Symmetric Cryptography

Ok, now what in the world is symmetric cryptography? ‘And I suppose that if there’s a “symmetric cryptography,” there must be an “asymmetric cryptography” as well, right?

In the broadest of terms, we group cryptographic algorithms into two categories- symmetric and asymmetric. A sort of hybrid arrangement, using both at the same time is common in practical application though.

‘But, we digress. Let’s get to the point.

You may recall from earlier posts that we talked about early encryption techniques such as the Caesar Cipher. In that technique, dating back to 100 years B.C., a predetermined number of positions would shift the alphabet. For instance, if we choose to shift by “three,” then a letter “A” becomes a “D,” and so on. To read the message we simply shift the characters in the other direction. ‘Simple but effective.

In this cipher, the encryption key is 3. A shift of three positions encodes and a shift of three decodes. The code works if both sides have the encryption key value of “3.” This is a simple example of symmetric encryption. We call it “symmetric” because the same key value is used to encrypt as well as decrypt. Both sides need to know the key value beforehand in order for it to work.

Private Key Encryption

Symmetric encryption is also known as private key encryption. Since both sides of the message use the same key, it’s critically important to keep the key private. Secrecy is key- the key must be a secret. If either side of the communication loses the key, then they can’t communicate (secretly). If a third party intercepts the key, then they have access to the message.

So you see the primary challenge of symmetric (or private key) encryption is how to share the key with the receiver. There is some (usually out-of-band) communication between the sender and receiver in order to agree on the key. Doing this confidentially is the tricky part.

Symmetric Cryptosystems

As has been the case with our other discussions about cryptography, we’ll apologize in advance for the alphabet soup.

There are a number of prominent cryptosystems. We will discuss three of them that any security engineer is sure to encounter, regardless of the environment. These are DES, 3DES, and AES.

Data Encryption Standard (DES)

One of the most widely known cryptosystems is the Data Encryption Standard (DES), developed by IBM. DES is based on IBM’s Lucifer algorithm. Lucifer uses a key length of 128 bits. DES uses a 64-bit block size and a 56-bit key. DES is a block cipher, segmenting the input data into blocks of a specific size.

NIST adopted DES in 1976 as a federal standard for encryption of non-classified information, and commercial organizations adopted it widely. DES had a good run of 20 years or so, but in the mid 1990’s it was determined that a 56-bit key was then too short to ensure an acceptable level of security. Actually, an organization proved the cracking of a DES key in just 56 hours (coincidentally). With present day computation capacity, that can now be done in minutes.

Triple DES (3DES)

So shortly after the determination that DES is not adequate for highly classified communication, a new cryptosystem was born. This was Triple DES (3DES). In case you’re wondering, yes, there was a 2DES as well.

3DES uses three 64-bit keys for an overall key length of 192 bits. As you might imagine, 3DES encryption is much the same as regular DES, except that it is repeated three times. 3DES employs 48 rounds in its encryption computations, generating ciphers that are approximately 2⁵⁶ times stronger than DES alone. The downside is that it takes three times longer to compute the cipher.

As computing power improved through the late 1990’s, 3DES also needed to be replaced.

Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) was the successor to 3DES. AES is a Federal Information Processing Standard (FIPS) specifying a cryptographic algorithm used to protect classified information for everything other than national defense infrastructure. AES is used outside of government applications, of course.

The AES cryptosystem was chosen from a competition between competing cryptographic algorithms vying for selection as the replacement for 3DES.

AES employs a block cipher called the Rijndael Block Cipher, with a variable block length and key length options of 128, 192 or 256-bits.

Other symmetric encryption algorithms

Of course, there are other symmetric cryptosystems. Some notable example are:

CAST
RC (RC2, RC4, RC5, RC6)
Blowfish
IDEA

Symmetry brings simplicity, efficiency and also some risk

Symmetric cryptosystems are very effective and simple because the same key is used on both sides of the crypto algorithm. They are important because they are comparatively fast and have fewer computational requirements. As we have said, the risk though is in how the key is distributed to the end users of the cryptosystem. If either party loses the key, or if the key is compromised, the system falls down. The challenge in securely operating symmetric cryptosystems is in how to exchange the key securely, especially as we increase key lengths for strength of the cryptography.