# Popular Cryptosystems Use A Hybrid Combination Of Symmetric And Asymmetric Algorithms.

The word encryption refers to a method by which plain text is converted into an incomprehensible sequence using a key. In the best case scenario, the content of the encrypted text is only accessible to the user who has the key to read it. The terms “plaintext” and “ciphertext” have historically been used when talking about encryption. In addition to text messages, modern encryption methods can also be applied to other electronically transmitted information such as voice messages, image files, or program code.

Encryption is used to protect files, drives, or directories from unwanted access or to transmit data confidentially. In ancient times, simple encryption methods were used which were primarily restricted to coding the information that was to be protected. Individual characters of plaintext, words, or entire sentences within the message are rearranged (transposition) or replaced by alternative character combinations (substitution).

To be able to decode such an encrypted text, the recipient needs to know the rule used to encrypt it. Permutations in the context of transposition methods are usually carried out using a matrix. To rewrite a transposed ciphertext into plaintext, you have to either know or reconstruct the transposition matrix. Substitution methods are based on a tabular assignment of plaintext characters and ciphers in the form of a secret code book.

One of the first and easiest encryption methods of this type goes all the way back to Julius Caesar. The so-called Caesar cipher is based on monoalphabetic substitution. To protect his military correspondence from enemy spies, the emperor shifted the letters of each word by three steps in the alphabet. The resulting encryption code went as follows:

The number of steps by which the characters are moved counts as the key in this type of encryption. This isn’t given as a number, but instead as the corresponding letter in the alphabet. A shift by three digits uses “C” as its key.

While the principle behind the Caesar cipher is relatively simple, today’s ciphers are based on much a more complex mathematical process, called an algorithm, several of which combine together various different substitutions and transmutations using keys in the form of passwords or binary codes as their parameters. These methods are much more difficult for crypto-analysts (code-crackers) to decipher. Many established cryptosystems created using modern means are considered uncrackable.

Contents
How does encryption work?Symmetric encryption methods

## How does encryption work?

An encryption method is formed from two basic components: a cryptographic algorithm and at least one cipher key. While the algorithm describes the encryption method (for example, “move each letter along the order of the alphabet”), the key provide the parameters (“C = Three steps”). An encryption can therefore be described as a method by which plaintext and a key are passed through a cryptographic algorithm, and a secret text is produced.

Modern cipher methods use digital keys in the form of bit sequences. An essential criteria for the security of the encryption is the key length in bits. This specifies the logarithmic units for the number of possible key combinations. It is also referred to in such as case as key space. The bigger the key space, the more resilient the encryption will be against brute force attacks – a cracking method based on testing all possible combinations.

To explain brute force attacks, we’ll use the Caesar cipher as an example. Its key space is 25 – which corresponds to a key length of less than 5 bits. A code-cracker only needs to try 25 combinations in order to decipher the plaintext, so encryption using the Caesar cipher doesn’t constitute a serious obstacle. Modern encryption methods, on the other hand, use keys which can provide significantly more defense. The Advanced Encryption Standard (AES), for example, offers the possibility to select key lengths of either 128, 192, or 256 bits. The key length of this method is accordingly large, as a result.

Even with 128-bit encryption, 2128 conditions can be mapped. These correspond to more than 240 sextillion possible key combinations. If AES works with 256 bits, the number of possible key is more than 115 quattuorvigintillion (or 1075). Even with the appropriate technical equipment, it would take an eternity to try out all of the possible combinations. With today’s technology, brute force attacks on the AES key length are simply not practical. According to the EE Times, it would take a supercomputer 1 billion billion years to crack a 128-bit AES key, which is more than the age of the universe.

Because of the long key lengths, brute force attacks against modern encryption methods are no longer a threat. Instead, code-crackers look for weaknesses in the algorithm that make it possible to reduce the computation time for decrypting the encrypted data. Another approach is focused on so-called side channel attacks that target the implementation of a cryptosystem in a device or software. The secrecy of an encryption process is rather counterproductive for its security.

According to Kerckhoffs’ principle, the security of a cryptosystem is not based on the secrecy of the algorithm, but on the key. As early as 1883, Auguste Kerckhoffs formulated one of the principles of modern cryptography: To encrypt a plaintext reliably, all you really need is to do is provide a well-known mathematical method with secret parameters. This theory remains basically unchanged today.

