The content of this study is divided into four main sessions:•A Basic Research on the Basic Cryptography Knowledge•Algorithms that Commonly Used in Symmetric Cryptosystem•Algorithms that Commonly Used in Asymmetric Cryptosystem•Theoretical Analysis of Encryption Algorithm
Trang 1Area 1: Common Infrastructure Technology
Student ID
Student name
Email address
Class
1 Title
Search Two Types of Encryption Keys: Public and Secret Key Algorithms
2 Purpose of the Study
The Internet is an open environment to exchange information, any information sent or received on the Internet can be stolen or eavesdropped on Therefore, one of the most effective solutions for this problem is encryption The main goal of this report is to give a brief overview of two encryption keys: public and secret key algorithms for newcomers to cyber security and cryptography, hence, it will not go too deep into coding techniques
3 Contents and Scope
a Contents
The content of this study is divided into four main sessions:
A Basic Research on the Basic Cryptography Knowledge
Algorithms that Commonly Used in Symmetric Cryptosystem
Algorithms that Commonly Used in Asymmetric Cryptosystem
Theoretical Analysis of Encryption Algorithm
b Scope
This study will introduce some fundamental definitions and models in cryptography as well as briefly give the explanations and related knowledge and informations of several common symmetric encryption techniques of both symmetric and asymmetric key algorithms
4 Results of the Study
Plaintext is the original content in documents may including typical characters, sentences, figures, or images or texts which is readable Ciphertext is the materials that replaced from
original characters, sentences, figures, or images to other characters, figures or images that can not be recognized by manual method
Encryption is the process in which data is converted into something that seems to be unreadable
or can be simply known as a process transforming plaintext into ciphertext Decryption is the
process in which the encoded information is converted back to its original form or can be known
as a process transforming ciphertext into plaintext
Key is a piece of information used in combination with an algorithm or a cipher to transform
plaintext into ciphertext, which called encryption, and vice versa, decryption
Trang 2Cryptosystem is a system consisting of encryption algorithm and decryption algorithm The
picture below is a visual explanation how do this system work For a given encryption key the encryption algorithm will map a plaintext to a ciphertext, which is usually unique determined For the corresponding decryption key, the decryption algorithm will map the ciphertext to the plaintext, which is usually unique determined too
Figure 1 Cryptosytem
a Symmetric encryption system
A symmetric encryption system is an encryption system that uses a shared secret key for both encryption and decryption In this system, the key is a random and secret value shared among information exchange parties that can be generated from trusted third parties and distributed to senders and receivers or can be directly created by the sender and transmitted to the receiver The mechanism of this system is simple: the sender uses the key to encrypt information and sends it to the receiver, then the receiver uses that shared secret key to decrypt
There many symmetric ciphers, for example: DES, 3DES, AES, RC4, etc This study is about to mention two most common secret key algorithms: DES and AES
b Data Encryption Standard (DES)
On May 15, 1973, the National Bureau of Standards (NBS), which is now known as NIST -National Institute of Standards and Technology (USA), published a notice in the Federal Register soliciting proposals for cryptographic algorithms to protect data during transmission and storage and waited for the responses to come in However, it received none until August 6, 1974, when IBM submitted a candidate that it had developed internally under the name Lucifer After
Trang 3evaluating the algorithm with the help of the National Security Agency (NSA), the NBS adopted a modification of the Lucifer algorithm as the new Data Encryption Standard (DES) on July 15, 1977
DES is a very default method and also well known as a block cipher It encrypts messages or data
in many blocks of size of 64 bits per each, means 64-bit blocks of plaintext goes as the input to DES, which produces 64-bit blocks of ciphertext The initial key also consists of 64 bits However, before the DES process even starts, every 8th bit of the key is discarded (at position 8, 16, 24, 32,
40, 48, 56 and 64) to produce a 56 bit key, so the final key length is 56 bits The same algorithm and key are used for encryption and decryption, with minor differences
DES is based on the two fundamental attributes of cryptography: substitution1 (also called as confusion) and transposition2 (also called as diffusion) DES includes of 16 rounds, each round performs the steps of substitution and transposition before generates the final ciphertext blocks The encoding process goes as follows:
Calculating the total of bits of the plaintext and dividing them into 64-bit blocks
Separating the 64-bit blocks into two halves, says Left Group (L) and Right Group (R)
Substituting and transposing each group, those groups go through 16 rounds of encryption process
In the end, the two groups are rejoined, the finale result of this process is 64-bit ciphertext
Figure 2 DES encrpytion process
1 Substitution cipher is an encryption technique that replaces one symbol with another
2 Transposition cipher is an encryption technique that reorders symbols in a block of symbols
Trang 4c Advanced Encryption Standard (AES)
A replacement for DES was needed as its key size was too small comparing to a lot of information that need to encrypt Additionally, with the increasing of computing power, it was considered vulnerable against Brute force attacks3; so, triple DES4 was designed to overcome this drawback but it was found slow Therefore, a new encryption standard recommended by NIST to replace DES and 3DES: Advanced Encryption Standard (AES) In fact, AES algorithm not only for security but also for great speed and it is also a very popular and widely adopted symmetric encryption algorithm likely to be encountered nowadays
The AES encryption algorithm encrypts and decrypts data in blocks of 128 bits It can do this using 128-bit, 192-bit, or 256-bit keys AES using 128-bit keys is often referred to as AES-128, and AES-192 as well as AES-256 are referred in a way similar to the AES-128 The number of rounds in AES is variable and depends on the length of the key: AES-128 uses 10 rounds, AES-192 uses 12 rounds and AES-256 used 14 rounds Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key and comprise of some sub-processes including substitution, transposition and mixing of the input plaintext to transform it into the final output
of ciphertext The following diagram provides a simplified overview of the AES encryption process
Figure 3 AES encryption process
In order, these are about four sub-steps in one round of AES encoding cipher:
3 Brute force attacks is a very primitive form attack is also known as an exhaustive key search It basically involves trying every combination of numbers possible until the correct key is found
4 Triple DES (3DES) is a sub-variant cipher of DES executing the DES algorithm three times
Trang 5 Byte Substitution (SubBytes): The 16 input bytes are substituted by looking up a fixed table
(S-box) given in design The result is in a matrix of four rows and four columns
Shiftrows: Each of the four rows of the matrix is shifted to the left Any entries that “fall off” are
re-inserted on the right side of row Shift is carried out as:
○ First row is not shifted
○ Second row is shifted one (byte) position to the left
○ Third row is shifted two positions to the left
○ Fourth row is shifted three positions to the left
○ The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other
MixColumns: Each column of four bytes is now transformed using a special mathematical
function This function takes as input the four bytes of one column and outputs four completely new bytes, which replace the original column The result is another new matrix consisting of 16 new bytes It should be noted that this step is not performed in the last round
Addroundkey: The 16 bytes of the matrix are now considered as 128 bits and are XORed to the
128 bits of the round key If this is the last round then the output is the ciphertext Otherwise, the resulting 128 bits are interpreted as 16 bytes and we begin another similar round
The first round process is depicted below:
Figure 4 AES first round process
The decryption processes of an AES is similar to the encryption process in the reverse order and both sender and receiver have the same key to encrypt and decrypt data Each round consists of the four processes conducted in the reverse order, like this:
Trang 6 Add round key
Mix columns
Shift rows
Byte substitution
Since sub-processes in each round are in reverse manner, the encryption and decryption algorithms needs to be separately implemented, although they are very closely related
Comparing AES and DES algorithm, we can notice that they are both symmetric block ciphers, but AES is more mathematically efficient The main benefit of AES lies in its key length options The time required to crack an encryption algorithm is directly related to the length of the key used to secure the communication: 128-bit, 192-bit or 256-bit keys Therefore, it is exponentially stronger than the 56-bit key of DES and it is also significantly faster than 3DES The table below display more detail about several differences between AES and DES cryptosystem
Table 1 Difference between AES and DES ciphers
AES – Advanced Encryption Standard DES – Data Encryption Standard
Key length can be of 128-bits, 192-bits and
Number of rounds depends on key length: 10
rounds for 128-bits, 12 rounds for 192-bits and 14
rounds for 256-bits
Involving 16 rounds of identical operations
The structure is based on
substitution-permutation network The structure is based in feistel network.
