Symmetric Encryption
Content
Symmetric encryption, also known as secret key encryption, is the more traditional form of
encryption in which the sender and recipient share a common secret password, pass-phrase
or key. The sender uses the key to encrypt plaintext and sends ciphertext to the recipient,
who, in turn, uses the same key to recover the plaintext. Symmetric encryption is typically
faster than asymmetric encryption, but it can't be used unless the sender and recipient have
already exchanged keys. Indeed, the main limitation of symmetric encryption is the need to
distribute large numbers of keys securely.
Examples
Common examples of symmetric encryption include the Data Encryption Standard, Triple
Data Encryption Standard and the Advanced Encryption Standard. DES uses a 56-bit
encryption key, while Triple DES applies the same mathematical formula, or algorithm,
three times to produce a 128-bit key. However, while Triple DES is considered acceptably
secure for most applications, the National Institute for Standards officially adopted AES -which uses a 128-bit, 192-bit or 256-bit encryption keys -- as the successor to DES in 2001.
or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are private-key
was only type prior to invention of public-key in 1970’s and by far most widely used
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially
related, often identical, cryptographic keys for both decryption and encryption etc.
Data Encryption Standard (DES): An encryption algorithm that encrypts data with a 56-bit, randomly
generated symmetric key. DES is not a secure encryption algorithm and it was cracked many times.
Data Encryption Standard (DES) was developed by IBM and the U.S. Government together. DES is a
block encryption algorithm.
most widely used block cipher in world adopted in 1977 by NBS (now NIST) as FIPS PUB
46
encrypts 64-bit data using 56-bit key
Triple DES (3DES): Triple DES was developed from DES, uses a 64-bit key consisting of 56 effective
key bits and 8 parity bits. In 3DES, DES encryption is applied three times to the plaintext. The
plaintext is encrypted with key A, decrypted with key B, and encrypted again with key C. 3DES is a
block encryption algorithm.
Advanced Encryption Standard (AES): Advanced Encryption Standard (AES) is a newer and stronger
encryption standard, which uses the Rijndael (pronounced Rhine-doll) algorithm. This algorithm was
developed by Joan Daemen and Vincent Rijmen of Belgium. AES will eventually displace DESX and
3DES. AES is capable to use 128-bit, 192-bit, and 256-bit keys.
data block of 4 columns of 4 bytes is state ,key is expanded to array of words
A pseudo-random number generator (PRNG) is a program written for, and used in,
probability and statistics applications when large quantities of random digits are
needed. Most of these programs produce endless strings of single-digit numbers, usually
in base 10, known as the decimal system. When large samples of pseudo-random
numbers are taken, each of the 10 digits in the set {0,1,2,3,4,5,6,7,8,9} occurs with equal
frequency, even though they are not evenly distributed in the sequence.
Many algorithm s have been developed in an attempt to produce truly random
sequences of numbers, endless strings of digits in which it is theoretically impossible to
predict the next digit in the sequence based on the digits up to a given point. But the
very existence of the algorithm, no matter how sophisticated, means that the next digit
can be predicted! This has given rise to the term pseudo-random for such machinegenerated strings of digits. They are equivalent to random-number sequences for most
applications, but they are not truly random according to the rigorous definition.
A stream cipher is a method of encrypting text (to produce ciphertext)
in which a cryptographic key and algorithm are applied to each binary
digit in a data stream, one bit at a time.
A stream-cipher is a coder that encrypts and decrypts data streams
Types of stream ciphers[edit]
A stream cipher generates successive elements of the keystream based on an internal state. This
state is updated in essentially two ways: if the state changes independently of the plaintext or
ciphertext messages, the cipher is classified as a synchronous stream cipher. By contrast, selfsynchronising stream ciphers update their state based on previous ciphertext digits.
Synchronous stream ciphers[edit]
In a synchronous stream cipher a stream of pseudo-random digits is generated independently of
the plaintext and ciphertext messages, and then combined with the plaintext (to encrypt) or the
ciphertext (to decrypt). In the most common form, binary digits are used (bits), and the keystream is
combined with the plaintext using the exclusive or operation (XOR). This is termed abinary additive
stream cipher.
