology (NIST) in 1997 and completed in 2000.

In response to the growing feasibility of attacks against DES, NIST launched a call for proposals for an official successor that meets 21st century security needs. This successor is called the Advanced Encryption Standard (AES). Five algorithms were selected into the second round, from which Rijndael was selected to be the final standard. NIST gave as its reasons for selecting Rijndael that it performs very well in hardware and software across a wide range of environments in all possible modes. It has excellent key setup time and has low memory requirements, in addition its operations are easy to defend against power and timing attacks. NIST stated that all five finalists had adequate security and that there was nothing wrong with the other four ciphers.
The winning algorithm was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. AES provides strong encryption and was selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197). Rijndael follows the tradition of square ciphers. AES algorithm uses three key sizes: a 128-, 192-, or 256-bit encryption key. Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with which you can scramble the data, but also increase the complexity of the cipher algorithm.

Blowfish Encryption

Blowfish is a symmetric encryption algorithm designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. Blowfish has a 64-bit block size and a variable key length – from 32 bits to 448 bits. It is a 16-round Feistel cipher and uses large key-dependent S-boxes. While doing key scheduling, it generates large pseudo-random lookup tables by doing several encryptions. The tables depend on the user supplied key in a very complex way. This approach has been proven to be highly resistant against many attacks such as differential and linear cryptanalysis. Unfortunately, this also means that it is not the algorithm of choice for environments where a large memory space is not available. Blowfish is similar in structure to CAST-128, which uses fixed S-boxes.

Since 1993 Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption algorithm. Blowfish was designed as a fast, free alternative to existing encryption algorithms. Blowfish is unpatented and license-free, and is available to uses as a free solution.

The only known attacks against Blowfish are based on its weak key classes.

CAST

CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST. CAST is a popular 64-bit block cipher which belongs to the class of encryption algorithms known as Feistel ciphers. CAST-128 is a DES-like Substitution-Permutation Network (SPN) cryptosystem. It has the Feistel structure and utilizes eight fixed S-boxes. CAST-128 supports variable key lenghts between 40 and 128 bits.

CAST-128 is resistant to both linear and differential cryptanalysis. Currently, there is no known way of breaking CAST short of brute force. CAST is now the default cipher in PGP.

Data Encryption Standard (DES)

Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size that uses using a 56-bit key.

In 1977 the Data Encryption Standard (DES), a symmetric algorithm, was adopted in the United States as a federal standard. DES encrypts and decrypts data in 64-bit blocks, using a 56-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm. DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the ciphertext. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a brute-force attack. So as the number of rounds increases, the security of the algorithm increases exponentially.

For many years, DES-enciphered data were safe because few organizations possessed the computing power to crack it. But in July 1998 a team of cryptographers cracked a DES-enciphered message in 3 days, and in 1999 a network of 10,000 desktop PCs cracked a DES-enciphered message in less than a day. DES was clearly no longer invulnerable and since then Triple DES (3DES) has emerged as a stronger method.

Triple DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits. That should produce an expected strength of something like 112 bits, which is more than enough to defeat brute force attacks. Triple DES is much stronger than (single) DES, however, it is rather slow compared to some new block ciphers. However, cryptographers have determined that triple DES is unsatisfactory as a long-term solution, and in 1997, the National Institute of Standards and Technology (NIST) solicited proposals for a cipher to replace DES entirely, the Advanced Encryption Standard (AES).

IDEA Encryption

IDEA stands for International Data Encryption Algorithm. IDEA is a symmetric encryption algorithm that was developed by Dr. X. Lai and Prof. J. Massey to replace the DES standard. Unlike DES though it uses a 128 bit key. This key length makes it impossible to break by simply trying every key. It has been one of the best publicly known algorithms for some time. It has been around now for several years, and no practical attacks on it have been published despite of numerous attempts to analyze it. IDEA is resistant to both linear and differential analysis.

RC2

RC2 is a variable-key-length cipher. It was invented by Ron Rivest for RSA Data Security, Inc. Details for this algorithm have not been published.

RC4

RC4 was developed by Ron Rivest in 1987. It is a variable-key-size stream cipher. It is a cipher with a key size of up to 2048 bits (256 bytes). The algorithm is very fast. Its security is unknown, but breaking it does not seem trivial either. Because of its speed, it may have uses in certain applications. It accepts keys of arbitrary length. RC4 is essentially a pseudo random number generator, and the output of the generator is exclusive-ored with the data stream. For this reason, it is very important that the same RC4 key never be used to encrypt two different data streams.

RC6

RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES).

SEED

SEED is a block cipher developed by the Korea Information Security Agency since 1998. Both the block and key size of SEED are 128 bits and it has a Feistel Network structure which is iterated 16 times. It has been designed to resist differential and linear cryptanalysis as well as related key attacks. SEED uses two 8×8 S-boxes and mixes the XOR operation with modular addition. SEED has been adopted as an ISO/IEC standard (ISO/IEC 18033-3), an IETF RFC, RFC 4269 as well as an industrial association standard of Korea (TTAS.KO-12.0004/0025).

Serpent

Serpent is a very fast and reasonably secure block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).

TEA

Tiny Encryption Algorithm is a very fast and moderately secure cipher produced by David Wheeler and Roger Needham of Cambridge Computer Laboratory. There is a known weakness in the key schedule, so it is not recommended if utmost security is required. TEA is provided in 16 and 32 round versions. The more rounds (iterations), the more secure, but this also makes this solution slower.

Triple DES

Triple DES is a variation of Data Encryption Standard (DES). It uses a 64-bit key consisting of 56 effective key bits and 8 parity bits. The size of the block for Triple-DES is 8 bytes. Triple-DES encrypts the data in 8-byte chunks. The idea behind Triple DES is to improve the security of DES by applying DES encryption three times using three different keys. Triple DES algorithm is very secure (major banks use it to protect valuable transactions), but it is also very slow.

Twofish

Twofish is a symmetric block cipher. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.Twofish has key dependent S-boxes like Blowfish. Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting. The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm.