In-Depth Notes on Symmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
Introduction to Encryption
- Symmetric Encryption:
- Also known as conventional or secret-key encryption.
- Only encryption method before the introduction of public-key encryption in the 1970s.
- Widely used in various applications today.
- Five core components:
- Plaintext: The original message to be encrypted.
- Encryption Algorithm: The method used to convert plaintext into ciphertext.
- Secret Key: A key known only to the sender and receiver, used in the encryption/decryption process.
- Ciphertext: The encrypted message that is not readable until decrypted.
- Decryption Algorithm: The method used to convert ciphertext back to plaintext.
Block Cipher Structure
- A symmetric block cipher consists of several rounds with substitutions and permutations controlled by a key.
- Important parameters include:
- Block Size: Size of the data chunks.
- Key Size: Size of the encryption key.
- Number of Rounds: The iterations through which the encryption process runs.
- Subkey Generation Algorithm: Generates unique subkeys from the original key for each round.
- Round Function: The specific function used in the encryption rounds.
Data Encryption Standard (DES)
- Most commonly used encryption scheme adopted in 1977.
- Known as the Data Encryption Algorithm (DEA).
- Involves multiple encryption rounds and uses a fixed key size of 56 bits.
Triple DES (3DES)
- Applies DES three times to enhance security.
- Encryption and decryption processes utilize three keys.
Stream Ciphers
- Process input continuously with a pseudorandom bit generator.
- Generates a key stream of random-like numbers for XORing with plaintext bytes.
Block Cipher Modes of Operation
- Electronic Codebook (ECB): Simplest mode; each block is encrypted independently, leading to potential pattern vulnerabilities.
- Cipher Block Chaining (CBC): Each block of plaintext is XORed with the previous ciphertext block.
- Cipher Feedback (CFB): Works similarly to CBC but processes input in a continuous stream.
- Output Feedback (OFB): Generates output based on previous ciphertext.
- Counter (CTR): Each plaintext block is XORed with an encrypted counter.
Key Distribution
- Methods to securely deliver a key to parties wishing to communicate:
- Physical delivery of the key by one party or a third party.
- Using previously exchanged keys to encrypt new keys.
- Utilizing a Key Distribution Center (KDC) that supplies session keys automatically to users.
Secure Hash Functions
- Secure Hash Algorithm (SHA):
- Developed by NIST; various versions (SHA-1, SHA-2, SHA-3) now exist with differing hash lengths.
- SHA-1 produces a 160-bit hash and SHA-2 variants produce longer hashes (SHA-256, SHA-512).
RSA Public-Key Encryption
- Developed by Rivest, Shamir, and Adleman in 1977.
- Uses modular arithmetic for encryption and decryption:
- Encrypt: C=Meextmodn
- Decrypt: M=Cdextmodn
- Public key: PK=ext(e,n); Private key: SK=ext(d,n)
Diffie-Hellman Key Exchange
- Enables two parties to securely exchange a secret key over a public channel.
- Security relies on the difficulty of calculating discrete logarithms.
- Steps:
- Users generate keys based on a shared prime number and primitive root.
- Each computes a public key from their private key and the shared parameters.
- They exchange public keys and compute a secret key based on each other's public keys.
Timing Attacks on RSA
- Exploit the differences in execution time to deduce private keys.
- Countermeasures include:
- Constant exponentiation time.
- Random delays in processing.
- Implementing blinding techniques to obscure the ciphertext being processed.
Review Questions
- Feistel Network: Explain its structure.
- Encryption Process: How does DES and 3DES differ in their encryption steps?
- Key Distribution: What methods exist for distributing encryption keys?
- SHA: What differences exist between SHA-256 and SHA-512?
- Diffie-Hellman: How is a secret key generated using this method?