In a synchronous stream cipher, the sender and receiver must be exactly in step for decryption to be
successful. If digits are added or removed from the message during transmission, synchronisation is
lost. To restore synchronisation, various offsets can be tried systematically to obtain the correct
decryption. Another approach is to tag the ciphertext with markers at regular points in the output.
If, however, a digit is corrupted in transmission, rather than added or lost, only a single digit in the
plaintext is affected and the error does not propagate to other parts of the message. This property is
useful when the transmission error rate is high; however, it makes it less likely the error would be
detected without further mechanisms. Moreover, because of this property, synchronous stream
ciphers are very susceptible to active attacks: if an attacker can change a digit in the ciphertext, he
might be able to make predictable changes to the corresponding plaintext bit; for example, flipping a
bit in the ciphertext causes the same bit to be flipped in the plaintext.
Self-synchronizing stream ciphers[edit]
Another approach uses several of the previous N ciphertext digits to compute the keystream. Such
schemes are known as self-synchronizing stream ciphers, asynchronous stream
ciphers or ciphertext autokey (CTAK). The idea of self-synchronization was patented in 1946, and
has the advantage that the receiver will automatically synchronise with the keystream generator after
receiving N ciphertext digits, making it easier to recover if digits are dropped or added to the
message stream. Single-digit errors are limited in their effect, affecting only up toN plaintext digits.
An example of a self-synchronising stream cipher is a block cipher in cipher feedback (CFB) mode.
In cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the
most widely used software stream cipher and is used in popular protocols such as Transport Layer
Security (TLS) (to protect Internet traffic) and WEP (to secure wireless networks). While remarkable
for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new
systems.[2] It is especially vulnerable when the beginning of the output keystream is not discarded, or
when nonrandom or related keys are used; some ways of using RC4 can lead to very
insecure cryptosystems such as WEP.
As of 2013, there is speculation that some state cryptologic agencies may possess the capability to
break RC4 even when used in the TLS protocol.[3] Microsoft recommends disabling RC4 where
possible.[
Symmetric encryption, also known as secret key encryption, is the more traditional form of
encryption in which the sender and recipient share a common secret password, pass-phrase
or key. The sender uses the key to encrypt plaintext and sends ciphertext to the recipient,
who, in turn, uses the same key to recover the plaintext. Symmetric encryption is typically
faster than asymmetric encryption, but it can't be used unless the sender and recipient have
already exchanged keys. Indeed, the main limitation of symmetric encryption is the need to
distribute large numbers of keys securely.
Examples
Common examples of symmetric encryption include the Data Encryption Standard, Triple
Data Encryption Standard and the Advanced Encryption Standard. DES uses a 56-bit
encryption key, while Triple DES applies the same mathematical formula, or algorithm,
three times to produce a 128-bit key. However, while Triple DES is considered acceptably
secure for most applications, the National Institute for Standards officially adopted AES -which uses a 128-bit, 192-bit or 256-bit encryption keys -- as the successor to DES in 2001.
or conventional / private-key / single-key
sender and recipient share a common key
all classical encryption algorithms are private-key
was only type prior to invention of public-key in 1970’s and by far most widely used
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially
related, often identical, cryptographic keys for both decryption and encryption etc.
Data Encryption Standard (DES): An encryption algorithm that encrypts data with a 56-bit, randomly
generated symmetric key. DES is not a secure encryption algorithm and it was cracked many times.
Data Encryption Standard (DES) was developed by IBM and the U.S. Government together. DES is a
block encryption algorithm.
most widely used block cipher in world adopted in 1977 by NBS (now NIST) as FIPS PUB
46
encrypts 64-bit data using 56-bit key
Triple DES (3DES): Triple DES was developed from DES, uses a 64-bit key consisting of 56 effective
key bits and 8 parity bits. In 3DES, DES encryption is applied three times to the plaintext. The
plaintext is encrypted with key A, decrypted with key B, and encrypted again with key C. 3DES is a
block encryption algorithm.