Like many other areas of software engineering, the development of encryption mechanisms is based on the assumption that open source doesn’t compromise the security. Instead, by consistently applying Kerckhoffs’ principle, errors in the cryptographic algorithm can be discovered quickly, since methods which hope to be adequate have to hold their own in the critical eyes of the professional world.

Users who want to encrypt or unencrypt files generally don’t come into contact with keys, but instead use a more manageable sequence: a password. Secure passwords have between 8 and 12 characters, use a combination of letters, numbers, and special characters, and have a decisive advantage over bit sequences: People can remember passwords without requiring much effort.

As a key, though, passwords aren’t suitable for encryption because of their short length. Many encryption methods then include an intermediate step where passwords of any length are converted into a fixed bit sequence corresponding to the cryptosystem in use. There are also methods that randomly generate keys within the scope of the technical possibilities.

A popular method of creating keys from passwords is PBKDF2 (Password- Based Key Derivation Function 2). In this method, passwords are supplemented by a pseudo-random string, called the salt value, and then mapped to a bit sequence of the desired length using cryptographic hash functions.

Hash functions are collision-proof one-way functions – calculations which are relatively easy to carry out, but take a considerable effort to be reversed. In cryptography, a method is considered secure when different hashes are assigned to different documents. Passwords that are converted into keys using a one-way function can only be reconstructed with considerable computational effort. This is similar to searching in a phone book: While it’s easy to search for the phone number matching a given name, searching for a name using only a telephone number can be an impossible attempt.

In the framework of PBKDF2, the mathematical calculation is carried out in several iterations (repetitions) in order to protect the key that’s been generated against brute force attacks. The salt value increases the reconstruction effort of a password on the basis of rainbow tables. A rainbow table is an attack pattern used by code-crackers to close out stored hash values to an unknown password.

Other password hashing methods are scrypt, bcrypt, and LM-Hash, however the later is considered outdated and unsafe.

A central problem of cryptology is the question of how information can be encrypted in one place and decrypted in another. Even Julius Caesar was faced with the problem of key distribution. If he wanted to send an encrypted message from Rome to the Germanic front, he had to make sure that whoever was going to receive it would be able to decipher the secret message. The only solution: The messenger had to transmit not only the secret message, but also the key. But how to transfer the key without running the risk of it falling into the wrong hands?

The same question keeps cryptologists busy today as they try to transfer encrypted data over the internet. Suggested solutions are incorporated in the development of various cryptosystems and key exchange protocols. The key distribution problem of symmetric cryptosystems can be regarded as the main motivation for the development of asymmetric encryption methods.

In modern cryptology, a distinction is made between symmetric and asymmetric encryption methods. This classification is based on key handling.

With symmetric cryptosystems, the same key is used both for the encryption and the decryption of coded data. If two communicating parties want to exchange encrypted data, they also need to find a way to secretly transmit the shared key. With asymmetric cryptosystems on the other hand, every partner in the communication generates their own pair of key: a public key and a private key.

When symmetric and asymmetric encryption methods are used in combination, it’s called a hybrid method.

Since the 1970s, encryptions of information have been based on symmetric cryptosystems whose origins lie in ancient methods like the Caesar cipher. The main principle of symmetric encryption is that encryption and decryption are done using the same key. If two parties want to communicate via encryption, both the sender and the receiver need to have copies of the same key. To protect encrypted information from being accessed by third parties, the symmetric key is kept secret. This is referred to as a private key method.

While classic symmetric encryption methods work on the letter level to rewrite the plaintext into its secret version, ciphering is carried out on computer-supported cryptosystems at the bit level. So a distinction is made here between stream ciphers and block ciphers.

Stream ciphers: Each character or bit of the plaintext is linked to a character or bit of the keystream that is translated into a ciphered output character.Block ciphers: The characters or bits to be encrypted are combined into fixed-length blocks and mapped to a fixed-length cipher.

