Three Main Types of Cryptographic Algorithms There are three main types of cryptographic algorithms: (1) secret key, (2) public key, and (3) hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied (For example SSL uses 3DES or DES) for message encryption. Use your own words. When you pick an algorithm, try not to repeat. Be sure to reference your sources.

There are three main types of cryptographic algorithms: (1) secret key, (2) public key, and (3) hash functions. Pick an algorithm for any one of these types (e.g., DES, AES, RSA, MD5) and describe how it works and where it is applied (For example SSL uses 3DES or DES) for message encryption. Use your own words. When you pick an algorithm, try not to repeat. Be sure to reference your sources.

# Three Main Types of Cryptographic Algorithms Readings

Kessler, G. (2018). Overview of Cryptography (This is the main resource we will use in this session. This is a readable introduction to a hard subject, Cryptography, that provides a formal basis for computer and information security.)

https://www.garykessler.net/library/crypto.html

Khan’s Academy. (n.d.). What is cryptography?

https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/intro-to-cryptography

NIST. (2016). SP800-175b; Guidelines for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms

https://learn.umuc.edu/content/enforced/412343-002203-01-2192-GO1-9044/NIST.SP.800-175b.pdf

Sidikin, M.A.S. & Rini Wisnu, W. (2016). Implementation of RSA 2048-bit and AES 256-bit with Digital Signature for Secure Electronic Health Record Application. Commit Journal, Vol 10, Iss 2, Pp 63-69 (2016), (2), 63.

https://learn.umuc.edu/content/enforced/412343-002203-01-2192-GO1-9044/Sadiku.pdf

## Three Main Types of Cryptographic Algorithms Session Notes

We will focus on some of the terms and concepts behind basic cryptographic methods in use today. History of cryptography or pre-computerized crypto schemes is not of focus.

In cryptography, there are basically three types of algorithms or techniques:

- Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
- Public Key Cryptography (PKC): Uses one key for encryption and another for decryption (They are mathematically related; however, one cannot infer one key, specifically the private key knowing the other, the public key.)
- Hash Functions: Uses a one-way mathematical transformation that is hard to reverse.

The secret key cryptography is typically used for message confidentiality (because it is faster than public key cryptography), hashing is used for message integrity, and public key cryptography is employed for verifying the authenticity of the sender of a message and for exchanging the key used in secret key cryptography. See Section 3.4 of Kessler.

Symmetric Key Algorithms

In Symmetric Key cryptography, there are two major types: (1) block encryption, and (2) stream encryption.

Block Encryption

In block encryption, there are two well-known techniques or algorithms, DES and AES. The Data Encryption Standard (DES) algorithm was developed in the 1970s at the U.S. National Bureau of Standards (NBS, known at the National Institute of Standards and Technology (NIST) since 1988). DES essentially employs two techniques, substitution and transposition (permutation), and the whole process is repeated sixteen times. Substitution and permutation aim to increase confusion and diffusion, respectively. The NIST SP800-175b publication provides a thorough application of cryptographic mechanisms.

DES uses a 56-bit key, so there are 256 = 7.2 x 1016 possible keys. A cryptanalyst, using a brute-force approach to crack a DES cryptogram, might try looping through all possible keys. In the 1970s, 7.2 x 1016 possible keys was a good deterrent, given the computing power available in those days. The 56-bit key based encryption can easily be broken by brute force by today’s computers.

Recognizing the vulnerability of DES, one might expect that DES might be made uncrackable by running DES-encrypted ciphertext through the DES algorithm a second time, to square the complexity. As it turns out, this strategy only doubles the complexity, making the key length effectively 57 bits rather than 56. A triple-DES (3DES) algorithm has been developed that provides an effective 112-bit key length, which is roughly 5.2 x 1033 possible keys, affording plenty of protection for known attacks. Variations of 3DES are defined that involve the use of one, two, or three independent keys. 3DES is unfortunately very slow.

Advanced Encryption Standard (AES), the Rijndael algorithm is capable of 256-bit (or more) keys. It has many of the attributes of the “perfect” cipher in that it is an open design, yet maximizes the entropy of a coded message. Entropy, as defined by Shannon, the father of modern information theory, gives an indication of the randomness of a message or a data set. The more entropy or unpredictability of a message is, the harder it is to decipher or break it. AES is also computationally more efficient than 3DES.

Stream Cipher

Stream ciphers employ the XOR logical function for both encryption-decryption using a key stream. They take advantage of the fact that:

X (XOR) Y (XOR) Y = X. (X is the message and Y is the key.)

RC4 is perhaps the most used stream cipher including in products supporting Secure Socket (SSL) and Secure Electronic Transaction. RC 4 is a variable length cipher.

Public-Key Cryptography

Symmetric-key algorithms offer an advantage in terms of encryption and decryption speed, they, however, suffers from two key management issues. They require a large number of keys, O (n**2) to be precise, where n is the number of communicating parties. (This entire means is that the number of keys grows as a squared function of n). They also depend on a reliable mechanism (outside the symmetric-key encryption mechanism) to distribute keys. Consequently, there was a push to develop new algorithms to address the problem of key distribution, leading to the novel idea of asymmetric cryptosystems that would use one (public) key to encrypt a message, and another (private) key to decrypt it. Public key mechanisms require only O(n) keys, n private and n public keys, to be exact.

