How encryption algorithms provide confidentiality
Hein Khant Zaw
Posted on January 4, 2021
As computer networks becomes essential in everyday life, it is important to secure every aspect of data and information online. This is where encryptions algorithms become useful. Once data is encrypted, only authorized parties who have a “key” can read it or use it. It means that if the encryption method is effective, it will completely protect data from unauthorized access. This necessarily requires that the message be somehow encrypted so that in case if the message is intercepted, it cannot be understood by eavesdroppers. This aspect of confidentiality is probably the most commonly perceived meaning of the term secure communication.
So, how encryption algorithms provide confidentiality? First of all, there are two classes of encryption algorithms – Symmetric Encryption Algorithm and Asymmetric Encryption Algorithm.
- Symmetric Encryption Algorithm includes DES, AES, etc.
- Asymmetric Encryption Algorithm includes RSA, Diffie–Hellman, etc.
Although, all these algorithms involve substituting one thing for another (e.g., taking a piece of plaintext and then substituting the appropriate ciphertext to create the encrypted message), Symmetric Encryption Algorithm use the same cryptographic key for encrypting and decrypting information, whereas Asymmetric Encryption Algorithm use a private key and a public key for encryption and decryption.
Symmetric Encryption Algorithm
Let’s begin with Symmetric Encryption Algorithm which is also known as shared secret key algorithm. As it is symmetric encryption, the sender and receiver use a pre-shared secret key and the length of the key is usually between 80 to 256 bits. These kinds of algorithm are faster than Asymmetric Encryption Algorithm because they base on simple mathematical operations. Let’s examine how symmetric key encryption is done today. There are two broad classes of symmetric encryption techniques: stream ciphers and block ciphers.
In Block cipher technique, encryption is done in blocks of k bits. If k = 64, then the message is broken into 64-bit blocks, and each block is encrypted independently. The example of a 64-bit block cipher is shown in the following figure.
Today, there are a number of popular block ciphers, including DES (Data Encryption Standard), 3DES, and AES (Advanced Encryption Standard).
- DES uses 64-bit blocks with a 56-bit key. The resource consumption of DES algorithm is medium and it would take approximately 6.4 days to crack a DES key.
- 3DES was developed as a more secure alternative because of DES’s small key length. In 3DES, the DES algorithm is run through three times with three keys and it will take 4.6 billion years to crack with current technology.
- AES uses 128-bit blocks and can operate with key that are 128, 192, and 256 bits long. Resource consumption of this algorithm is low and would take approximately 149 trillion years to crack a 128-bit AES key.
Due to the larger fixed-length input, block ciphers are generally slower than stream ciphers.
In Stream cipher, encryption is done one bit at a time. For Encryption, the plaintext will undergo XOR operation with keystream bit-by-bit and produces the Cipher Text. For Decryption, the ciphertext will undergo XOR operation with keystream bit-by-bit and produces the original plain text. This type of encryption is not that common. Block ciphers are used much more frequently for symmetric encryption.
Asymmetric Encryption Algorithm
Asymmetric Encryption Algorithm, also known as Public Key Encryption, works in a similar manner to symmetric-key algorithms, where plaintext is combined with a key, input to an algorithm, and outputs ciphertext. The only difference is that the keys used for the encryption and decryption are different, unlike Symmetric Encryption Algorithm. Hence the name itself imply the asymmetry of the algorithm. The key pair is comprised of a private key and a public key. The public key is made available to everyone, whereas the private key is kept secret. Below is the illustration of how Asymmetric Encryption Algorithm provide confidentiality.
The concept of Asymmetric Encryption Algorithm is quite simple. Suppose Alice wants to communicate with Bob. As shown in the figure, rather than Bob and Alice sharing a single secret key (as in the case of Symmetric Encryption Algorithm), Bob (the recipient of Alice’s messages) instead has two keys—a public key that is available to everyone in the world and a private key that is known only to Bob. In order to communicate with Bob, Alice first fetches Bob’s public key. And then she encrypts her message, m, using Bob’s public key. After that, Bob receives Alice’s encrypted message and uses his private key to decrypt Alice’s encrypted message. This is how asymmetric encryption algorithm works. While there may be many asymmetric encryption algorithms, the RSA algorithm (named after its founders, Ron Rivest, Adi Shamir, and Leonard Adleman) has become almost synonymous with public key cryptography.
First, each entity needs to set up their own key pairs and share the public key with one another. The two entities need to keep their private keys secret in order to keep their communications to remain secure. Once the sender has the public key of their recipient, they can use it to encrypt the data that they want to keep secure. Once it has been encrypted with a public key, it can only be decrypted by the private key from the same key pair. Even the same public key can’t be used to decrypt the data because RSA encryption works under the premise that the algorithm is easy to compute in one direction, but almost impossible in reverse. When the recipient receives the encrypted message, they use their private key to access the data. If the recipient wants to return communications in a secure way, they can then encrypt their message with the public key of the party they are communicating with. Again, once it has been encrypted with the public key, the only way that the information can be accessed is through the matching private key. In this way, RSA encryption can be used by previously unknown parties to securely send data between themselves.
Another popular algorithm is the Diffie-Hellman Algorithm (also known as DH). The main purpose of the Diffie-Hellman key exchange is to securely develop shared secrets that can be used to derive keys. These keys can then be used with symmetric-key algorithms to transmit information in a protected manner. Symmetric algorithms tend to be used to encrypt the bulk of the data because they are more efficient than public key algorithms. Technically, the Diffie-Hellman key exchange can be used to establish public and private keys. However, in practice, RSA tends to be used instead. This is because the RSA algorithm is also capable of signing public-key certificates, while the Diffie-Hellman key exchange is not. And also, Diffie-Hellman algorithm is not as versatile as RSA as it cannot be used to encrypt messages of arbitrary length.
As a conclusion, the need for secure communication and information is important for the success of every enterprise. Therefore, people use different encryption algorithms to provide confidentiality of data. As explained above, two cryptographic techniques for encrypting and decrypting data are symmetric key cryptography (shared secret key) and asymmetric key cryptography (public key and private key). DES and RSA are shown as an example for these two major classes of cryptographic techniques used in today’s networks.
Posted on January 4, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.