Symmetric key algorithm
From Exampleproblems
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption.
The encryption key is trivially related to the decryption key, in that they may be identical or there is a simple transform to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link.
Other terms for symmetric-key encryption are single-key and private-key encryption. Use of the latter term can sometimes conflict with the term private key in public key cryptography.
Contents |
Types of symmetric-key algorithms
Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits and encrypt them as a single unit. Blocks of 64 bits have been commonly used; the Advanced Encryption Standard algorithm approved by NIST in December 2001 uses 128-bit blocks.
Symmetric-key algorithms are not always used alone. In modern cryptosystem designs, both asymmetric and symmetric algorithms are used to take advantage of the virtues of both. Such systems include SSL, PGP and GPG, etc. Asymmetric key algorithms make key distribution for faster symmetric key algorithms. In modern times symmetric key algorithms have been largely from one of two classes: block cyphers and stream cyphers.
Some examples of popular and well-respected symmetric algorithms include Twofish, AES (aka Rijndael), Blowfish, RC4, 3DES, and IDEA.
Speed
Symmetric-key algorithms are generally much less computationally intensive than asymmetric key algorithms. In practice, this means that a quality asymmetric key algorithm is hundreds or thousands of times slower than a quality symmetric key algorithm. The disadvantage of symmetric-key algorithms is the requirement of a shared secret key, with one copy at each end. Since keys are subject to potential discovery by a cryptographic adversary, they need to be changed often and kept secure during distribution and in service. The consequent requirement to choose, distribute and store keys without error and without loss is difficult to reliably achieve.
Very often these days, the much slower asymmetric algorithms are used to distribute symmetric-keys at the start of a session, then the higher speed symmetric-key algorithms take over. The same problems of reliable key distribution still exists at the asymmetric level, but they are somewhat more tractable. However, the symmetric key is nearly always generated in realtime.
Reversibility
Cryptographic functions must, by definition, be reversible, since you need to be able to both encrypt and (provided you have the right key) decrypt messages.
Various methods have been used historically to manage this. There have been book ciphers, in which the shared key is related to some content in a book, auto-key ciphers in which the key is partially derived from the plaintext, grill ciphers (supposedly first invented by the Italian mathematician Gerolamo Cardano), etc. In modern times, after computers became available, most symmetric ciphers have been based on 'rounds'. Usually a rather simple scheme is used repeatedly as in the following generic example. This general method is usually ascribed to Horst Feistel. For a more indepth description of this method (with diagrams) see Feistel cipher.
The bits to be encoded are split into two parts P1 and P2. P1 is unchanged, P2 is added (or exclusive-or'd) to a one-way hashed function f (varied by a key or 'salt') of P1. The two results are then swapped over. This is called 'a round'.
i.e. where p1, p2, key are bit vectors; ',' is a concatenation operator and f is a function
p1, p2 -> p2', p1 such that:
p2' = p2 + f(p1, key)
Since the output of the round still has access to the value P1, and the addition is a reversible operation, then this operation may be undone, for any one way function f.
Whilst a single round is very insecure, as p1 is unchanged, repeating this operation more than once, often with different functions and keys, greatly improves the strength.
To decrypt multiple rounds, each round is undone in reverse order, hence for decryption the keys are applied in reverse order.
After sufficient rounds (typically between 8 and 64) have been performed, the output is very scrambled until, ideally, brute force attacks are the quickest way to crack the code.
Attacks on symmetric cyphers
Symmetric ciphers are often susceptible to known-plaintext attacks, chosen plaintext attacks, differential cryptanalysis and linear cryptanalysis. Careful construction of the functions for each round can make these attacks difficult to perform. When used with asymmetric ciphers for key transfer, pseudorandom key generators nearly always used to generate the keys; incorrect initialisation of the pseudorandom generator has commonly lead to cryptanalytic breaks in the past. Very careful implementation of the system can minimise these risks.de:Symmetrisches Kryptosystem es:Criptografía simétrica fr:Cryptographie symétrique it:Crittografia simmetrica lt:Simetrinio rakto kriptografija nl:Symmetrische cryptografie ja:共通鍵暗号 pl:Kryptografia symetryczna pt:Criptografia simétrica