Asymmetric-key (public-key) algorithms are usually implemented with a mathematical trapdoor function: A trapdoor function is a function that is easy to compute in one direction, and difficult to compute in the opposite direction (it’s inverse). For example, calculating the 7th root of 62,748,517 is much more difficult than calculating 137.

Rivest-Shamir-Adelman Encryption (RSA)

The RSA algorithm (named after its inventors, R.L. Rivest, A. Shamir, and L. Adleman of MIT) is perhaps the most well-known public key crypto algorithm. It was published in 1978.

Some key features of the RSA algorithm are:

- It is a public key cipher, that is, a public key is used to encrypt a message M.
- The encrypted message of M can only be decrypted using the private key that is paired with the public key that was used to encrypt the message.
- It is a block code, i.e., the plaintext is encrypted in blocks.

RSA works by using the product of two large prime numbers as a trapdoor function. To break an RSA cipher, therefore, involves factoring very large numbers. Obviously, the security of RSA increases as the value of the product gets larger. It’s been estimated that it would cost about $15M to build a device to crack 1024-bit RSA keys.

The RSA algorithm can be used both for message confidentiality and message authenticity. For confidentiality, the sender encrypts a message with the receiver’s public key. Since only the receiver has the receiver’s private key, he (the receiver) and he alone can decrypt the message. If a sender were to encrypt a message with his own private key, anyone who has the sender’s public key can decrypt the message. But, since only the sender has the sender’s private key, only the sender could have sent the message, hence proving the authenticity of the message, i.e., the message was sent by the sender. One can easily combine both to achieve both confidentiality and authenticity for a message. In fact, these two can be combined with a feature for message integrity. With a digital signature, one achieves message integrity and sender’s authenticity.

Diffie-Hellman

It should be emphasized that the Diffie-Hellman algorithm is not directly used to encrypt messages; rather, it is a key distribution mechanism. Its particular strength is that it can be used to establish a secret key between two parties over a completely public channel, such as the newspaper or the Internet.

One problem with the Diffie-Hellman algorithm is that it is subject to man-in-the-middle attacks. This is because the Diffie-Hellman algorithm does not authenticate the two parties.

Public Key Certificate and Certificate Authorities

In public key cryptography, how do you trust a public key? How does a recipient determine if a public key really belongs to the sender and is being used for a legitimate purpose? Public-key certificates address this issue. A certificate (by a trusted third party) in essence attests that a public key is legitimate. See Section 4.3 of Kessler.

Hash Function

A hash function is (in principle) is also trapdoor function, since an ideal hash function will have no inverse solution. So, given a hash value, it is it impossible for either the contents or length of the plaintext to be recovered. Another property of hash functions used in cryptography is that it is computationally infeasible to find another plaintext that hashes to the same value. In other words, any change to plaintext by an interceptor will produce a different hash. As such, hash functions play an important role in message integrity.

### Three Main Types of Cryptographic Algorithms Digital Signature

With a digital signature, one achieves message integrity and sender’s authenticity. The digital signature is formed in two steps. First, the sender computes the hash value of his message. She then encrypts the hash value with her private key. The sender sends the message along with the digital signature consisting of the encrypted value of the hash function. Upon receipt of the digital signature and the message, the receiver recovers the hash by decrypting the digital signature with the sender’s public key. The receiver can then apply the hash function to the original message, If the resultant hash value is not the same as the value supplied by the sender, then the sender knows that the message has been altered; if the hash values are the same, the message the receiver got is identical to the one that was sent. Moreover, since only the sender has the sender’ private key, only the sender could have sent it proving the message authenticity. The Sidikin article is a strong supplement on digital signature technology and application.

Read Kessler resource at least a couple of times. Do not get discouraged if you do not understand everything. We will revisit these cryptographic techniques in the INFA 620: Network and Internet Security course. We will be applying these cryptographic techniques to build better network security infrastructure or protocols (e.g., IPsec and SSL/TLS). In INFA 640, the course devoted to cryptography and cryptanalysis, we will dive deeply into these topics.

### Three Main Types of Cryptographic Algorithms Review Questions

- Can you define or explain these terms in your own words?

O Encryption

o Decryption

o Secret-key cryptography

o Public-key cryptography

o Stream cipher

o Hash function

o Digital signature

o Digital certificate

o Digital envelope

- Why has it been necessary to move beyond DES? Move beyond 3DES?
- Why are public-key algorithms usually used just to establish an asymmetrically encrypted communications channel?
- How does public-key cryptography provide both sender authentication and confidentiality?
- What is the need for public-key certificates?
- What are the desired qualities in a hash function?

(These questions are intended to be a self-test of your comprehension of this session’s material; answers to these questions do not need to be turned in.)