Symmetric Encryption

What is symmetric encryption?

Symmetric Encryption (also known as symmetric-key encryption, single-key encryption, one-key encryption and private key encryption) is a type of encryption where the same secret key is used to encrypt and decrypt information or there is a simple transform between the two keys.
A secret key can be a number, a word, or just a string of random letters. Secret key is applied to the information to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. Symmetric algorithms require that both the sender and the receiver know the secret key, so they can encrypt and decrypt all information.There are two types of symmetric encryption algorithms: Stream algorithms (Stream ciphers) and Block algorithms (Block ciphers).

Types of Symmetric algorithms (Symmetric-key algorithms)

Symmetric encryption algorithms (Symmetric-key encryption algorithms) use the same key for encryption and decryption. Symmetric-key encryption algorithms can be divided into Stream algorithms (Stream ciphers) and Block algorithms (Block ciphers).

Stream Ciphers
Stream ciphers encrypt the bits of information one at a time – operate on 1 bit (or sometimes 1 byte) of data at a time (encrypt data bit-by-bit). Stream ciphers are faster and smaller to implement than block ciphers, however, they have an important security gap. If the same key stream is used, certain types of attacks may cause the information to be revealed.

Block Ciphers
Block cipher (method for encrypting data in blocks) is a symmetric cipher which encrypts information by breaking it down into blocks and encrypting data in each block. A block cipher encrypts data in fixed sized blocks (commonly of 64 bits). The most used block ciphers are Triple DES and AES.

Symmetric encryption algorithms:
– AES/Rijndael
– Blowfish
– RC2
– RC4
– RC6
– Serpent
– Triple DES
– Twofish

AES/Rijndael encryption

AES stands for Advanced Encryption Standard. AES is a symmetric key encryption technique which replaces the commonly used Data Encryption Standard (DES).
It was the result of a worldwide call for submissions of encryption algorithms issued by the US Government’s National Institute of Standards and Technology in 1997 and completed in 2000.
The winning algorithm, Rijndael, was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen. AES provides strong encryption and was selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197).
The AES algorithm usesthree key sizes: a 128-, 192-, or 256-bit encryption key. Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with which you can scramble the data, but also increase the complexity of the cipher algorithm.

Blowfish is a symmetric encryption algorithm (64-bit cipher) designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. Blowfish has a variable key length – from 32 bits to 448 bits. Since then Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption algorithm.

CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST. CAST is a popular 64-bit block cipher allowing key sizes up to 128 bits.

Data Encryption Standard (DES)
Data Encryption Standard (DES) is a block cipher with 64-bit block size that uses 56-bit keys. DES was invented over 20 years ago by IBM in response to a public request from the National Bureau of Standards. Due to recent advances in computer technology, some experts no longer consider DES secure against all attacks; since then Triple-DES (3DES) has emerged as a stronger method. Using standard DES encryption, Triple-DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits.

IDEA stands for International Data Encryption Algorithm. IDEA is a symmetric encryption algorithm that was developed by Dr. X. Lai and Prof. J. Massey to replace the DES standard. Unlike DES though it uses a 128 bit key. This key length makes it impossible to break by simply trying every key.

RC2 is a variable-key-length cipher. It was invented by Ron Rivest for RSA Data Security, Inc. Its details have not been published.

RC4 was developed by Ron Rivest in 1987. It is a variable-key-size stream cipher. It is a cipher with a key size of up to 2048 bits (256 bytes).

RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES).

Serpent is a block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).

Triple DES
Triple DES is a variation of Data Encryption Standard (DES). It uses a 64-bit key consisting of 56 effective key bits and 8 parity bits. The size of the block for Triple-DES is 8 bytes. Triple-DES encrypts the data in 8-byte chunks. The idea behind Triple DES is to improve the security of DES by applying DES encryption three times using three different keys.

Twofish is a symmetric block cipher. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.
Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting. The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm.

What are symmetric encryption vulnerabilities?

Breaking symmetric encryption
There are two methods of breaking symmetric encryption – brute force and cryptanalysis.
Brute Force Attack is a form of attack in which each possibility is tried until success is obtained. Typically, a ciphertext is deciphered under different keys until plaintext is recognized. No encryption software that is entirely safe from the brute force method, but if the number of possible keys is high enough, it can make a program astronomically difficult to crack using brute force. But the more bits in a key, the more secure it is, so choose software with as many bits as possible.
Cryptanalysis is a form of attack that attacks the characteristics of the algorithm to deduce a specific plaintext or the key used.

Weak passwords
In every kind of encryption software, there is some kind of password that must be created so that the recipients of the information can read it. Creating a strong password that cannot be easily guessed is just as important as choosing a good algorithm or strong encryption software.

Remembering passwords
If you forget your password, you will not be able to decrypt data that you have encrypted. Be sure to make a backup copy of your password and store it in a safe place.

Secret keys exchanging and storing
Symmetric key encryption algorithms require sharing the secret key – both the sender and the receiver need the same key to encrypt or decrypt data. Anyone who knows the secret key can decrypt the message. So it is essential that the sender and receiver have a way to exchange secret keys in a secure manner. The weakness of symmetric encryption algorithms is that if the secret key is discovered, all messages can be decrypted. So, secret key need to be changed on a regular basis and kept secure during distribution and while using.

Symmetric vs. Asymmetric encryption algorithms

Symmetric encryption algorithms encrypt and decrypt with the same key. Main advantages of symmetric algorithms are its security and high speed. Asymmetric encryption algorithms encrypt and decrypt with different keys. Data is encrypted with a public key, and decrypted with a private key. Asymmetric encryption algorithms are incredibly slow and it is impractical to use them to encrypt large amounts of data. Generally, symmetric encryption algorithms are much faster to execute on a computer than asymmetric ones. In practice they are often used together, so that a public-key algorithm is used to encrypt a randomly generated encryption key, and the random key is used to encrypt the actual message using a symmetric algorithm.

Symmetric encryption advantages
Main advantages of symmetric encryption algorithms are theit security and high speed.