Symmetric Encryption and Cryptography Concepts

Questions and Answers

What makes encryption computationally secure?

The key length is longer than 128 bits.

The cost of breaking the cipher is less than the value of the information.

The cost of breaking the cipher exceeds the value of the information. (correct)

The time required to break the cipher is shorter than the lifetime of the information.

Which of the following accurately describes the structure of a symmetric block cipher?

It exclusively uses a single round with no substitutions.

It has a fixed number of permutations regardless of key size.

It operates with both symmetric and asymmetric keys.

It consists of multiple rounds with substitutions and permutations controlled by key. (correct)

How many rounds are typically required in the Advanced Encryption Standard (AES) for a 128-bit key?

10 rounds (correct)

8 rounds

14 rounds

12 rounds

What is the primary purpose of the Feistel structure in ciphers?

To allow decryption using the same operations as encryption.

Which specification details the encryption algorithm commonly known as DES?

FIPS PUB 46

What is a significant characteristic of Triple DES (3DES)?

It requires three keys and three executions of DES.

What is the effective key length of Triple DES?

168 bits

In AES, how many key words are produced during the key expansion process for a 128-bit key?

44

What is another name for symmetric encryption?

Single-key encryption

Which of the following is NOT a component of symmetric encryption?

Asymmetric key

What defines the Feistel cipher structure?

It divides plaintext into blocks for processing.

How does a block cipher differ from a stream cipher?

Block ciphers process input in chunks, while stream ciphers process input elements one at a time.

Which of these is a characteristic of cryptanalysis?

It is aimed at discovering the plaintext or key.

What does the term 'key distribution' refer to?

The means of sharing secret keys securely.

What operation is performed to alter the order of the rows in AES encryption?

Shift Rows

What is the purpose of the S-Box in the AES algorithm?

To map individual bytes of State into new bytes

What are the major types of operations used in cryptography?

Substitution and transposition

What distinguishes two-key and three-key triple DES?

The number of times data is encrypted

How many bytes are shifted in the third row of the Shift Rows operation during AES encryption?

2 bytes

What function does the Mix Columns step serve in the AES algorithm?

To individually map bytes to new values based on their column

What is a primary characteristic of stream ciphers compared to block ciphers?

They process input elements continuously

In the RC4 encryption algorithm, what operation is used to encrypt a byte of plaintext?

XOR the key with the plaintext byte

What is a critical security consideration for stream ciphers?

The keystream should have a large period

Which algorithm was designed in 1987 for secure communication between browsers and servers?

RC4

What mode of operation uses the same key for encrypting each block of plaintext?

Electronic Codebook (ECB)

Which encryption method provides user data security but not traffic security?

End-to-end encryption

What is the primary drawback of the Electronic Codebook (ECB) mode?

It reveals patterns in repeated plaintext

Which of the following key distribution methods allows for a key to be physically delivered?

A key selected by A delivered to B

Which of the following is a secure encryption mode that allows for parallel processing?

Counter (CTR)

Which protocol prohibits the use of the RC4 algorithm?

Transport Layer Security (TLS)

In Cipher Block Chaining (CBC), what is required for processing each block of plaintext?

A unique initialization vector

What is one of the main advantages of using key distribution via a third party?

Elimination of the need for physical delivery

Which mode of operation is most commonly associated with symmetric key cryptography?

Block cipher modes

What makes Counter (CTR) mode considered secure?

It generates a unique counter for each block

Study Notes

Symmetric Encryption

• Also known as conventional, secret-key, or single-key encryption
• The most widely used alternative before the introduction of public-key encryption in the 1970s
• It involves five components: plaintext, encryption algorithm, secret key, ciphertext, and decryption algorithm

Cryptography

• Classified into three dimensions: operations used, number of keys, and plaintext processing method
• Operations used involve substitution (mapping elements) and transposition (rearranging elements)
• Number of keys can be symmetric (same key for sender and receiver) or asymmetric (different keys)
• Plaintext processing methods include block cipher (processing blocks) and stream cipher (processing continuously)

Cryptanalysis

• The process of attempting to decipher plaintext or the key
• Strategy depends on the encryption scheme and information available to the cryptanalyst

Computationally Secure Encryption

• Encryption is computationally secure if:
  • The cost of breaking the cipher exceeds the value of the information
  • The time required to break the cipher exceeds the useful lifetime of the information
• Difficulty in estimating the effort required to break a cipher
• Brute-force attacks can be used to estimate time and cost

Feistel Cipher Structure

• It utilizes a round function (F) and an XOR operation (+)

Block Cipher Structure

• A sequence of rounds with key-controlled substitutions and permutations
• Parameters and design features:
  • Block size
  • Key size
  • Number of rounds
  • Round generation algorithm
  • Subkey generation algorithm
  • Fast software encryption/decryption function
  • Ease of analysis

Data Encryption Standard (DES)

• Adopted in 1977 by the National Bureau of Standards (now NIST)
• A minor variation of the Feistel network
• FIPS PUB 46 standard
• Referred to as DEA (Data Encryption Algorithm)

Triple DES (3DES)

• First used in financial applications
• Incorporated into the DES FIPS PUB 46-3 standard of 1999
• Employs three keys and three DES executions: C = E(K3, D(K2, E(K1, P)))
• Decryption involves reversing the keys
• The use of decryption in the second stage provides compatibility with original DES users
• Effective 168-bit key length, slow, but secure
• Will eventually be replaced by AES

Advanced Encryption Standard (AES)

• A symmetric block cipher providing stronger encryption
• 128-bit block size
• 128, 192, 256-bit key lengths, with longer keys offering stronger security
• For a 128-bit key:
  • Number of blocks (Nb = 4)
  • Number of rounds (Nr = 10)
  • Key expansion = Nb (Nr + 1) = 44
  • Four key blocks per round

AES Encryption and Decryption

• Considered for 128-bit text and 128-bit key
• Key contains 4 words (32 bits each)
• Key expansion to 44 words: Nb * (Nr + 1)
  • Number of blocks = 4
  • Number of rounds = 10
• Four words per round: w{0,3}, etc.

AES Substitute Byte

• Maps individual bytes of the State into a new byte
• Utilizes S-Box rows and columns as indexes

Shift Rows Operation

• Shifts individual bytes from one column to another, spreading bytes over columns
• First row is not altered
• Second row is shifted left by 1 byte
• Third row is shifted left by 2 bytes
• Fourth row is shifted left by 3 bytes

Mix Columns and Add Key

• Mix Columns:
  • Operates on each column individually
  • Maps each byte to a new value based on all four bytes in the column
  • Uses equations over finite fields
  • Provides good mixing of bytes in a column
• Add Round Key:
  • XORs the State with bits of the expanded key
  • Security derived from the complexity of round key expansion and other AES stages

Stream Ciphers

• Processes input elements continuously
• Key input to a pseudorandom bit generator produces a stream of random numbers
• XOR of the keystream output with plaintext bytes
• Faster and use less code
• Design considerations:
  • Encryption sequence with a large period
  • Keystream approximates random number properties
  • Uses a sufficiently long key

The RC4 Algorithm

• Designed in 1987 by Ron Rivest for RSA Security
• Used in SSL/TLS standards for communication between web browsers and servers
• Used in WEP and WPA protocols for IEEE 802.11 wireless LANs
• Previously kept as a trade secret
• Anonymously posted on the internet in 1994
• Use in TLS is prohibited by RFC 7465 (2015)

Modes of Operation

Electronic Codebook (ECB)

• Simplest mode
• Plaintext handled in bits
• Each block encrypted using same key
• Not secure for long messages due to repeated plaintext revealing in repeated ciphertext

Cipher Block Chaining (CBC)

• Utilizes an Initialization Vector (IV)
• IV must be known by both sender and receiver
• IV needs protection as a key
• P1 is the first block of plaintext

Counter (CTR)

• Parallel processing
• More efficient
• Secure as other modes

Location of Encryption

• Link encryption: Decrypted before switching
• End-to-end encryption: User data secure, but not traffic
• Combined approach is the most secure

Key Distribution

• Delivery of a key to parties exchanging data, preventing others from seeing it
• Methods:
  1. Physical delivery of key by one party to the other
  2. Physical delivery of key by a third party to both parties
  3. Transmission of new key encrypted using an old key
  4. Delivery of key on encrypted links to both parties by a third party

Summary

• Symmetric encryption principles: Includes cryptography, cryptanalysis, Feistel cipher structure, DES, 3DES, AES
• Stream ciphers and RC4: Include RC4 algorithm and stream cipher structure
• Cipher block modes of operation: Includes ECB, CBC, CFB (Cipher Feedback), and CTR modes
• Location of symmetric encryption devices: Includes link encryption and end-to-end encryption
• Key distribution: Provides key distribution methods

Description

Explore the fundamentals of symmetric encryption and its components in this quiz. Delve into cryptography dimensions, cryptanalysis, and the principles of secure encryption. Test your knowledge on the operations involved and the key types used in information security.