3.1.4 Symmetric and Asymmetric Encryption

Cryptographic Algorithms

  • Cryptographic algorithms are crucial for securing data through various properties:
    • Confidentiality: Ensures that data is accessible only to those authorized.
    • Integrity: Guarantees that data has not been altered in unauthorized ways.
    • Availability: Ensures that data is available to authorized users when needed.
    • Non-repudiation: Ensures that an entity cannot deny the authenticity of their signature on a message or the sending of a message itself.

Types of Cryptographic Algorithms

  • Hashing Algorithms: Used for confirming data integrity.
  • Symmetric Encryption: Uses the same key for both encryption and decryption.
  • Asymmetric Encryption: Utilizes a pair of keys (public and private) for encryption and decryption.

Symmetric Encryption

  • An encryption algorithm or cipher encodes data for secure storage or transmission.
    • Key: A value used with the cipher that must remain secret to ensure secure decryption.
  • Substitution Algorithms: Replace characters in plaintext with ciphertext.
    • Example: ROT13 cipher replaces character A with N.
      • Ciphertext: "Uryyb Jbeyq"
      • Decrypted Plaintext: "Hello World".
  • Transposition Algorithms: Change the order of characters without altering the characters themselves.

Example of Symmetric Encryption Process

  • Alice and Bob meet to agree on a cipher and a secret key value:
    1. Alice encrypts a file using the agreed cipher and key.
    2. Alice sends only the ciphertext to Bob over the network.
    3. Bob receives the ciphertext and decrypts it using the same key and cipher.
    • Example: From plaintext "Hello World" to ciphertext "HLOOLELWRD" which is generated through columnar transposition.

Characteristics of Symmetric Algorithms

  • Fast: Suitable for bulk encryption of large data amounts.
  • Security Risks: Disclosure of the key (e.g., by an attacker like Mallory) compromises the encryption.
  • Common Algorithms:
    • Advanced Encryption Standard (AES): Developed by Jaon Daemen and Vincent Rijmen, offering key lengths of 128, 192, and 256 bits.
    • Other algorithms include Data Encryption Standard (DES), Rivest's Cipher (RC), International Data Encryption Algorithm (IDEA), Blowfish, Twofish, and CAST.

Key Length and Keyspaces

  • Keyspace refers to the range of potential key values.
    • For ROT13 cipher, keyspace is 25 since ROT0 and ROT26 yield the same plaintext.
  • Modern symmetric ciphers employ vast keyspaces—millions to trillions of possible values.
  • A typical symmetric cipher key length is explained:
    • For AES-128: 2^{128} potential keys.
    • For AES-256: 2^{256} potential keys, significantly increasing resistance to brute force attacks.

Asymmetric Encryption

  • Uses two keys: a public key for encryption and a private key for decryption.
    • Only the private key can decrypt messages encrypted with the public key.
    • The public key can be shared widely, while the private key must be kept secret.
    • It allows secure communication without pre-exchanging a secret key.
  • Example Process:
    1. Bob generates a key pair (public and private).
    2. Bob shares his public key with Alice.
    3. Alice encrypts a message using Bob's public key.
    4. Bob decrypts the message with his private key.

Algorithms Used in Asymmetric Encryption

  • RSA (Rivest-Shamir-Adleman): Might use a key length of 2048 bits for security.
    • Released in 1977, remains widely used today.
  • Elliptic Curve Cryptography (ECC): Uses shorter key lengths for equivalent security levels; a 256-bit key is comparable to a 3072-bit RSA key.
  • Diffie-Hellman: Enables secure shared key creation over an insecure channel.

Hybrid Cryptosystems

  • Combine symmetric and asymmetric methods for enhanced security.
    • Example Process:
      1. User1 encrypts data with a symmetric key.
      2. User1 encrypts the symmetric key with the recipient’s public key.
      3. User2 decrypts User1's symmetric key with their private key and uses it to decrypt the message.

Ephemeral Keys

  • Static vs. Ephemeral Keys:
    • Static keys are reused and become vulnerable over time.
    • Ephemeral keys are unique for each session, enhancing security. They are often used in protocols for perfect forward secrecy.
  • Example: Instant messaging applications that generate a new key for each message.

Digital Signature Algorithm (DSA)

  • Proposed in 1991 by the NIST, establishing a standard for digital signatures, differing from RSA in algorithm structure but providing similar security.

Conclusion

  • A solid understanding of symmetric and asymmetric encryption principles is critical in ensuring data confidentiality, integrity, and secure communications in various applications. Hybrid systems offer a practical balance between efficiency and security.