Symmetric Key Encryption Overview

Questions and Answers

What is one of the key requirements for the Advanced Encryption Standard (AES) compared to Triple-DES?

• Must be less secure
• Must support key sizes of 64 bits
• Must use asymmetric encryption
• Must have a block length of 128 bits (correct)

Which algorithm was selected as the proposed AES algorithm?

• Twofish
• Rijndael (correct)
• RC6
• Serpent

What aspect of AES is emphasized in the evaluation criteria for its selection?

• Compatibility with all existing encryption algorithms
• General security and ease of implementation (correct)
• Simplicity of implementation in real-world applications
• Cost-effectiveness in production

Which key sizes are supported by the AES standard?

128, 192, and 256 bits (C)

What was the active life expectation for the AES as mentioned in the requirements?

20-30 years (B)

What is the main purpose of confusion in encryption?

To make the relationship between ciphertext and key complex (C)

Why was DES considered insecure by July 1998?

It was susceptible to brute-force attacks due to its short key length (C)

How does the effective key length of Triple DES compare to that of DES?

Triple DES has an effective key length of 168 bits (A)

What was a significant limitation of DES identified in studies after its introduction?

It could be broken in just a few days with specialized hardware (C)

Which organization was responsible for the development of the Data Encryption Standard (DES)?

IBM (C)

What is the primary purpose of symmetric key encryption in the communication between Alice and Bob?

To secure the communication against unauthorized access. (A)

In symmetric key encryption, what does the key represent?

The shared secret necessary for both encryption and decryption. (A)

What would happen if Oscar learns the key K used by Alice and Bob?

He could decrypt the messages thereby compromising their communication. (B)

What is the significance of the equalities $d_K(y) = d_K(e_K(x)) = x$ in symmetric key encryption?

It demonstrates that encryption and decryption are reversible operations using the same key. (B)

Which of the following best describes the term 'key space' in the context of symmetric key encryption?

The number of separate keys that can be used. (C)

What happens if Alice and Bob do not use a secure channel to transmit the key?

There is a risk that the key could be intercepted by Oscar. (D)

Why is the storage of the key K important in symmetric key encryption?

If lost, the encrypted messages cannot be retrieved. (C)

What type of encryption is symmetric key encryption also known as?

Private-key cryptography. (D)

What is the primary structure that most symmetric block ciphers are based on?

Feistel cipher structure (A)

What design element of the Feistel cipher can improve security but may slow down the cipher?

Key size (A), Block size (B)

Which of these statements about Blowfish is correct?

Blowfish supports a maximum key size of 448 bits. (A)

How does the decryption process in a Feistel cipher compare to the encryption process?

It mirrors the encryption process (D)

What distinguishes Twofish from other block ciphers?

It employs both pre-whitening and post-whitening techniques. (C)

Which of the following is a notable Feistel cipher?

DES (Data Encryption Standard) (C)

The IDEA algorithm primarily differs from DES in that it does not use what?

S-boxes (B)

Which of the following features is unique to the Skipjack algorithm?

It supports the escrow of encryption keys. (B)

Which statement about Twofish and AES is accurate?

Twofish can use cryptographic keys up to 256 bits. (D)

What method does the IDEA algorithm use instead of exclusive-or for processing?

Binary addition (B)

What is a characteristic of the Blowfish algorithm compared to DES?

Blowfish operates with a larger maximum key size than DES. (A)

In what context is the IDEA algorithm commonly used?

Pretty Good Privacy (PGP) (C)

What aspect of the Feistel cipher design enhances security through unpredictable output changes?

Diffusion and confusion (C)

What is the purpose of the key schedule in the S-P network?

To derive round keys from a single key (C)

Which operation is used to create the round keys in AES key expansion?

A combination of rotation, S-box, and XOR operations (B)

In which of the following steps does AES encryption NOT apply an inverse operation?

Add round key (D)

What characterizes the byte substitution in AES?

It rearranges byte values based on an S-box table (A)

What is the main purpose of the Mix Columns step in AES?

To replace each byte based on a polynomial equation (C)

How does AES decryption differ fundamentally from AES encryption?

The operations are executed in reverse order (B)

What is a key feature of the AES key expansion process?

