Symmetric Ciphers

Data Encryption & Security (CEN-451)

Spring 2020, BUKC
 2

Basic Terminologies
• Plaintext: the original intelligible message.

• Ciphertext: the coded unintelligible message.

• Enciphering\Encryption: the process of converting

plaintext to ciphertext.
• Deciphering\Decryption: the process of restoring
plaintext from ciphertext.
 3

Basic Terminologies (Cont.)

• Cryptography: the study of encryption.

• Cryptanalysis: techniques used for deciphering a message

without any knowledge of the enciphering details.

• Cryptology: areas of cryptography and cryptanalysis

together.
 4

Cryptographic Algorithms
• Cryptographic algorithms can be grouped into:
1. Symmetric-key Algorithms: cryptography algorithms that
use the same cryptographic keys for both encryption and
decryption.
 5

Cryptographic Algorithms (Cont.)

• Cryptographic algorithms can be grouped into:
2. Asymmetric-key Algorithms: cryptography algorithms that
uses pairs of keys, i.e. public keys and private keys, to
encrypt and decrypt data.
 6

Cryptographic Algorithms (Cont.)

• Symmetric Encryption is used to conceal the contents of blocks or

streams of data of any size, including messages, files, encryption
keys and passwords.

• Asymmetric Encryption is used to conceal small blocks of data,

such as encryption keys and hash function values, which are
used in digital signatures.
 7

Symmetric Encryption

A general model for the symmetric encryption.

 8

Symmetric Encryption (Cont.)

 9

Symmetric Encryption (Cont.)

Properties of secret key in symmetric encryption:
 The key is input to encryption algorithm along with plaintext.
 The key is a value independent of the plaintext and the algorithm.
 The algorithm will produce a different output depending on the
specific key being used. Hence, for a given message, two different
keys will produce two different ciphertexts.
 The encryption algorithm performs various substitutions and
transpositions on the plaintext, where the exact substitutions and
transpositions depends on the key.
 10

Symmetric Encryption (Cont.)

• Kerckhoff’s principle: one should always assume that the
adversary knows the encryption/decryption algorithm. The
resistance of the cipher to attack must be based only on the
secrecy of the key.
 11

Symmetric Encryption (Cont.)

• It is “impractical” to decrypt a message on the basis of
ciphertext plus knowledge of encryption/decryption algorithm.

• There is no need to keep the algorithm secret; but only keep the
key secret. This feature makes symmetric key feasible for
widespread use. Hence, manufacturers can and have developed
low-cost chip implementations of data encryption algorithms.

• With the use of symmetric encryption, the principal security

problem is maintaining the secrecy of the key.
 12

Cryptographic Systems
• Cryptographic
Type of operations
systems are used for converting Number of keys used
The way in which
plaintext is processed
characterized plaintext to ciphertext
by three
Symmetric, single-
dimensions: key, secret-key,
Substitution Block cipher
conventional
encryption

Asymmetric, two-
Transposition key, or public-key Stream cipher
encryption
 13

Cryptographic Systems (Cont.)

Type of operations used for transforming plaintext to ciphertext:
• All encryption algorithms are based on two general principles:

a. Substitution, in which each element in the plaintext

(bit, letter, group of bits or letters) is mapped into
another element.
b. Transposition, in which elements in the plaintext
are rearranged.
 14

Cryptographic Systems (Cont.)

The way in which the plaintext is processed:
• Block cipher processes the input one block of elements at
a time, producing an output block for each input block.
• Stream cipher processes the input elements
continuously, producing output one element at a time, as it
goes along.
 15

Cryptanalysis and Brute-Force Attack

• There are two general approaches for attacking a
conventional encryption scheme:
 Cryptanalysis, rely on nature of the algorithm plus
some general characteristics of plaintext or
plaintext–ciphertext pairs. This attack attempts to
deduce a specific plaintext or the key being used.
 Brute-force attack, the attacker tries every possible
key on a piece of ciphertext until an intelligible
translation is obtained. On average, half of all
possible keys must be tried to achieve success!
 16

Cryptanalysis
• As cryptography is the science and art of creating secret codes,
cryptanalysis is the science and art of breaking those codes.
• There are four common types of cryptanalysis attacks based on
the amount of information known to the cryptanalyst:
 17

Ciphertext-only Attack
• The adversary has access to some ciphertext and tries to find
the corresponding key or plaintext.
• This is the most difficult attack for cryptanalyst since ciphertext
is all that is available (note: in some cases, not even the
encryption algorithm is known!).
 18

Ciphertext-only Attack (Cont.)

• Various methods can be used in ciphertext-only attack. The
three most common are:
1. Brute-Force Attack, an exhaustive key search method. To
prevent this type of attack, the number of possible keys must
be very large.

2. Statistical Attack, use of inherent of the

characteristic language, e.g. English or French.

3. Pattern Attack, make use of patterns in ciphertext.

 19

Ciphertext-only Attack (Cont.)

• In brute-force attack, the attack is proportional to key size.
Key Size Number of Time required at Time required at
(bits) Alternative Keys 1 decryption/µs 106 decryptions/µs

32 232 = 4.3  109 35.8 minutes 2.15 milliseconds

56 256 = 7.2  1016 1142 years 10.01 hours

128 2128 = 3.4  1038 5.4  1024 years 5.4  1018 years

168 2168 = 3.7  1050 5.9  1036 years 5.9  1030 years

26 characters
26! = 4  1026 6.4  1012 years 6.4  106 years
(permutation)
 20

Known-Plaintext Attack
• The attacker has earlier access to plaintext/ciphertext
pair which is used to attack newly intercepted ciphertext.
 21

Chosen-Plaintext Attack
• Similar to known-plaintext attack but the plaintext/ciphertext
pair is chosen by attacker.
• E.g. analyst is able to get the source to generate messages
chosen by the analyst, then use the choose plaintext and the
intercept chiphertext pairs for the attack.
 22

Chosen-Ciphertext Attack
• Similar to chosen-plaintext attack but the attacker
choses ciphertext and decrypts it to form ciphertext/plaintext pair.
• E.g. the analyst has access to destination and chooses
some ciphertext and decrypts it to form a plaintext/ciphertext pair.
 23
Cryptanalysis Attack Summary
 24

Cryptanalysis Attack Summary (Cont.)

• Only relatively weak algorithms fail to withstand a ciphertext- only

attack.

• In Known-Plaintext Attack, Chosen-Plaintext Attack and Chosen-

Ciphertext Attack, the attacks are easier to implement due to
having more information to use for analysis.
 25

Encryption Scheme Security Requirements

Unconditionally secure:
• No matter how much time an opponent has, it is “impossible”
for him/her to decrypt the ciphertext since the required
information is not there.
Computationally secure:
• The “cost” of breaking the cipher exceeds the value of the
encrypted information.
• The “time” required to break the cipher exceeds the useful
lifetime of the information.
 26

Thank You!