Cipher types

Posted on November 23, 2010. Filed under: CompTIA Security+ |

In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure.

Historical pen and paper ciphers used in the past are sometimes known as classical ciphers. They include simple substitution ciphers and transposition ciphers. For example “GOOD DOG” can be encrypted as “PLLX XLP” where “L” substitutes for “O”, “P” for “G”, and “X” for “D” in the message. Transposition of the letters “GOOD DOG” can result in “DGOGDOO”.

Modern encryption methods can be divided by two criteria: by type of key used, and by type of input data.

By type of key used ciphers are divided into:

  • symmetric key algorithms (Private-key cryptography), where the same key is used for encryption and decryption.
  • asymmetric key algorithms (Public-key cryptography), where two different keys are used for encryption and decryption.

In a symmetric key algorithm (e.g., DES and AES), the sender and receiver must have a shared key set up in advance and kept secret from all other parties; the sender uses this key for encryption, and the receiver uses the same key for decryption. In an asymmetric key algorithm (e.g., RSA), there are two separate keys: a public key is published and enables any sender to perform encryption, while a private key is kept secret by the receiver and enables only him to perform correct decryption.

Type of input ciphers data can be distinguished into two types:

  • block ciphers, which encrypt block of data of fixed size.

A block cipher consists of two paired algorithms, one for encryption, E, and the other for decryption, E−1. Both algorithms accept two inputs: an input block of size n bits and a keyof size k bits, yielding an n-bit output block. For any one fixed key, decryption is the inverse function of encryption, so that

E_K(M) = C \; ; \quad E_K^{-1}(C)=M

for any block M and key KM is termed the plaintext and C the ciphertext.

For each key KEK is a permutation (a bijective mapping) over the set of input blocks. Each key selects one permutation from the possible set of 2n!.

The block size, n, is typically 64 or 128 bits, although some ciphers have a variable block size. One of several modes of operation is generally used along with a padding scheme to allow plaintexts of arbitrary lengths to be encrypted.

Most block ciphers are constructed by repeatedly applying a simpler function. This approach is known as iterated block cipher. Each iteration is termed around, and the repeated function is termed the round function; anywhere between 4 to 32 rounds are typical.

Usually, the round function R takes different round keys Ki as second input, which are derived from the original key:

M_i = R_{K_i}(M_{i-1})

where M0 is the plaintext and Mr the ciphertext, with r being the round number.

Frequently, key whitening is used in addition to this. At the beginning and the end, the data is modified with key material (often with XOR, but simple arithmetic operations like adding and subtracting are also used).

Here is an example video of block cipher:

  • stream ciphers, which encrypt continuous streams of data.

Block ciphers can be contrasted with stream ciphers — a block cipher operates on fixed-length groups of bits, called blocks, with an unvarying transformation; a stream cipher operates on individual digits one at a time, and the transformation varies during the encryption.

Stream ciphers can be viewed as approximating the action of a proven unbreakable cipher, the one-time pad (OTP), sometimes known as the Vernam cipher. A one-time pad uses a key stream of completely random digits. The keystream is combined with the plaintext digits one at a time to form the ciphertext. This system was proved to be secure by Claude Shannon in 1949. However, the keystream must be (at least) the same length as the plaintext, and generated completely at random. This makes the system very cumbersome to implement in practice, and as a result the one-time pad has not been widely used, except for the most critical applications.

A stream cipher makes use of a much smaller and more convenient key — 128 bits, for example. Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad. However, this comes at a cost: because the keystream is now pseudorandom, and not truly random, the proof of security associated with the one-time pad no longer holds: it is quite possible for a stream cipher to be completely insecure.


Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: