Symmetric Key Encryption Overview

Questions and Answers

What is one of the key requirements for the Advanced Encryption Standard (AES) compared to Triple-DES?

Must be less secure

Must support key sizes of 64 bits

Must use asymmetric encryption

Must have a block length of 128 bits (correct)

Which algorithm was selected as the proposed AES algorithm?

Twofish

Rijndael (correct)

RC6

Serpent

What aspect of AES is emphasized in the evaluation criteria for its selection?

Compatibility with all existing encryption algorithms

General security and ease of implementation (correct)

Simplicity of implementation in real-world applications

Cost-effectiveness in production

Which key sizes are supported by the AES standard?

128, 192, and 256 bits

What was the active life expectation for the AES as mentioned in the requirements?

20-30 years

What is the main purpose of confusion in encryption?

To make the relationship between ciphertext and key complex

Why was DES considered insecure by July 1998?

It was susceptible to brute-force attacks due to its short key length

How does the effective key length of Triple DES compare to that of DES?

Triple DES has an effective key length of 168 bits

What was a significant limitation of DES identified in studies after its introduction?

It could be broken in just a few days with specialized hardware

Which organization was responsible for the development of the Data Encryption Standard (DES)?

IBM

What is the primary purpose of symmetric key encryption in the communication between Alice and Bob?

To secure the communication against unauthorized access.

In symmetric key encryption, what does the key represent?

The shared secret necessary for both encryption and decryption.

What would happen if Oscar learns the key K used by Alice and Bob?

He could decrypt the messages thereby compromising their communication.

What is the significance of the equalities $d_K(y) = d_K(e_K(x)) = x$ in symmetric key encryption?

It demonstrates that encryption and decryption are reversible operations using the same key.

Which of the following best describes the term 'key space' in the context of symmetric key encryption?

The number of separate keys that can be used.

What happens if Alice and Bob do not use a secure channel to transmit the key?

There is a risk that the key could be intercepted by Oscar.

Why is the storage of the key K important in symmetric key encryption?

If lost, the encrypted messages cannot be retrieved.

What type of encryption is symmetric key encryption also known as?

Private-key cryptography.

What is the primary structure that most symmetric block ciphers are based on?

Feistel cipher structure

What design element of the Feistel cipher can improve security but may slow down the cipher?

Key size

Which of these statements about Blowfish is correct?

Blowfish supports a maximum key size of 448 bits.

How does the decryption process in a Feistel cipher compare to the encryption process?

It mirrors the encryption process

What distinguishes Twofish from other block ciphers?

It employs both pre-whitening and post-whitening techniques.

Which of the following is a notable Feistel cipher?

DES (Data Encryption Standard)

The IDEA algorithm primarily differs from DES in that it does not use what?

S-boxes

Which of the following features is unique to the Skipjack algorithm?

It supports the escrow of encryption keys.

Which statement about Twofish and AES is accurate?

Twofish can use cryptographic keys up to 256 bits.

What method does the IDEA algorithm use instead of exclusive-or for processing?

Binary addition

What is a characteristic of the Blowfish algorithm compared to DES?

Blowfish operates with a larger maximum key size than DES.

In what context is the IDEA algorithm commonly used?

Pretty Good Privacy (PGP)

What aspect of the Feistel cipher design enhances security through unpredictable output changes?

Diffusion and confusion

What is the purpose of the key schedule in the S-P network?

To derive round keys from a single key

Which operation is used to create the round keys in AES key expansion?

A combination of rotation, S-box, and XOR operations

In which of the following steps does AES encryption NOT apply an inverse operation?

Add round key

What characterizes the byte substitution in AES?

It rearranges byte values based on an S-box table

What is the main purpose of the Mix Columns step in AES?

To replace each byte based on a polynomial equation

How does AES decryption differ fundamentally from AES encryption?

The operations are executed in reverse order

What is a key feature of the AES key expansion process?

It uses symmetric transformations to enhance security

What is the result of swapping the byte substitution and shift rows operations in AES?

The encryption and decryption become identical

What is the role of round constants in AES key expansion?