It uses symmetric transformations to enhance security (D)

What is the result of swapping the byte substitution and shift rows operations in AES?

The encryption and decryption become identical (C)

What is the role of round constants in AES key expansion?

They introduce complexity to resist attacks (A)

What type of cipher structure does the Feistel cipher implement?

Substitution-permutation network concept (A)

Flashcards

Symmetric Key Encryption

A method of encrypting and decrypting data using the same secret key for both processes.

Key

A secret value used in encryption and decryption algorithms.

Encryption

The process of converting readable data (plaintext) into an unreadable format (ciphertext).

Decryption

The process of converting encrypted data (ciphertext) back into its original readable format (plaintext).

Plaintext

The original, readable data before encryption.

Ciphertext

The encrypted, unreadable version of the data.

Key Space

The set of all possible keys that can be used for encryption and decryption.

Secure Channel

A method for transmitting the key securely such that attackers cannot intercept it.

Symmetric Cipher

An encryption method where the same key is used to perform both encryption and decryption.

Cipher Confusion

Making the relationship between ciphertext and key as complex as possible to obscure any patterns.

Cipher Diffusion

Dispersing the statistical structure of plaintext throughout the ciphertext bulk.

One-Time Pad

An encryption method that obscures the statistical properties of the original message entirely using a random key that is as long as the message itself.

Data Encryption Standard (DES)

An early symmetric-key encryption standard that encrypts 64-bit data using a 56-bit key.

DES Key Length

56-bit key used by DES that was proven insufficiently secure.

Triple DES

An improvement upon DES using three keys and three DES executions to enhance security.

Brute-Force Attack

A method to try every possible key to crack an encryption system.

Block Cipher

An encryption method that works in fixed-size blocks of data.

AES

Advanced Encryption Standard; a method for encrypting data; stronger and faster than Triple-DES.

NIST

National Institute of Standards and Technology; US agency that issued the call for AES.

Rijndael

The selected AES algorithm; designed by Joan Daemen and Vincent Rijmen.

128/192/256-bit keys

Sizes for encryption keys; different key lengths provide varied security levels.

Block Cipher

Method that processes data in fixed-size blocks.

Evaluation Criteria

Standards for judging encryption algorithms; for example, security, cost, ease of implementation.

Symmetric Key Cipher

An encryption method where the same key is used for encrypting and decrypting.

AES Round

A single iteration in the Advanced Encryption Standard (AES) algorithm, involving sequential steps of byte substitution, shifting rows, mixing columns, and adding a round key.

Byte Substitution

Replacing each byte in the state with a byte from a predefined lookup table (S-box).

Shift Rows

Circularly shifting bytes within each row of the state by different offsets.

Mix Columns

Replacing each byte in a column with a value derived from all four bytes in that column using matrix multiplication.

Add Round Key

XORing the state with a portion of the round key.

AES Key Expansion

Generating a series of round keys from the initial key using a specific algorithm.

Key Schedule

The algorithm that generates the round keys starting from the initial encryption key.

Round Key

A key derived from the initial key used in each round of AES.

S-box

Lookup table used in byte substitution, crucial in the AES algorithm.

Feistel Cipher

A block cipher design where the input is split, transformed, and combined. Used in various encryption algorithms.

Blowfish

A symmetric-key block cipher algorithm with variable key lengths (128-448 bits) and rounds (up to 16).

Blowfish Key Length

Variable, from 128 bits to 448 bits.

Blowfish Block Size

64 bits in size

TwoFish

A symmetric-key block cipher algorithm, (AES finalist) using pre- and post-whitening, operates on 128-bit blocks.

Twofish Key Length

Up to 256 bits.

Skipjack

A symmetric-key block cipher algorithm approved by the US government, using 64-bit blocks and 80-bit keys.

Skipjack Key Escrow

Uses government agencies to access the encryption keys.

Feistel Cipher Structure

A method for encrypting data, dividing it into halves processed through multiple rounds with substitution and permutation.

Block Size (Cipher)

The fixed-size chunk of data processed by a block cipher.

Key Size (Cipher)

The length of the secret key used for encryption and decryption.

Subkey Generation

The process of creating unique keys for each round of encryption.

Round Function

The operation performed in each round of a block cipher to modify the data.

