Secret-key cryptography

Secret-key cryptography uses the same secret key for encryption and decryption.

Substitution ciphers

Substitution ciphers are a class of ciphers where parts of a message are substituted for something else. An example is a code book, where each word is replaced with a code word. The Caesar cipher is a monoalphabetic substitution cipher where each letter is shifted in the alphabet. Substitution ciphers are vulnerable to frequency analysis.

Vigenère cipher

To prevent frequency analysis a polyalphabetic cipher can be used such as the Vigenère cipher. This uses a different shifted alphabet for each character of the key word.

Permutation ciphers

Permutation ciphers shift or transpose the plaintext to obfuscate it.

One time pad

A one time pad is the only truly secure encryption method. It uses a one time pad, which is a unique, single use key the same length as the plaintext. The one time pad and plaintext are then XOR'd to give the ciphertext. Whilst this is secure it is very impractical.

Data Encryption Standard

The Data Encryption Standard (DES) is a symmetric-key encryption algorithm. It is based on the Feistel approach. It is a block cipher and uses a 64-bit block size. It uses a 56-bit secret key and 16 rounds of encryption per block. Each block is split into two parts and these half-blocks. One of the half blocks is expanded, combined with a subkey, put though substitution boxes and permuted, then combined with the other half block. 16 subkeys are generated from the 56-bit key for each round of encryption.

DES is no longer considered secure, and has been replaced by the Advanced Encryption Standard (AES). This uses larger block sizes and longer keys and a different implementation.

Principles of good encryption

  • Confusion - Changing part of the key will change multiple parts of the ciphertext. This hides the relationship between the ciphertext and key.

  • Diffusion - Changing part of the plaintext will change multiple parts of the ciphertext. This hides the relationship between plaintext and ciphertext.

  • A cryptographic system should still be secure if everything is known about it except the key.

  • Management of the scheme must be feasible and cost effective.

Comparison of public and secret key encryption

Public key cryptography uses key lengths of around 2048 bits as its security relies on the difficulty of prime factorisation as the key isn't secret, whereas secret key encryption can use keys around 256 bits but the key needs to be kept secret. Because of this, public key encryption is much more useful for establishing a secure connection over an insecure channel but once the secure connection is established secret key is better as it is faster.