They introduce complexity to resist attacks

What type of cipher structure does the Feistel cipher implement?

Substitution-permutation network concept

Study Notes

Symmetric Key Encryption

• Symmetric key encryption uses the same key for encryption and decryption
• The problem is transmitting the secret key securely.
• This type of cryptography uses a shared secret key known to both the sender and receiver.
• A malicious third party (eg Oscar) should not be able to understand the communication.

Outline

• Introduction to Symmetric Key Encryption
• Common Symmetric Key Algorithms
• Block Cipher Operation Modes

Alternative Names

• Private Key, Single Key, or Secret Key Cryptography

Problem Statement

• Alice and Bob want to communicate via an insecure channel (e.g., internet, WLAN).
• A malicious third party (Oscar) wants access to the channel but should not be able to understand the communication

Solution: Symmetric Cipher

• Encryption with a symmetric cipher
• Oscar only obtains ciphertext y (random bits).
• Alice encrypts message x with key K
• Key Generator generates secret key K
• Secure Channel transmits encrypted message y
• Bob decrypts message with key K
• x is the plaintext, y is the ciphertext, K is the key.
• The set of all keys {K1, K2, ..., Kn} is called the key space

Encryption and Decryption Equations

• y = e_k(x) (Encryption)
• x = d_k(y) (Decryption)
• e_k and d_k are inverse operations if the same key K is used.

Confusion and Diffusion

• A cipher needs to completely obscure statistical properties of the original message.
• A one-time pad does this.
• More practically Shannon suggested combining S&P elements.
• Diffusion dissipates the statistical structure of the plaintext over the bulk of the cipher text.
• Confusion is making the relationship between ciphertext and key as complex as possible.

Data Encryption Standard (DES)

• DES was the first modern standard symmetric key encryption scheme.
• Originally developed by IBM.
• DES became the most widely used block cipher in the world
• DES encrypts 64-bit data using a 56-bit key
• DES was proved insecure in 1998 due to brute-force attacks and short keys.

Strength of DES

• 56-bit keys have 2⁵⁶ values, making brute-force attacks hard.
• In 1997, discovering the key was possible in a few months using an executive search.
• In 1998, hardware attacks by Electronic Frontier Foundation with $220,000 cost could break DES in a few days.
• In 1999, DES was broken in 22 hours.

Triple DES

• Made part of DES in 1999
• Uses 3 keys and 3 DES executions.
• 3DES has an effective key length of 168 bits (3*56).
• Double DES also exists, but its effective key length is weaker.

National Institute of Standards and Technology (NIST)

• NIST is a US Federal Agency within the Department of Commerce.
• Its mission is to promote innovation and industrial competitiveness by advancing measurement science, standards, and technology.
• In 1997, NIST issued a call for a new Advanced Encryption Standard (AES).

Advanced Encryption Standard (AES)

• In 1997, US NIST issued a call for a new AES with requirements.
• Security strength better than 3DES
• Significantly more efficient
• Increased block length (128 bits)
• Support key sizes of 128, 192, and 256 bits

Advanced Encryption Standard (AES) - Rijndael

• Designed by Daemen and Rijmen in Belgium.
• Has 128/192/256-bit keys, 128-bit data.
• An iterative rather than Feistel cipher.
• Processes data as a block of 4 columns of 4 bytes in every round.

AES Cipher – Rijndael

• Data block of 4 columns of 4 bytes.
• Key is expanded to an array of words
• Each round is built from four basic steps:
  • Byte Substitution
  • Shift Rows.
  • Mix Columns
  • Add Round Key

Byte Substitution (1 S-Box)

• A simple substitution of each byte
• Uses a table of 16x16 bytes for permutation of all 8-bit values
• Each byte of state is replaced with one indexed by row (left 4 bits) and column (right 4 bits)

Shift Rows

• Circular byte shift
• 1st row is unchanged.
• 2nd row does 1 byte circular shift to left.
• 3rd row does 2 byte circular shift to left.
• 4th row does 3 byte circular shift to left.

