Symmetric encryption algorithm

Introduction

Symmetricencryption(alsocalledprivatekeyencryption)referstoanencryptionalgorithmthatusesthesamekeyforencryptionanddecryption.Sometimescalledtraditionalcryptographicalgorithm,thatis,theencryptionkeycanbecalculatedfromthedecryptionkey,andthedecryptionkeycanalsobecalculatedfromtheencryptionkey.Inmostsymmetricalgorithms,theencryptionkeyandthedecryptionkeyarethesame,sothisencryptionalgorithmisalsocalledasecretkeyalgorithmorasinglekeyalgorithm.Itrequiresthesenderandreceivertoagreeonakeybeforecommunicatingsecurely.Thesecurityofthesymmetricalgorithmdependsonthekey.Leakingthekeymeansthatanyonecandecryptthemessagestheysendorreceive.Therefore,theconfidentialityofthekeyisveryimportanttothesecurityofcommunication.

Features

Thecharacteristicsofthesymmetricencryptionalgorithmarethatthealgorithmisopen,theamountofcalculationissmall,theencryptionspeedisfast,andtheencryptionefficiencyishigh.

Thedisadvantageisthatbothpartiesinthetransactionusethesamekey,andsecuritycannotbeguaranteed.Inaddition,everytimeeachpairofusersusesasymmetricencryptionalgorithm,theyneedtouseauniquekeythatothersdon'tknow.Thiswillincreasethenumberofkeysownedbybothsendersandreceiversexponentially,andkeymanagementbecomesaburdenonusers.Symmetricencryptionalgorithmsaremoredifficulttouseondistributednetworksystems,mainlybecausekeymanagementisdifficultandtheusecostishigh.Comparedwiththepublickeyencryptionalgorithm,thesymmetricencryptionalgorithmcanprovideencryptionandauthenticationbutlacksthesignaturefunction,whichreducesthescopeofuse.SymmetricencryptionalgorithmswidelyusedincomputerprivatenetworksystemsincludeDESandIDEA.AESadvocatedbytheNationalBureauofStandardsisabouttoreplaceDESasanewstandard.

Theadvantageofthesymmetricencryptionalgorithmliesinthehighspeedofencryptionanddecryptionandthedifficultyofcrackingwhenusinglongkeys.Assumingthattwousersneedtousesymmetricencryptiontoencryptandthenexchangedata,theusersneedatleast2keysandexchangethem.Iftherearenusersintheenterprise,theentireenterpriseneedsn×(n-1)keysintotal.Thegenerationanddistributionofkeyswillbecomeanightmareforcorporateinformationdepartments.Thesecurityofthesymmetricencryptionalgorithmdependsonthepreservationoftheencryptionkey,butitisimpossibletorequireeveryoneintheenterprisewhoholdsthekeytokeepthesecret.Theyusuallyleakthekeyintentionallyorunintentionally—ifoneThekeyusedbytheuserisobtainedbytheintruder,andtheintrudercanreadallthedocumentsencryptedbytheuser'skey.Iftheentireenterprisesharesanencryptionkey,theconfidentialityoftheentireenterprisedocumentwillbeimpossibletotalkabout.

Specificalgorithms

MainlyincludeDESalgorithm,3DESalgorithm,TDEAalgorithm,Blowfishalgorithm,RC5algorithm,IDEAalgorithm.

Hereisabriefintroductiontotheencryptionalgorithmbasedon"symmetrickey".

Encryptionalgorithmsbasedon"symmetrickey"mainlyincludeDES,TripleDES,RC2,RC4,RC5,andBlowfish.

Symmetrickey:DESTripleDESalgorithm

TheDESalgorithmturnsa64-bitplaintextinputblockintoaciphertextoutputblockwithadatalengthof64bits.Amongthem,8bitsareparitybits,andtheother56bitsarethelengthofthepassword.First,DESrecombinestheinput64-bitdatablockbybit,anddividestheoutputintotwoparts,L0andR0,eachpartis32bitslong,andisreplacedbeforeandafter.Finally,L0outputs32bitsontheleftandR0outputs32ontheright.Accordingtothisrule,after16iterations,L16andR16areobtained,whichareusedasinput,andtheinversepermutationoppositetotheinitialpermutationisperformedtoobtaintheciphertextoutput.

