Common Symmetric Key Algorithms

Posted on November 24, 2010. Filed under: CompTIA Security+ |

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.

Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits and encrypt them as a single unit.

Some examples of symmetric algorithms include DES, Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

  • For decades, DES (Data Encryption Standard) was the standard block cipher. It maps 64-bit blocks of plaintext into 64-bit blocks of ciphertext using a series of permutations and substitutions. An exclusive-OR is performed on the result with the input, and this sequence is repeated 16 times, using a different ordering of the key bits each time. The key length is, in effect, 56 bits. DES is
  • Over the years, DES was found to be vulnerable, and a stronger variant, called triple-DES, or 3DES, was recommended. Triple DES (3DES ) is a variant of DES. Instead of the single key that DES uses, triple DES uses a “key bundle” which comprises three DES keys, K1, K2 and K3, each of 56 bits. The encryption algorithm is:  ciphertext = EK3(DK2(EK1(plaintext))) I.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. Decryption is the reverse: plaintext = DK1(EK2(DK3(ciphertext))) I.e., decrypt with K3encrypt with K2, then decrypt with K1. Each triple encryption encrypts one block of 64 bits of data.

It is easy to see how key complexity affects an algorithm when you look at some of the encryption algorithms that have been broken. The Data Encryption Standard (DES) uses a 56-bit key, allowing 72,000,000,000,000,000 possible values, but it has been broken by modern computers. The Triple DES (3DES) uses a 128-bit key, or 340,000,000,000,000,000,000,000,000,000,000,000,000 possible values. You can see the difference in the possible values, and why 128 bits is generally accepted as the minimum required to protect sensitive information.

Because of the advancement of technology and the progress being made in quickly retrieving DES keys, NIST put out a request for proposals for a new Advanced Encryption Standard (AES). It called for a block cipher using symmetric key cryptography and supporting key sizes of 128, 192, and 256 bits. After evaluation, the NIST had five finalists: MARS, RC6, Rijndael, Serpent, Twofish.

In the fall of 2000, NIST picked Rijndael to be the new AES. It was chosen for its overall security as well as its good performance on limited capacity devices.

AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael can be specified with block and key sizes in any multiple of 32 bits, with a minimum of 128 bits. The blocksize has a maximum of 256 bits, but the keysize has no theoretical maximum.

AES operates on a 4×4 array of bytes, termed the state (versions of Rijndael with a larger block size have additional columns in the state). Most AES calculations are done in a special finite field.

The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.

Here’s an easy to follow AES Rijndael tutorial. To merely pass the CompTIA Security+ test, you may only interested in the last video — the security aspect of AES. If you want to know details of the Rijndael algorithm, you’d better go over all the 5 videos.

  • First step in the encryption process, SubBytes
  • Steps of the encryption process, ShiftRows, MixColumns, and the AddRoundKey steps. Explain how the XOR logic gate works.
  • Explain how the Round Key (a longer version of the original key) gets derived using the Key Schedule from the original, shorter key.
  • Decryption process of AES
  • Security aspects of AES

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: