Friday, June 4, 2010

Encryption algorithms

Encryption is the process of converting a plaintext message into ciphertext which can be decoded back into the original message. An encryption algorithm along with a key is used in the encryption and decryption of data. There are several types of data encryptions which form the basis of network security. Encryption schemes are based on block or stream ciphers.

The type and length of the keys utilized depend upon the encryption algorithm and the amount of security needed. In conventional symmetric encryption a single key is used. With this key, the sender can encrypt a message and a recipient can decrypt the message but the security of the key becomes problematic. In asymmetric encryption, the encryption key and the decryption key are different. One is a public key by which the sender can encrypt the message and the other is a private key by which a recipient can decrypt the message.

The main purpose of encryption algorithms is to provide the following:

Authentication - Proving one's identity before granting access.
Privacy and confidentiality - Ensuring that outsiders cannot read data intended for specific parties.
Integrity - Ensuring that the message has not be modified in any way before it arrives to the intended recipient.
Non-repudiation - Ensuring that a message is truly originated from the sender.

Asymmetric encryption algorithm:
These types of encryption algorithms involve a pair of relative keys that encode and decode messages. One key is used to encrypt data into ciphertext while the other key decrypts it back into plaintext. Asymmetric algorithms are more commonly known as Public-key cryptography, first introduced in 1978 with RSA encryption. These schemes work by multiplying two large prime numbers to generate a larger number that is incredibly difficult to revert to the original form.

Asymmetric encryption-dectyption process

Asymmetric algorithms tend to be slower than their symmetric counterparts. Because of this, they aren't recommended for encrypting large amounts of data. The biggest advantage to such a scheme lies in the utilization of two keys. Hence the name, the public key can be made publicly available, enabling anyone to encrypt private messages. However, the message can only be decrypted by the party that owns the relative private key. This type of encryption algorithm also provides proof of origin to ensure to overall integrity of communications.

Symmetric Algorithms:
Symmetric algorithms use a single key to encrypt and decrypt data. These encryption algorithms typically work fast and are well suited for encrypting blocks of messages at once. The most known example is the DEA (Data Encryption Algorithm) which is specified within the DES (Data Encryption Standard). Triple DES is a more reliable version while AES (Advanced Encryption Standard) has become new the government standard. Other popular symmetric algorithms include the Japanese developed FEAL and the more recently developed U.S. scheme known as SKIPJACK.

Symmetric encryption-dectyption process

Hash Algorithms:
Hash algorithms function by transforming data of arbitrary length into a smaller fixed length, more commonly known as a message digest. These types of algorithms are considered one-way functions. The generated output varies, making them very efficient when it comes to detecting alterations that might have been made to a message. Hash algorithms are often generated by the DES algorithm to encrypt online banking transactions and other communications where messages can't afford to be corrupted.


Key Management:
One significant issue with traditional symmetric algorithms is the requirement to distribute keys to multiple users. This generally involves establishing a system where the keys are manually distributed and accounted for, resulting in more overhead from and administrative and physical security aspect. Additionally, the keys remain vulnerable to unauthorized disclosure and potential abuse. Asymmetric encryption algorithms tend to be easier to employ and manage and ultimately more secure.


Here are some details about some of these encryption.

RSA:
In 1977, shortly after the idea of a public key system was proposed, three mathematicians, Ron Rivest, Adi Shamir and Len Adleman gave a concrete example of how such a method could be implemented. To honour them, the method was referred to as the RSA Scheme. The system uses a private and a public key. To start two large prime numbers are selected and then multiplied together; n=p*q.

If we let f(n) = (p-1) (q-1), and e>1 such that GCD(e, f(n))=1. Here e will have a fairly large probability of being co-prime to f(n), if n is large enough and e will be part of the encryption key. If we solve the Linear Diophantine equation; ed congruent 1 (mod f(n)), for d. The pair of integers (e, n) are the public key and (d, n) form the private key. Encryption of M can be accomplished by the following expression; Me = qn + C where 0<= C < n. Decryption would be the inverse of the encryption and could be expressed as; Cd congruent R (mod n) where 0<= R < n. RSA is the most popular method for public key encryption and digital signatures today. 

DES/3DES:
The Data Encryption Standard (DES) was developed and endorsed by the U.S. government in 1977 as an official standard and forms the basis not only for the Automatic Teller Machines (ATM) PIN authentication but a variant is also utilized in UNIX password encryption. DES is a block cipher with 64-bit block size that uses 56-bit keys. Due to recent advances in computer technology, some experts no longer consider DES secure against all attacks; since then Triple-DES (3DES) has emerged as a stronger method. Using standard DES encryption, Triple-DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits.