TheDESalgorithmhasextremelyhighsecurity.Sofar,inadditiontotheexhaustivesearchmethodtoattacktheDESalgorithm,nomoreeffectivemethodhasbeenfound,andtheexhaustionofthe56-bitlongkeyThespaceis2^56,whichmeansthatifacomputercandetect1millionkeyspersecond,itwilltakenearly2285yearstosearchforallkeys.Therefore,theDESalgorithmisveryreliable.Encryptionmethod.

Symmetrickey:RCalgorithm

Symmetric encryption algorithm

TheprincipleoftheRC4algorithmis"confusion",whichincludestwoparts:initializationalgorithmandpseudo-randomsub-ciphergenerationalgorithmIntheprocessofinitialization,themainfunctionofthekeyistorandomlyscramblea256-byteinitialnumbercluster.Differentnumberclusterscangetdifferentsub-keysequencesafterbeingprocessedbythepseudo-randomsub-ciphergenerationalgorithm.AfterperforminganexclusiveORoperation(XOR)ontheobtainedsubkeysequenceandtheplaintext,theciphertextisobtained.

BecausetheRC4algorithmencryptionusestheexclusiveORmethod,oncethesub-keysequenceisrepeated,theciphertextmaybecracked,butthereisnoRC4withakeylengthof128bits.Thereisapossibilityofduplication,soRC4isalsooneofthemostsecureencryptionalgorithmsatpresent.

Symmetrickey:BlowFishalgorithm

BlowFishalgorithmisa64-bitblockandvariablekeylengthblockcipheralgorithm,thealgorithmisnon-patent.

TheBlowFishalgorithmusestwo"boxes":pbox[18]andsbox[4256].TheBlowFishalgorithmhasacoreencryptionfunction.Thisfunctioninputs64-bitinformation,andoutputsitintheformof64-bitciphertextaftercalculation.EncryptinginformationwiththeBlowFishalgorithmrequirestwoprocesses:keypreprocessingandinformationencryption.TheoriginalkeyspboxandsboxoftheBlowFishalgorithmarefixed.Toencryptamessage,youneedtoselectakey,andusethiskeytotransformthepboxandsboxtoobtainthekey_pboxandkey_sboxusedinthenextstepofinformationencryption.

BlowFishalgorithmdecryptionalsorequirestwoprocesses:keypreprocessingandinformationdecryption.Theprocessofkeypreprocessingisexactlythesameasthatofencryption.Theprocessofinformationdecryptionistousethekey_pboxinthereverseorderoftheinformationencryptionprocess.

Applicationmode

Encryptionmode(Englishnameandabbreviation)

Chinesename

ElectronicCodeBook(ECB)

ElectronicCodeBookMode

CipherBlockChaining(CBC)

Passwordblocklinkmode

CipherFeedbackMode(CFB)

EncryptedFeedbackMode

OutputFeedbackMode(OFB)

OutputFeedbackMode

ECB:Themostbasicencryptionmode,whichiscommonlyunderstoodencryption.Thesameplaintextwillalwaysbeencryptedintothesameciphertextwithoutaninitialvector.Itisvulnerabletocodebookreplayattacksandisrarelyusedingeneral.

CBC:Beforetheplaintextisencrypted,itneedstobeXORedwiththepreviousciphertextandthenencrypted,soaslongasyouchooseadifferentinitialvector,thesameciphertextwillbeencryptedtoformadifferentciphertext.ThisisCurrentlythemostwidelyusedmode.TheciphertextencryptedbyCBCiscontext-dependent,buterrorsintheplaintextwillnotbepassedontosubsequentpackets,butifonepacketislost,allsubsequentpacketswillbeinvalidated(synchronizationerrors).

CFB:Similartoaself-synchronizingsequencecipher,afterblockencryption,theciphertextandplaintextareshiftedandXORedaccordingto8-bitgroups,andtheoutputisreturnedtotheshiftregisteratthesametime.TheadvantagecanbeassmallasbyteEncryptionanddecryptioncanalsobenbits.CFBisalsocontext-dependent.InCFBmode,anerrorintheplaintextwillaffectthesubsequentciphertext(errordiffusion).

OFB:Runtheblockcipherasasynchronoussequencecipher,similartoCFB,butOFBusesthepreviousn-bitciphertextoutputpackettobefedbacktotheshiftregister,OFBhasnoerrorpropagationproblem.

Related Articles
TOP