Decryption (Feistel)

Reverse process of encryption using the same round keys applied in reverse order.

Diffusion (Cipher)

Dispersing plaintext's statistical patterns throughout ciphertext.

Confusion (Cipher)

Making the relationship between ciphertext and key complex.

IDEA Algorithm

International Data Encryption Algorithm alternative to DES, using 64-bit blocks and 128-bit keys.

Pretty Good Privacy (PGP)

Software providing cryptographic privacy and authentication for data communication.

Study Notes

Symmetric Key Encryption

• Symmetric key encryption uses the same key for encryption and decryption
• The problem is transmitting the secret key securely.
• This type of cryptography uses a shared secret key known to both the sender and receiver.
• A malicious third party (eg Oscar) should not be able to understand the communication.

Outline

• Introduction to Symmetric Key Encryption
• Common Symmetric Key Algorithms
• Block Cipher Operation Modes

Alternative Names

• Private Key, Single Key, or Secret Key Cryptography

Problem Statement

• Alice and Bob want to communicate via an insecure channel (e.g., internet, WLAN).
• A malicious third party (Oscar) wants access to the channel but should not be able to understand the communication

Solution: Symmetric Cipher

• Encryption with a symmetric cipher
• Oscar only obtains ciphertext y (random bits).
• Alice encrypts message x with key K
• Key Generator generates secret key K
• Secure Channel transmits encrypted message y
• Bob decrypts message with key K
• x is the plaintext, y is the ciphertext, K is the key.
• The set of all keys {K1, K2, ..., Kn} is called the key space

Encryption and Decryption Equations

• y = e_k(x) (Encryption)
• x = d_k(y) (Decryption)
• e_k and d_k are inverse operations if the same key K is used.

Confusion and Diffusion

• A cipher needs to completely obscure statistical properties of the original message.
• A one-time pad does this.
• More practically Shannon suggested combining S&P elements.
• Diffusion dissipates the statistical structure of the plaintext over the bulk of the cipher text.
• Confusion is making the relationship between ciphertext and key as complex as possible.

Data Encryption Standard (DES)

• DES was the first modern standard symmetric key encryption scheme.
• Originally developed by IBM.
• DES became the most widely used block cipher in the world
• DES encrypts 64-bit data using a 56-bit key
• DES was proved insecure in 1998 due to brute-force attacks and short keys.

Strength of DES

• 56-bit keys have 2⁵⁶ values, making brute-force attacks hard.
• In 1997, discovering the key was possible in a few months using an executive search.
• In 1998, hardware attacks by Electronic Frontier Foundation with $220,000 cost could break DES in a few days.
• In 1999, DES was broken in 22 hours.

Triple DES

• Made part of DES in 1999
• Uses 3 keys and 3 DES executions.
• 3DES has an effective key length of 168 bits (3*56).
• Double DES also exists, but its effective key length is weaker.

National Institute of Standards and Technology (NIST)

• NIST is a US Federal Agency within the Department of Commerce.
• Its mission is to promote innovation and industrial competitiveness by advancing measurement science, standards, and technology.
• In 1997, NIST issued a call for a new Advanced Encryption Standard (AES).

Advanced Encryption Standard (AES)

• In 1997, US NIST issued a call for a new AES with requirements.
• Security strength better than 3DES
• Significantly more efficient
• Increased block length (128 bits)
• Support key sizes of 128, 192, and 256 bits

Advanced Encryption Standard (AES) - Rijndael

• Designed by Daemen and Rijmen in Belgium.
• Has 128/192/256-bit keys, 128-bit data.
• An iterative rather than Feistel cipher.
• Processes data as a block of 4 columns of 4 bytes in every round.

AES Cipher – Rijndael

• Data block of 4 columns of 4 bytes.
• Key is expanded to an array of words
• Each round is built from four basic steps:
  • Byte Substitution
  • Shift Rows.
  • Mix Columns
  • Add Round Key

Byte Substitution (1 S-Box)

• A simple substitution of each byte
• Uses a table of 16x16 bytes for permutation of all 8-bit values
• Each byte of state is replaced with one indexed by row (left 4 bits) and column (right 4 bits)

Shift Rows

• Circular byte shift
• 1st row is unchanged.
• 2nd row does 1 byte circular shift to left.
• 3rd row does 2 byte circular shift to left.
• 4th row does 3 byte circular shift to left.