Advanced Encryption Standard (AES): Advanced Encryption Standard (AES) is a newer and stronger
encryption standard, which uses the Rijndael (pronounced Rhine-doll) algorithm. This algorithm was
developed by Joan Daemen and Vincent Rijmen of Belgium. AES will eventually displace DESX and
3DES. AES is capable to use 128-bit, 192-bit, and 256-bit keys.
data block of 4 columns of 4 bytes is state ,key is expanded to array of words
A pseudo-random number generator (PRNG) is a program written for, and used in,
probability and statistics applications when large quantities of random digits are
needed. Most of these programs produce endless strings of single-digit numbers, usually
in base 10, known as the decimal system. When large samples of pseudo-random
numbers are taken, each of the 10 digits in the set {0,1,2,3,4,5,6,7,8,9} occurs with equal
frequency, even though they are not evenly distributed in the sequence.
Many algorithm s have been developed in an attempt to produce truly random
sequences of numbers, endless strings of digits in which it is theoretically impossible to
predict the next digit in the sequence based on the digits up to a given point. But the
very existence of the algorithm, no matter how sophisticated, means that the next digit
can be predicted! This has given rise to the term pseudo-random for such machinegenerated strings of digits. They are equivalent to random-number sequences for most
applications, but they are not truly random according to the rigorous definition.
A stream cipher is a method of encrypting text (to produce ciphertext)
in which a cryptographic key and algorithm are applied to each binary
digit in a data stream, one bit at a time.
A stream-cipher is a coder that encrypts and decrypts data streams
Types of stream ciphers[edit]
A stream cipher generates successive elements of the keystream based on an internal state. This
state is updated in essentially two ways: if the state changes independently of the plaintext or
ciphertext messages, the cipher is classified as a synchronous stream cipher. By contrast, selfsynchronising stream ciphers update their state based on previous ciphertext digits.
Synchronous stream ciphers[edit]
In a synchronous stream cipher a stream of pseudo-random digits is generated independently of
the plaintext and ciphertext messages, and then combined with the plaintext (to encrypt) or the
ciphertext (to decrypt). In the most common form, binary digits are used (bits), and the keystream is
combined with the plaintext using the exclusive or operation (XOR). This is termed abinary additive
stream cipher.
In a synchronous stream cipher, the sender and receiver must be exactly in step for decryption to be
successful. If digits are added or removed from the message during transmission, synchronisation is
lost. To restore synchronisation, various offsets can be tried systematically to obtain the correct
decryption. Another approach is to tag the ciphertext with markers at regular points in the output.
If, however, a digit is corrupted in transmission, rather than added or lost, only a single digit in the
plaintext is affected and the error does not propagate to other parts of the message. This property is
useful when the transmission error rate is high; however, it makes it less likely the error would be
detected without further mechanisms. Moreover, because of this property, synchronous stream
ciphers are very susceptible to active attacks: if an attacker can change a digit in the ciphertext, he
might be able to make predictable changes to the corresponding plaintext bit; for example, flipping a
bit in the ciphertext causes the same bit to be flipped in the plaintext.
Self-synchronizing stream ciphers[edit]
Another approach uses several of the previous N ciphertext digits to compute the keystream. Such
schemes are known as self-synchronizing stream ciphers, asynchronous stream
ciphers or ciphertext autokey (CTAK). The idea of self-synchronization was patented in 1946, and
has the advantage that the receiver will automatically synchronise with the keystream generator after
receiving N ciphertext digits, making it easier to recover if digits are dropped or added to the
message stream. Single-digit errors are limited in their effect, affecting only up toN plaintext digits.
An example of a self-synchronising stream cipher is a block cipher in cipher feedback (CFB) mode.
In cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the
most widely used software stream cipher and is used in popular protocols such as Transport Layer
Security (TLS) (to protect Internet traffic) and WEP (to secure wireless networks). While remarkable
for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new
systems.[2] It is especially vulnerable when the beginning of the output keystream is not discarded, or
when nonrandom or related keys are used; some ways of using RC4 can lead to very
insecure cryptosystems such as WEP.
As of 2013, there is speculation that some state cryptologic agencies may possess the capability to
break RC4 even when used in the TLS protocol.[3] Microsoft recommends disabling RC4 where
possible.[