More secure than the DES cipher and is the de
facto world standard
Can be broken easily as it has known vulnerabilities (3DES - Triple DES is a variation of DES which is secure than the usual DES)
The rounds in AES are: Byte Substitution, Shift
Row, Mix Column and Key Addition The rounds in DES are : Expansion, XOR operationwith round key, Substitution and Permutation Can encrypt 128 bits of plaintext Can encrypt 64 bits of plaintext
Be derived from square cipher Be derived from Lucifer cipher
Was designed by Vincent Rijmen and Joan
No known crypt-analytical attacks against AES but
side channel attacks against AES implementations
possible Biclique attack have better complexity
than brute-force but still ineffective
Known attacks against DES include: Brute-force, Linear analysis and Differential crypt-analysis
a Asymmetric encryption system
An asymmetric encryption system is an encryption system that uses a pair of keys for every party: public key which are published openly, and a private key which are never revealed for encryption and decryption It means the key used encryption process will be totally different from the key used to decrypt the data In this system, the sender sends the information encrypted by public key through a non-confidential communication channel to the receiver The
Trang 7recipient who receives the information will use the private key to decrypt it Advantage of this encryption system is hackers will also know the public key, however, because there is no private key, they cannot see the submitted information
One of the most widely used asymmetric key cryptosystem is RSA and digital signature, which use the public key encryption system as a principle to verify the authenticity of digital messages
or documents
b Rivest–Shamir–Adleman (RSA)
The RSA algorithm has come to be known by the acronym from the inventors’name: Ron Rivest, Adi Shamir and Leonard Adleman The three authors firstly described the RSA cipher in 1977 and
that idea was patented in 1983 by Massachusetts Institute of Technology (MIT), but it was not until the early days of the Internet that the algorithm began to see widespread adoption as an important security tool Moreover, the RSA cryptosystem has stood the test of time to this day, where it is used in cryptographic applications from banking, and e-mail security to e-commerce
on the Internet
RSA cryptosystem involves these major steps
Key Generation
o Select two large prime numbers5, and The prime numbers need to be very large, and also relatively far apart, so that they will be difficult for someone to figure them out
o Calculate a trap function6:
o Calculate the Euler’s totient function:
o Select an integer , such that is co-prime7 to and The pair of numbers makes
up the public key
o Calculate such that The number can be found using the Extended Euclidean Algorithm The pair makes up the private key
Encryption
Given a plaintext , represented as a number, the ciphertext is calculated as:
Decryption
Using the private key , the plaintext can be found using:
To sum up, the basic principle of this cipher is to find three very large positive integers , and can
be found where:
The idea of RSA is based on the fact that it is difficult to factorize a large integer The public key consists of two numbers where one number is multiplication of two large prime numbers And
5 Prime number is a number that cannot be divided by any other number except itself and the number 1 For example, 2, 3, and 7 are prime numbers
6 A trapdoor function is a function that is easy to compute in one direction, yet believed to be difficult to compute
in the opposite direction (finding its inverse) without special information
7 In number theory, two integers and are relatively prime, mutually prime, or coprime if the only positive integer that evenly divides (is a divisor of) both of them is 1
Trang 8private key is also derived from the same two prime numbers So if somebody can factorize the large number, the private key is compromised; though, even knowing , and , it is very difficult to find Therefore encryption strength totally lies on the key size and if we double or triple the key size, the strength of encryption increases exponentially RSA keys can be typically 1024 or 2048 bits long Although experts believe that 1024 bit keys could be broken in the near future, it seems to be an infeasible task so far
Figure 5 RSA cryptosystem
c Diffie-Hellman (DH) key exchange algorithm