Mix Columns

• Each byte is replaced by a value dependent on all 4 bytes in the column.
• Matrix multiplication.
• Can be expressed as 4 equations to derive the new byte.

Add Round Key

• XOR state with 128 bits of the round key.
• Again processed by column.. (bit operations).
• Inverse for decryption is identical (using reversed keys).
• Designed to be simple.

AES Key Expansion

• Takes 128-bit (16-byte) key and expands into an array of 44/52/60 32-bit words.
• Starts by copying the key into the first 4 words.
• Loop creates words depending on values in previous 4 places.
• 1st word in 4 has rotation, S-box, and XOR round constant on previous, before XORing 4th back

Key Expansion Rationale

• Designed to resist known attacks.
• Design criteria including:
  • Knowing part key insufficient.
  • Invertible transformation.
  • Fast on wide range of CPUs.
  • Use round constants to break symmetry.
  • Diffuse key bits into round keys.
  • Enough non-linearity to hinder analysis.
  • Simplicity of description.

AES Decryption

• AES decryption is not identical to encryption, but an equivalent inverse cipher with steps as for encryption is defined.
• Decryption uses inverses of each step and a different (inverse) key schedule.

Feistel Cipher

• Horst Feistel developed Feistel cipher at IBM.
• Implements Shannon's substitution-permutation network concept.
• Most symmetric block ciphers are based on a Feistel cipher structure.

How Feistel Cipher Works

• Partitions input block into two halves.
• Processes through multiple rounds
• In every round:
  • Performs a substitution on the left data half based on a round function of right half & subkey.
  • Then has permutation-swapping halves.

Feistel Cipher Design Elements

• Block size: Increasing size improves but slows down the cipher.
• Key size: Increasing size improves security but may slow down exhaustive key-searching.
• Subkey generation: Greater complexity to make analysis harder but may slow down the cipher.
• Round function: Greater complexity to make analysis harder but slower cipher.

Feistel Cipher Decryption

• The Feistel structure ensures the decryption process mirrors the encryption process.
• The round keys are in reverse order (when compared to the encryption round).

Feistel Cipher Security

• Diffusion & confusion provides security through small changes in input resulting in significant changes to the output.
• Structure is the foundation for many well-known ciphers (like DES).

IDEA Algorithm

• International Data Encryption Algorithm (IDEA)
• Developed in Switzerland in 1991.
• Uses a 128-bit key, 64-bit block size, 8 rounds.
• Different from DES, it doesn't use S-boxes, but binary addition instead of exclusive-or.
• Used in Pretty Good Privacy (PGP).

Pretty Good Privacy (PGP)

• PGP is a software library providing encryption and decryption for data communication.
• Includes open-source software for key management, allowing creation, modification, and revocation of digital certifications.
• Validates the authenticity of digital certifications.
• Created by Phil Zimmermann in 1991, stable release in 2018.

Blowfish

• Proposed by Bruce Schneier in 1993.
• A popular alternative to DES.
• Variable-length keys (128 bits to 448 bits) and variable number of rounds (up to 16).
• Uses a 64-bit block size
• Used in many commercial software packages
• Initially proprietary, now free.

Twofish

• Developed by Bruce Schneier
• One of the AES finalists.
• A block cipher operating on 128-bit blocks of data capable of using cryptographic keys up to 256 bits in length.
• Uses pre-whitening and post-whitening techniques protecting against known plaintext attacks.

Skipjack Algorithm

• Approved for use by the US government.
• Part of the Escrowed Encryption Standard (EES).
• Works with 64-bit blocks of text and uses an 80-bit key
• Skipjack has an additional "twist"- it supports escrow of encryption keys.
• Two government agencies, National Institute of Standards and Technology (NIST) and the Department of the Treasury hold portions for reconstructing Skipjack key.

Description

This quiz provides an introduction to symmetric key encryption, exploring its principles, common algorithms, and operational modes. Through scenarios featuring Alice and Bob, you'll learn how secure communication can be maintained even in the presence of a malicious third party. Test your knowledge on key concepts and applications of this cryptographic method.