Popular encryption methods for symmetric cryptosystems are relatively simple operations such as substitution and transposition thatare combined in modern methods and applied to the plaintext in several successive rounds (iterations). Additions, multiplications, modulararithmetic, and XORoperations are also incorporated into modern symmetric encryption algorithms.

Well-known symmetric encryption methods include the now-outdated Data Encryption Standard (DES) and its successor, the Advanced Encryption Standard (AES).

DES is a symmetric encryption method that was developed by IBM in the 1970s and standardized in 1977 by the US National Institute of Standards and Technology (NIST). By the standards of the time, DES was a secure, computer-assisted encryption method and formed the basis for modern cryptography. The standard is not patented, but due to the relatively low key length of 64 bits (effectively only 56 bits), it’s basically obsolete for use today. As early as 1994, the cryptosystem was cracked with only twelve HP-9735 workstations and a 50-day computing effort. With today’s technology, a DES key can be cracked in just a few hours using brute force attacks.

The symmetric algorithm of a block encryption works at the bit level. The plaintext is broken down into blocks of 64 bits, which are then individually encrypted with a 64-bit key. In this way, the 64-bit plaintext is translated into 64-bit secret text. Since each eighth bit of the key acts as a parity bit (or check bit), only 56 bits are available for encryption.

The DES encryption algorithm is a so-called Feistel network and is based on a combination of substitutions and transpositions performed in 16 iterations. The process, named after the IBM employee Horst Feistel, can be described in four steps:

1.

Initial permutation: The included 64-bit plaintext block is subjected to an input permutation, which changes the order of the bits. The result of this permutation is written into two 32-bit registers. This results in a left block half (L) and a right block half (R).

2.Key permutation: The 56 bits of the key that are relevant for the encryption are also subjected to a permutation, and then divided into two 28-bit blocks (C and D). For every 16 iterations, a round key is generated from both key blocks C and D. To do this, the bits of both block halves are shifted cyclically to the left by 1 or 2 bits, respectively. This should ensure that in every encryption round, a different round key is included. Afterward, the two half blocks C and D are mapped onto a 48-bit round key.

3.Encryption round: Every encryption round includes the steps a) through d). For each loop, a half block R and a round key are inserted in the encryption. The half block L initially remains outside.

Expansion: The half block R is extended to a 48-bit block using expansion. For this, the 32 bits of the half block are divided into 4-bit groups as part of the expansion, and then are partially duplicated and permuted according to the following scheme:

DES expansion, Wikipedia: https://de.wikipedia.org/wiki/Datei:Des_expansion.svg
XOR-link of data block and round key: In every encryption round, a 48-bit expanded block R is linked with a 48-bit round key using an XOR operation. The result of the XOR-link is in turn a 48-bit block.S-boxes (substitution boxes): Following the XOR operation, the 48-bit block is split into eight 6-bit blocks, substituted by eight 4-bit blocks using S-boxes, and then combined into a 32-bit block. The result of the substitution boxes is again subjected to a permutation.XOR-link of R block and L block: After every encryption round, the result of the S-boxes is linked with the as-yet unused L blocks via XOR. The result is a 32-bit block that then enters the second encryption phase as a new R block. The R block of the first round serves as the L block of the second round.

4.Final permutation: If all 16 encryption sessions have been completed, the L and R blocks are combined into a 64-bit block and subjected to an inverse output permutation for the final permutation. The plaintext is encrypted.

The following graphic shows a schematic representation of the DES algorithm. The XOR-links are marked as red circles with white crosses.

Translated from: DES Ablauf / Public Domain, Wikipedia: https://de.wikipedia.org/wiki/Datei:DES_resize.png
The deciphering of DES encrypted secret texts follows the same scheme, but in the reverse order.

A major criticism of DES is the small key length of 56 bits results in comparatively small key space. This length can no longer withstand the brute force attacks that are available with today’s computing power. The method of key permutation, which generates 16 nearly identical round key, is considered too weak.

A variant of DES was developed with Triple-DES (3DES), where the encryption method runs in three successive rounds. But the effective key length of 3DES is still only 112 bits, which remains below today’s minimum standard of 128 bits. Additionally, 3DES is also more computer-intensive than DES.

The Data Encryption Standard has therefore largely been replaced. The Advanced Encryption Standard algorithm has taken over as its successor, and is also a symmetric encryption.