Mix Columns

• Each byte is replaced by a value dependent on all 4 bytes in the column.
• Matrix multiplication.
• Can be expressed as 4 equations to derive the new byte.

Add Round Key

• XOR state with 128 bits of the round key.
• Again processed by column.. (bit operations).
• Inverse for decryption is identical (using reversed keys).
• Designed to be simple.

AES Key Expansion

• Takes 128-bit (16-byte) key and expands into an array of 44/52/60 32-bit words.
• Starts by copying the key into the first 4 words.
• Loop creates words depending on values in previous 4 places.
• 1st word in 4 has rotation, S-box, and XOR round constant on previous, before XORing 4th back

Key Expansion Rationale

• Designed to resist known attacks.
• Design criteria including:
  • Knowing part key insufficient.
  • Invertible transformation.
  • Fast on wide range of CPUs.
  • Use round constants to break symmetry.
  • Diffuse key bits into round keys.
  • Enough non-linearity to hinder analysis.
  • Simplicity of description.

AES Decryption

• AES decryption is not identical to encryption, but an equivalent inverse cipher with steps as for encryption is defined.
• Decryption uses inverses of each step and a different (inverse) key schedule.

Feistel Cipher

• Horst Feistel developed Feistel cipher at IBM.
• Implements Shannon's substitution-permutation network concept.
• Most symmetric block ciphers are based on a Feistel cipher structure.

How Feistel Cipher Works

• Partitions input block into two halves.
• Processes through multiple rounds
• In every round:
  • Performs a substitution on the left data half based on a round function of right half & subkey.
  • Then has permutation-swapping halves.

Feistel Cipher Design Elements

• Block size: Increasing size improves but slows down the cipher.
• Key size: Increasing size improves security but may slow down exhaustive key-searching.
• Subkey generation: Greater complexity to make analysis harder but may slow down the cipher.
• Round function: Greater complexity to make analysis harder but slower cipher.

Feistel Cipher Decryption

• The Feistel structure ensures the decryption process mirrors the encryption process.
• The round keys are in reverse order (when compared to the encryption round).

Feistel Cipher Security

• Diffusion & confusion provides security through small changes in input resulting in significant changes to the output.
• Structure is the foundation for many well-known ciphers (like DES).

IDEA Algorithm

• International Data Encryption Algorithm (IDEA)
• Developed in Switzerland in 1991.
• Uses a 128-bit key, 64-bit block size, 8 rounds.
• Different from DES, it doesn't use S-boxes, but binary addition instead of exclusive-or.
• Used in Pretty Good Privacy (PGP).

Pretty Good Privacy (PGP)

• PGP is a software library providing encryption and decryption for data communication.
• Includes open-source software for key management, allowing creation, modification, and revocation of digital certifications.
• Validates the authenticity of digital certifications.
• Created by Phil Zimmermann in 1991, stable release in 2018.

Blowfish

• Proposed by Bruce Schneier in 1993.
• A popular alternative to DES.
• Variable-length keys (128 bits to 448 bits) and variable number of rounds (up to 16).
• Uses a 64-bit block size
• Used in many commercial software packages
• Initially proprietary, now free.

Twofish

• Developed by Bruce Schneier
• One of the AES finalists.
• A block cipher operating on 128-bit blocks of data capable of using cryptographic keys up to 256 bits in length.
• Uses pre-whitening and post-whitening techniques protecting against known plaintext attacks.

Skipjack Algorithm

• Approved for use by the US government.
• Part of the Escrowed Encryption Standard (EES).
• Works with 64-bit blocks of text and uses an 80-bit key
• Skipjack has an additional "twist"- it supports escrow of encryption keys.
• Two government agencies, National Institute of Standards and Technology (NIST) and the Department of the Treasury hold portions for reconstructing Skipjack key.

Description

This quiz provides an introduction to symmetric key encryption, exploring its principles, common algorithms, and operational modes. Through scenarios featuring Alice and Bob, you'll learn how secure communication can be maintained even in the presence of a malicious third party. Test your knowledge on key concepts and applications of this cryptographic method.