



Symmetric Algorithms
What are symmetric algorithms?
Types of Symmetric algorithms (Symmetrickey algorithms)
Examples of Symmetric algorithms (Symmetrickey algorithms)
Symmetric vs. Asymmetric algorithms
Symmetric and asymmetric algorithms difference
Speed of Symmetric algorithms (Symmetrickey algorithm)
Some problems of Symmetric Encryption Algorithms


What are symmetric algorithms?
Symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.

Types of Symmetric algorithms (Symmetrickey algorithms)
Symmetric algorithms can be divided into two types  stream ciphers and block ciphers. Stream ciphers encrypt a single bit of plaintext at a time, whereas block ciphers take a number of bits (typically 64 bits in modern ciphers), and encrypt them as a single unit.
Examples of Symmetric algorithms (Symmetrickey algorithms)
Some examples of popular symmetric algorithms (symmetrickey algorithms):
AES/Rijndael
Blowfish
CAST5
DES
IDEA
RC2
RC4
RC6
Serpent
Triple DES
Twofish
AES/Rijndael encryption
Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen as a candidate algorithm for the AES. AES stands for Advanced Encryption Standard. AES is a symmetric key encryption technique which will replace the commonly used Data Encryption Standard (DES). The Advanced Encryption Standard algorithm approved by NIST in December 2001 uses 128bit blocks. The cipher currently supports key lengths of 128, 192, and 256 bits. Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with which you can scramble the data, but also increase the complexity of the cipher algorithm.
Blowfish
Blowfish is a symmetric encryption algorithm designed in 1993 by Bruce Schneier as an alternative to existing encryption algorithms. Blowfish has a 64bit block size and a variable key length  from 32 bits to 448 bits. It is a 16round Feistel cipher and uses large keydependent Sboxes. While doing key scheduling, it generates large pseudorandom lookup tables by doing several encryptions. The tables depend on the user supplied key in a very complex way. This approach has been proven to be highly resistant against many attacks such as differential and linear cryptanalysis. Unfortunately, this also means that it is not the algorithm of choice for environments where a large memory space is not available.
Blowfish is similar in structure to CAST128, which uses fixed Sboxes.
Since then Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption algorithm.
Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is unpatented and licensefree, and is available free for all uses.
The only known attacks against Blowfish are based on its weak key classes.
CAST
CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST. CAST is a popular 64bit block cipher which belongs to the class of encryption algorithms known as Feistel ciphers.
CAST128 is a DESlike SubstitutionPermutation Network (SPN) cryptosystem. It has the Feistel structure and utilizes eight fixed Sboxes. CAST128 supports variable key lenghts between 40 and 128 bits.
CAST128 is resistant to both linear and differential cryptanalysis. Currently, there is no known way of breaking CAST short of brute force. CAST is now the default cipher in PGP.
Data Encryption Standard (DES)
Digital Encryption Standard (DES) is a symmetric block cipher with 64bit block size that uses using a 56bit key.
In 1977 the Data Encryption Standard (DES), a symmetric encryption algorithm, was adopted in the United States as a federal standard.
DES encrypts and decrypts data in 64bit blocks, using a 56bit key. It takes a 64bit block of plaintext as input and outputs a 64bit block of ciphertext. Since it always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm. DES has 16 rounds, meaning the main algorithm is repeated 16 times to produce the ciphertext. It has been found that the number of rounds is exponentially proportional to the amount of time required to find a key using a bruteforce attack. So as the number of rounds increases, the security of the algorithm increases exponentially.
For many years, DESenciphered data were safe because few organizations possessed the computing power to crack it. But in July 1998 a team of cryptographers cracked a DESenciphered message in 3 days, and in 1999 a network of 10,000 desktop PCs cracked a DESenciphered message in less than a day. DES was clearly no longer invulnerable and since then Triple DES (3DES) has emerged as a stronger method.
Triple DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112168 bits. That should produce an expected strength of something like 112 bits, which is more than enough to defeat brute force attacks. Triple DES is much stronger than (single) DES, however, it is rather slow compared to some new block ciphers. However, cryptographers have determined that triple DES is unsatisfactory as a longterm solution, and in 1997, the National Institute of Standards and Technology (NIST) solicited proposals for a cipher to replace DES entirely, the Advanced Encryption Standard (AES).
IDEA
IDEA stands for International Data Encryption Algorithm. IDEA is a symmetric encryption algorithm that was developed by Dr. X. Lai and Prof. J. Massey to replace the DES standard. Unlike DES though it uses a 128 bit key. This key length makes it impossible to break by simply trying every key.
It has been one of the best publicly known algorithms for some time. It has been around now for several years, and no practical attacks on it have been published despite of numerous attempts to analyze it.
IDEA is resistant to both linear and differential analysis.
RC2
RC2 is a variablekeylength cipher. It was invented by Ron Rivest for RSA Data Security, Inc. Its details have not been published.
RC4