Although symmetric key algorithms are fast and secure, key exchange is always an issue A solution for this problem is using hybrid crypto system, the combination of symmetric and asymmetric encryption Asymmetric encryption is used as a technique in key exchange mechanism to share secret key After the key is shared between senders and receivers, the communication will take place using symmetric encryption, and then, the shared secret key will
be used to encrypt the communication The Diffie-Hellman algorithm, named after two authors Whitfield Diffie and Martin Hellman, is a method for securely exchanging cryptographic keys over
a public communications channel Actually, the keys are not really exchanged, but they are jointly derived The DH algorithm is also one of the earliest known asymmetric key implementations that is still in use today
DH key exchange is a complicated cipher and it can be difficult to understand how it works because it uses huge amount and a lot of math Basically, the original idea of this algorithm is illustrated in the picture below:
Trang 9Figure 6 Basic idea of Diffie-Hellman algorithm
Claiming that there are two people, Alice and Bob, need to exchange their secret paint colors through a mixture of colors At first, Alice and Bob publicly agree on an arbitrary starting color that does not have to be kept secret (■) Each person also secretly selects a color that they keep
to themselves (Alice’s color is ■, and Bob’s color is ■) The next crucial part of the process is the two parties mix their own private color together with their mutually shared one and then publicly exchange the two mixtures (■ and ■) After received the mixture from the other, each person adds their own secret color to get the identical color mixture (■) This final mixtures are exactly the same for both people and only the two know, called the common secret color The important point of this key exchange method is that both parties can get the same result, without having to send all the shared secrets on the communication channel Choose a generic color, their own private color, swap the first mixture and then add their own color again, giving both sides a way to go to the same generic secret without having to submit the whole If there is
an outsider listening for the exchange, he or she could only know the common color (■) and the exchanged mixture (■ and ■) because it will be not easy (in terms of calculation) to figure out the two's shared secrets or the final color (■) Now, the two parties will use this shared secret to encrypt and decrypt data transmitted on public channels, which means they can safely communicate with each other
Trang 10The cryptographic explanation of the DH algorithm is described in the table below In this table,
is a prime number, is a primitive root8 of and they are both publicly available numbers On the other hand, and are the private values selected by the two parties
Table 2 DH process
Public keys available
Private key selected
Key generated
Exchange the generated keys
Key received
Secret key generated
Since , we can algebraically show that In this process, only the numbers and are kept secret All the other values, such as , , and are sent in the clear The strength of the scheme comes from the fact that take extremely long times to compute just from the public values Once the two parties complete computing the shared secret key they can use it to encrypt the messages for sending and communicating across the same open channel
The Diffie–Hellman key agreement is not limited to negotiating a key shared by only two participants Any number of users can take part in an agreement by performing iterations of the agreement protocol and exchanging intermediate data, which does not itself need to be kept secret
4.4 Theoretical Analysis of Encryption Algorithm
The table below shows several different points between the four algorithms mentioned above in the study
Table 3 Comparison between the DES – AES – RSA – DH Algorithms
Algorithm Symmetric Symmetric Asymmetric Asymmetric
Key length 56 bits 128, 192 or 256
bits 1024 bits Key exchange management
Power
Security Not enough
security Excellent secure Less secure than DES Least secure
Implementation Complex Simple Complex Complex
8 A primitive root mod is an integer such that every integer relatively prime to a positive number is congruent to a power of That is, the integer is a primitive root (mod ) if for every number relatively prime to there is an integer such that