The transposition figures realize a permutation of the characters of the cleartext. The encryption key is the pair K = (d, f), where d represents the length of the successive blocks of characters that will be encrypted according to the permutation f. The decryption is obtained by performing the inverse permutation.

Substitution cipher schemes replace each character in the message alphabet A with a character in the C cryptogram alphabet.

If then , where f substitution function, representing the key of the algorithm. Its form is: .

Traditional coding techniques are based on the sender's and recipient's knowledge of the encryption key. The sender encodes the message with a particular encoding system using the secret encryption key, and the recipient decodes that information using the same secret key. No other user needs to know the coding/decoding key.

There are two types of symmetrical encoding: stream-level encryption and block-level encryption. Bit-level encryption consists of encoding each bit of information, while at the block level a certain number of message bits are encoded simultaneously (for example 64 bits), called a block. Symmetrical encoding is faster than asymmetric encoding. A number of symmetric algorithms can be implemented in hardware. In this way, an algorithm becomes faster in operation.

There are two types of symmetric encryption algorithms:

1.

2.

Some examples of symmetric encryption algorithms include:

· AES (Advanced Encryption Standard)

· DES (Data Encryption Standard)

· IDEA (International Data Encryption Algorithm)

· Blowfish (Drop-in replacement for DES or IDEA)

· RC4 (Rivest Cipher 4)

· RC5 (Rivest Cipher 5)

· RC6 (Rivest Cipher 6)

AES, DES, IDEA, Blowfish, RC5, and RC6 are block ciphers. RC4 is stream cipher.

The most commonly used symmetric algorithm is the Advanced Encryption Standard (AES), which was originally known as Rijndael. This is the standard set by the U.S. National Institute of Standards and Technology in 2001 for the encryption of electronic data announced in U.S. FIPS PUB 197[1]. This standard supersedes DES, which had been in use since 1977. Under NIST, the AES cipher has a block size of 128 bits, but can have three different key lengths as shown with AES-128, AES-192 and AES-256.

Symmetrical cryptography also has some disadvantages, such as:

- Does not ensure the authentication of the sender. This security gap does not allow the electronic verification of certain transactions;

- The transmission of the secret key between correspondents must be carried out on very secure channels.

- When used between network users, a large number of secret keys are required to communicate between two users.

A replacement for DES was needed as its key size was too small. With increasing computing power, it was considered vulnerable against exhaustive key search attacks. Triple DES was designed to overcome this drawback but it was found slow.

The features of AES are:

· Symmetric key symmetric block cipher

· 128-bit data, 128/192/256-bit keys

· Stronger and faster than Triple-DES

· Provide full specification and design details

· Software implementable in C and Java

AES is an iterative scheme. It is based on ‘

AES performs all its computations on bytes rather than bits. Hence, AES treats the 128 bits of a plaintext block as 16 bytes. These 16 bytes are arranged in four columns and four rows for processing as a matrix −

The number of rounds in AES are variable and depend on the length of the key. AES uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Each of these rounds uses a different 128-bit round key, which is calculated from the original AES key.

The schematic of AES structure is illustrated in figure 2:

Here, we restrict to description of a typical round of AES encryption. Each round comprise four sub-processes, as follows: AddRoundKey, SubBytes, ShiftRows, and MixColumns[1].

Pseudo Code for the AES cipher is:

Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])

Byte Substitution (SubBytes)

The 16 input bytes are substituted by looking up a fixed table (S-box) given in design. The result is in a matrix of four rows and four columns.

Shiftrows

Each of the four rows of the matrix is shifted to the left. Any entries that ‘fall off’ are re-inserted on the right side of the row. The shift is carried out as follows:

- The first row is not shifted.
- Second row is shifted one (byte) position to the left.
- The third row is shifted two positions to the left.
- The fourth row is shifted three positions to the left.
- The result is a new matrix consisting of the same 16 bytes but shifted with respect to each other.

- Add round key

- Mix columns

- Shift rows

- Byte substitution

InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])

In present-day cryptography, AES is widely adopted and supported in both hardware and software. Additionally, AES has built-in flexibility of key length, which allows a degree of ‘future-proofing against progress in the ability to perform exhaustive key searches. However, just as for DES, the AES security is assured only if it is correctly implemented and good key management is employed.

AES has three different key lengths. The main difference is the number of rounds that the data goes through in the encryption process, 10, 12, and 14 respectively. In essence,

[1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf

Ultima modificare: Friday, 21 May 2021, 10:11