Understanding Symmetric-Key encryption
The article extends the Cryptography concepts to explain the Symmetric Key encryption. Additionally, it throws light on the capabilities of Symmetric key encryption and its operational modes.
Symmetric key cryptography is encrypting or decrypting message using a secret key. The important thing to understand is that only a single key is involved in both the encryption and decryption process. This secret key must be shared, beforehand, by the users sending and receiving the encrypted message. This is a major weakness of secret-key algorithms. However, this weakness can be overcome if some mechanism to “derive” the secret key, on the fly, is introduced in the process. The secret key is calculated whenever required, using derivation algorithms and an input text or password. This mechanism of deriving the key is known as “Key Derivation Function”. Another way to overcome the above mentioned weakness is to securely send the secret-key, with the data or separately, from one end to other end. This is achieved using asymmetric algorithm, which will be discussed later.
Strength of Symmetric-key encryption
Any cryptographic process is secured if it is unbreakable in practical time using possible resources in spite of attackers being aware of –Encryption and decryption algorithm and size of the key. However, strength of the symmetric key encryption is directly proportional to the size of the key used. Encryption using a particular algorithm is stronger if a key of longer size is selected rather than a smaller key with same scheme. Strength of the key doubles with each additional bit.
Modes of symmetric key encryption
Symmetric key encryption works on mainly two modes – stream cipher mode and block cipher mode.
- Stream cipher mode
In this mode, a stream of inputs bits of plaintext is processed “bit by bit”. The key used for encrypting must be randomly generated sequence and this sequence must not be ever re-used. This randomly generated key stream is X-ORed with the input plaintext bytes and the resultant stream is the encrypted cipher text. This mode is preferred when the encryption is needed even before the complete data is received. Typical examples are WEP (Wired Equivalent Privacy) application that uses stream cipher for encrypting the communication.
- Block cipher mode
Block cipher mode encrypts the input message after dividing the input message into blocks for example, 64 contiguous bits. It is different from stream cipher mode in the sense that it needs the complete input message, then it divides the message into blocks and then encrypts each blocks. However, there are different ways of operating these blocks. They are described as below.
- ECB - Electronic Code Book operation mode.
In this mode, each block of message is encrypted individually and then the resultant encrypted blocks are placed back in the same order as the sequence of blocks in original text. This mode is not considered strong enough as it gives the idea of pattern of original message if some blocks are repeated in the message.
- CBC - Cipher Block chaining operation mode.
This mode of operation eliminates the risk of pattern identification which ECB mode has. In CBC mode, a block of data is X-ORed with the previous encrypted or ciphered block and then the resultant block is encrypted. This resultant cipher block will again be X-ORed with next plain block and encrypted and so on. Thus, the resultant block ciphers differ even if the blocks are repeated in the input message.
Now an obvious question arises – in case of first raw block, what would be the cipher block to be XORed (since there is no previous block producing any cipher block). Lets us get introduced with initialization vector at this time. Initialization vector or IV is a parameter, which should be initialized by the user, to serve the purpose of first cipher block.
- CFB - Cipher Feedback operation mode
This mode of operation is almost similar to CBC mode except that the Initialization vector, in CBC mode, is XORed with raw block and then the resultant block is encrypted whereas in CFB mode, the IV is encrypted, then XORed with the raw block and then the resultant block is encrypted. In CFB mode, the output of each encryption block is XORed with plain text block and then fed to next encryption block.
- OFB - Output Feedback operation mode
This mode permits encryption of differing block sizes. The key difference between this mode of operation and other modes is that the output of encryption block is the input or feedback to next cipher block.
Algorithms of Symmetric key encryption
The two famous symmetric key algorithms are -
- Data Encryption Standard (DES)
- Advanced encryption standard (AES)
Let us continue to discuss these algorithms, in detail, in my next publications.