RC4 was developed by Ron Rivest in 1987. It is a variablekeysize stream cipher. It is a cipher with a key size of up to 2048 bits (256 bytes). The algorithm is very fast. Its security is unknown, but breaking it does not seem trivial either. Because of its speed, it may have used in certain applications. It accepts keys of arbitrary length. RC4 is essentially a pseudo random number generator, and the output of the generator is exclusiveored with the data stream. For this reason, it is very important that the same RC4 key never be used to encrypt two different data streams.
RC6
RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES).
SEED
SEED is a block cipher developed by the Korea Information Security Agency since 1998. Both the block and key size of SEED are 128 bits and it has a Feistel Network structure which is iterated 16 times. It has been designed to resist differential and linear cryptanalysis as well as related key attacks. SEED uses two 8x8 Sboxes and mixes the XOR operation with modular addition. SEED has been adopted as an ISO/IEC standard (ISO/IEC 180333), an IETF RFC, RFC 4269 as well as an industrial association standard of Korea (TTAS.KO12.0004/0025).
Serpent
Serpent is a very fast and reasonably secure block cipher developed by Ross Anderson, Eli Biham and Lars Knudsen. Serpent can work with different combinations of key lengths. Serpent was also selected among other five finalists to become the new federal Advanced Encryption Standard (AES).
TEA
Tiny Encryption Algorithm is a very fast and moderately secure cipher produced by David Wheeler and Roger Needham of Cambridge Computer Laboratory. There is a known weakness in the key schedule, so it is not recommended if utmost security is required. TEA is provided in 16 and 32 round versions. The more rounds (iterations), the more secure, but slower.
Triple DES
Triple DES is a variation of Data Encryption Standard (DES). It uses a 64bit key consisting of 56 effective key bits and 8 parity bits. The size of the block for TripleDES is 8 bytes. TripleDES encrypts the data in 8byte chunks. The idea behind Triple DES is to improve the security of DES by applying DES encryption three times using three different keys. Triple DES algorithm is very secure (major banks use it to protect valuable transactions), but it is also very slow.
Twofish
Twofish is a symmetric block cipher. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.Twofish has key dependent Sboxes like Blowfish.
Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting. The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm.
Symmetric vs. Asymmetric algorithms
Symmetric algorithms encrypt and decrypt with the same key. Main advantages of symmetric algorithms are its security and high speed. Asymmetric algorithms encrypt and decrypt with different keys. Data is encrypted with a public key, and decrypted with a private key. Asymmetric algorithms (also known as publickey algorithms) need at least a 3,000bit key to achieve the same level of security of a 128bit symmetric algorithm. Asymmetric algorithms are incredibly slow and it is impractical to use them to encrypt large amounts of data. Generally, symmetric algorithms are much faster to execute on a computer than asymmetric ones. In practice they are often used together, so that a publickey algorithm is used to encrypt a randomly generated encryption key, and the random key is used to encrypt the actual message using a symmetric algorithm. This is sometimes called hybrid encryption.
Symmetric and asymmetric algorithms difference
Symmetric algorithms (Symmetrickey algorithm) use the same key for Encryption and Decryption. Symmetric algorithms require that both the sender and the receiver agree on a key before they can exchange messages securely. Symmetrickey algorithms can be divided into stream algorithms (Stream ciphers) and Block algorithms (Block ciphers). Asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key.
Speed of Symmetric algorithms (Symmetrickey algorithm)
Symmetrickey algorithms are generally much less computationally intensive than asymmetric key algorithms. In practice, this means that a quality asymmetric key algorithm is hundreds or thousands of times slower than a quality symmetric key algorithm.
Some problems of Symmetric Encryption Algorithms
1. The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Symmetrickey algorithms require sharing the secret key  both the sender and the receiver need the same key to encrypt or decrypt data. Anyone who knows the secret key can decrypt the message.
The weakness of symmetrickey algorithms is that if the secret key is discovered, all messages can be decrypted. So, secret key need to be changed often and kept secure during distribution and while using.
Receiver can not verify the that a message has not been altered.
Receiver can not make sure that the message has been sent by the claimed sender.
Data integrity and repudiation problems are solved with digital signatures while key distribution problem is solved using RSA encryption or the DH key agreement algorithm.
The symmetrickey algorithms can't be used for authentication or nonrepudiation purposes. Instead hash functions are commonly used, e.g. MD5.
2. There are two methods of breaking conventional/symmetric encryption  brute force and cryptanalysis. Brute force is just as it sounds; using a method (computer) to find all possible combinations and eventually determine the plaintext message. Cryptanalysis is a form of attack that attacks the characteristics of the algorithm to deduce a specific plaintext or the key used. One would then be able to figure out the plaintext for all past and future messages that continue to use this compromised setup.


•


