[ASICs]  [Chip Typen]  [Chip Aufbau]  [Entwicklung]  [Schnittstellen]  [Glossar]
     [Buffer Types]  [Interfaces]  [Networks]  [IEEE 802 Networks]  [Data Lines]  [Protocols]  [Organazations]

Line Codes]  [Multiplexing]  [Modulation]  [Line Rates]  [Encryption]

Encryption / Decryption Standards

AES Advanced Encryption Standard
Blowfisch / Twofish
DES Data Encryption Standard
3DES Triple-DES
IDEA International Data Encryption Algorithm)




AES Advanced Encryption Standard
AES is no longer secure and 3DES is only a temporary arrangement. Hence NIST () has published the AES in 2001 which formally replaces 3DES. A number of algorithms were considered as candidates and the Rijndael Algorithm was the winner. It was created by John Daemen and Vincent Rijmen and can take key lengths of 128 / 192 / 256 bits. The block size can also be 128 / 192 / 256 bits. It is very versatile and easy to implement in smart cards. It was found to be the best candidate under several other algorithms like RC6 and Blowfish by NIST and is now the AES.

Blowfish / Twofish
This algorithm was developed by Bruce Schneier. Twofish was one of the finalists in AES and is based on the Blowfish algorithm also by Schneier. It can accept key lengths from 40 upto 448 bits and requires very little memory to run and is very fast. However, the structure of the cipher is very complex and difficult to analyze.

DES  Data Encryption Standard
DES is a symmetric cryptosystem: when used for communication, both sender and receiver must know the same secret key, which is used both to encrypt and decrypt the message. DES can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. In a multi-user environment, secure key distribution may be difficult; public-key cryptography provides an ideal solution to this problem. DES has a 64-bit block size and uses a 56-bit key during encryption. It is a 16-round Feistel cipher and was originally designed for implementation in hardware

3DES Triple-DES
For some time it has been common practice to protect and transport a key for DES encryption with triple-DES. This means that the plaintext is, in effect, encrypted three times. There are, of course. a variety of ways of doing this; we will explore these ways below. See Question 85 for a discussion of multiple encryption in general. A number of modes of triple-encryption have been proposed:

  • DES-EEE3: Three DES encryptions with three different keys
  • DES-EDE3: Three DES operations in the sequence encrypt-decrypt-encrypt with three different keys
  • DES-EEE2 and DES-EDE2: Same the previous formats except that the first and third operations use the same key

Attacks on two-key triple-DES have been proposed by Merkle and Hellman and Van Oorschot and Wiener, but the data requirements of these attacks make them impractical. Further information on triple-DES can be obtained from various sources. The use of double and triple encryption does not always provide the additional security that might be expected.
Advantages of 3DES compared to other algorithms are an easy to implementation in software as well as in hardware. and software. Its speed is much faster than public key cryptography methods like RSA. On the other side newer algorithms like RC6 and Blowfish are much faster than 3DES which were built much later and with performance as an objective. 3DES key transmission between users is unsafe. The new AES standard has been specified thus most systems are going to move to AES standard soon.

IDEA (International Data Encryption Algorithm)
IDEA is the second version of a block cipher designed and presented by Lai and Massey. It is a 64-bit iterative block cipher with a 128-bit key and eight rounds. While the cipher is not Feistel, decryption is carried out in the same manner as encryption once the decryption subkeys have been calculated from the encryption subkeys. The cipher structure was designed to be easily implemented in both software and hardware, and the security of IDEA relies on the use of three incompatible types of arithmetic operations on 16-bit words. The speed of IDEA in software is similar to that of DES.
One of the principles during the design of IDEA was to facilitate analysis of its strength against differential cryptanalysis; IDEA is considered to be immune from differential cryptanalysis. In addition, no linear cryptanalytic attacks on IDEA have been reported and there is no known algebraic weakness in IDEA. The most significant cryptanalytic result is due to Daemen. He discovered a large class of 251 weak keys  for which the use of such a key during encryption could be detected and the key recovered. However, since there are 2128 possible keys, this result has no impact on the practical security of the cipher for encryption. IDEA is generally considered secure and both the cipher development and its theoretical basis have been openly and widely discussed.

The IPsec protocol family consists of two protocols: Authentication Header (AH) and Encapsulated Security Payload (ESP). Both are independent IP protocols. AH is the IP protocol 51 and ESP is the IP protocol 50.
IPsec supports two encryption modes: Transport and Tunnel. The Transport mode encrypts only the data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload.
For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley (ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.
To protect the con dentiality of the IP datagrams the IPsec protocols use standard symmetric encryption algorithms. The standard requires the implementation of NULL and DES but today usually stronger algorithms are used like 3DES, AES and Blowfish are used.

This algorithm was submitted by RSA Labs and can be easily parameterized to accept key lengths upto 2040 bits. The main advantage of RC6 over 3DES is speed. It is much faster than 3DES in both software and hardware.

RSA is an asymmetrical standard which can be use for data encryption and authentication developed in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman.


  (last update: September 2005)

[Home] [ASICs] [Selbstmanagement] [Inselmeer] [Spiele]
[Ich über mich] [Links] [SiteMap] [Disclaimer]