In the 1990s, it became apparent that DES, the most commonly used encryption standard, was no longer technologically up to date. A new encryption standard was needed. As its replacement, developers Vincent Rijmen and Joan Daemen established the Rijndael Algorithm (pronounced “Rain-dahl”) – a method that, due to its security, flexibility, and performance, was implemented as a public tender and certified by NIST as the Advanced Encryption Standard (AES) at the end of 2000.

AES also divides the encrypted plaintext into blocks, so the system is based on block encryption just like DES. The standard supports 128, 192, and 256 bit keys. But instead of 64-bit blocks, AES uses significantly larger 128-bit blocks, which are encrypted using a substitution permutation network (SPN) in several successive rounds. The DES-successor also uses a new round key for each encryption round, which is derived recursively from the output key and is linked with the data block to be encrypted using XOR. The encryption process is divided into roughly four steps:

1.Key expansion: AES, like DES, uses a new round key for every encryption loop. This is derived from the output key via recursion. In the process, the length of the output key is also expanded to make it possible to map the required number of 128-bit round keys. Every round key is based on a partial section of the expanded output key. The number of required round keys is equal to the number of rounds (R), including the key round, plus a round key for the preliminary round (number of keys = R + 1).

2.Preliminary round: In the preliminary round, the 128-bit input block is transferred to a two-dimensional table (Array) and linked to the first round key using XOR (KeyAddition). The table is made up of four rows and four columns. Each cell contains one byte (8 bits) of the block to be encrypted.

3.Encryption rounds: The number of encryption rounds depends on the key length used: 10 rounds for AES128, 12 rounds for AES192, and 14 rounds for AES256. Each encryption round uses the following operations:

SubBytes: SubBytes is a monoalphabetic substitution. Each byte in the block to be encrypted is replaced by an equivalent using an S-box.ShiftRows: In the ShiftRow transformation, bytes in the array cells (see preliminary round) are shifted continually to the left.MixColumns: With MixColumns, the AES algorithm uses a transformation whereby the data is mixed within the array columns. This step is based on a recalculation of each individual cell. To do this, the columns of the array are subjected to a matrix multiplication and the results are linked using XOR.KeyAddition: At the end of each encryption round, another KeyAddition takes place. This, just like the preliminary round, is based on an XOR link of the data block with the current round key.

4.Key round: The key round is the last encryption round. Unlike the previous rounds, it doesn’t include MixColumn transformations, and so only includes the SubBytes, ShiftRows, and KeyAddition operations. The result of the final round is the ciphertext.

The encryption of AES-ciphered data is based on the investment of the encryption algorithm. This refers to not only the sequence of the steps, but also the operations ShiftRow, MixColumns, and SubBytes, whose directions are reversed as well.

AES is certified for providing a high level of security as a result of its algorithm. Even today, there have been no known practical relevance attacks. Brute force attacks are inefficient against the key length of at least 128 bits. Operations such as ShiftRows and MixColumns also ensure optimal mixing of the bits: As a result, each bit depends on a key. The cryptosystem is reassuring not just because of these measures, but also due to its simple implementation and high level of secrecy. AES is used, among other things, as an encryption standard for WPA2, SSH, and IPSec. The algorithm is also used to encrypt compressed file archives such as 7-Zip or RAR.

AES-encrypted data is safe from third-party access, but only so long as the key remains a secret. Since the same key is used for encryption and decryption, the cryptosystem is affected by the key distribution problem just like any other symmetric method. The secure use of AES is restricted to application fields that either don’t require a key exchange or allow the exchange to happen via a secure channel.

But ciphered communication over the internet requires that the data can be encrypted on one computer and decrypted on another. This is where asymmetrical cryptosystems have been implemented, which enable a secure exchange of symmetrical keys or work without the exchange of a common key.

Available alternatives to AES are the symmetric cryptosystems MARS, RC6, Serpent, and Twofish, which are also based on a block encryption and were among the finalists of the AES tender alongside Rjindael. Blowfish, the predecessor to Twofish, is also still in use. Salsa20, which was developed by Daniel J. Bernstein in 2005, is one of the finalists of the European eSTREAM Project.

Published