BLOWFISH:
Blowfish is a symmetric block cipher just like DES or IDEA. It takes a variable-length key, from 32 to 448 bits, making it ideal for both domestic and exportable use. Bruce Schneier designed Blowfish in 1993 as a fast, free alternative to the then existing encryption algorithms. Since then Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption algorithm.

IDEA:
International Data Encryption Algorithm (IDEA) is an algorithm that was developed by Dr. X. Lai and Prof. J. Massey in Switzerland in the early 1990s to replace the DES standard. It uses the same key for encryption and decryption, like DES operating on 8 bytes at a time. Unlike DES though it uses a 128 bit key. This key length makes it impossible to break by simply trying every key, and no other means of attack is known. It is a fast algorighm, and has also been implemented in hardware chipsets, making it even faster.

SEAL:
Rogaway and Coppersmith designed the Software-optimized Encryption Algorithm (SEAL) in 1993. It is a Stream-Cipher, i.e., data to be encrypted is continuously encrypted. Stream Ciphers are much faster than block ciphers (Blowfish, IDEA, DES) but have a longer initialization phase during which a large set of tables is done using the Secure Hash Algorithm. SEAL uses a 160 bit key for encryption and is considered very safe.

RC4:
RC4 is a cipher invented by Ron Rivest, co-inventor of the RSA Scheme. It is used in a number of commercial systems like Lotus Notes and Netscape. It is a cipher with a key size of up to 2048 bits (256 bytes), which on the brief examination given it over the past year or so seems to be a relatively fast and strong cypher. It creates a stream of random bytes and 'XORing' those bytes with the text. It is useful in situations in which a new key can be chosen for each message.

AES (Rijndael):
The algorithm was invented by Joan Daemen and Vincent Rijmen. The National Institute of Standards and Technology (http://www.nist.gov) has recently selected the algorithm as an Advanced Encryption Standard (AES).

The cipher has a variable block length and key length. Authors of the algorithm currently specify how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128 bits.

BestCrypt uses Rijndael with a 256-bit key in LRW mode.

To get more information on the algorithm, visit the Rijndael Home Page: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/.

GOST 28147-89:
The Government Standard of the USSR 28147-89, Cryptographic protection for Data Protection Systems, appears to have played the role in the former Soviet Union (not only in Russia) similar to that played by the US Data Encryption Standard (FIPS 46). When issued, GOST bore the minimal classification 'For Official Use,' but is now said to be widely available in software both in the former Soviet Union and elsewhere. The introduction to GOST 28147-89 contains an intriguing remark that the cryptographic transformation algorithm "does not put any limitations on the secrecy level of the protected information."

The GOST 28147-89 standard includes output feedback and cipher feedback modes of operation, both limited to 64-bit blocks, and a mode for producing message authentication codes. Additional information about the GOST 28147-89 algorithm is also available at the Jetico Web site: http://www.jetico.com/gost.htm
BestCrypt uses GOST 28147-89 with 256-bit key in LRW mode.

RC-6:
RC6 block cipher was designed by Ron Rivest in collaboration with Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin from RSA Laboratories. RSA's RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES). Visit RSA Laboratories WWW-site (http://www.rsasecurity.com/rsalabs/node.asp?id=2512) to get more information on the algorithm.
BestCrypt uses the RC6 with 256-bit key and 128-bit blocks in LRW mode.

SERPENT:
Serpent is a block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).
BestCrypt uses Serpent in LRW mode with a 256-bit key, 128-bits blocks and 32 rounds.
Additional information about the Serpent algorithm is also available on World-Wide-Web from: http://www.cl.cam.ac.uk/~rja14/serpent.html

TWOFISH:
The Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting.
Twofish is a symmetric block cipher; a single key is used for encryption and decryption. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.
The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm. As the authors of the algorithm state, "we have spent over one thousand hours cryptanalyzing Twofish, and have found no attacks that go anywhere near breaking the full 16-round version of the cipher".
BestCrypt uses a full 16-round version of Twofish and a maximum possible 256-bit encryption key length in LRW mode.
Additional information about the Twofish algorithm is available also on the World-Wide-Web from: http://www.counterpane.com/twofish.html

1 comment:

  1. Nice post. You have provided a brief detail about most of the encryption algorithms known so far. I am having idea about some of these but rest are new to me. I will do try to collect more information about the new one.
    electronic signatures

    ReplyDelete