Encryption / Decryption Standards
AES Advanced Encryption Standard Blowfisch / Twofish DES Data Encryption Standard 3DES Triple-DES IDEA International Data Encryption Algorithm) IPsec RC6 RSA
www.iks-jena.de/mitarb/lutz/security/cryptfaq/alg_tech.html#A1 http://kingkong.me.berkeley.edu/~kenneth/courses/sims250/des.html www.amaranten.com/support/user%20guide/VPN/The_Basics_of_Encryption/Overview.htm
AES Advanced Encryption Standard AES is no longer secure and 3DES is only a temporary arrangement. Hence NIST () has published the
AES in 2001 which formally replaces 3DES. A number of algorithms were considered as candidates and the Rijndael Algorithm was the winner. It was created by John Daemen and Vincent Rijmen and
can take key lengths of 128 / 192 / 256 bits. The block size can also be 128 / 192 / 256 bits. It is very versatile and easy to implement in smart cards. It was found to be the best candidate under several other
algorithms like RC6 and Blowfish by NIST and is now the AES.
Blowfish / Twofish This algorithm was developed by Bruce Schneier. Twofish was one of the finalists in AES and is based
on the Blowfish algorithm also by Schneier. It can accept key lengths from 40 upto 448 bits and requires very little memory to run and is very fast. However, the structure of the cipher is very complex and difficult to analyze.
DES Data Encryption Standard DES is a symmetric cryptosystem: when used for communication, both sender and receiver must know
the same secret key, which is used both to encrypt and decrypt the message. DES can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. In a multi-user
environment, secure key distribution may be difficult; public-key cryptography provides an ideal solution to this problem. DES has a 64-bit block size and uses a 56-bit key during encryption. It is a 16-round
Feistel cipher and was originally designed for implementation in hardware
3DES Triple-DES For some time it has been common practice to protect and transport a key for DES encryption with
triple-DES. This means that the plaintext is, in effect, encrypted three times. There are, of course. a variety of ways of doing this; we will explore these ways below. See Question 85 for a discussion of
multiple encryption in general. A number of modes of triple-encryption have been proposed:
DES-EEE3: Three DES encryptions with three different keys
DES-EDE3: Three DES operations in the sequence encrypt-decrypt-encrypt with three different keys
DES-EEE2 and DES-EDE2: Same the previous formats except that the first and third operations use the same key
Attacks on two-key triple-DES have been proposed by Merkle and Hellman and Van Oorschot and Wiener, but the data requirements of these attacks make them impractical. Further information on
triple-DES can be obtained from various sources. The use of double and triple encryption does not always provide the additional security that might be expected.
Advantages of 3DES compared to other algorithms are an easy to implementation in software as well as in hardware. and software. Its speed is much faster than public key cryptography methods like RSA.
On the other side newer algorithms like RC6 and Blowfish are much faster than 3DES which were built much later and with performance as an objective. 3DES key transmission between users is unsafe. The
new AES standard has been specified thus most systems are going to move to AES standard soon.
IDEA (International Data Encryption Algorithm) IDEA is the second version of a block cipher designed and presented by Lai and Massey. It is a 64-bit
iterative block cipher with a 128-bit key and eight rounds. While the cipher is not Feistel, decryption is carried out in the same manner as encryption once the decryption subkeys have been calculated from
the encryption subkeys. The cipher structure was designed to be easily implemented in both software and hardware, and the security of IDEA relies on the use of three incompatible types of arithmetic
operations on 16-bit words. The speed of IDEA in software is similar to that of DES. One of the principles during the design of IDEA was to facilitate analysis of its strength against
differential cryptanalysis; IDEA is considered to be immune from differential cryptanalysis. In addition, no linear cryptanalytic attacks on IDEA have been reported and there is no known algebraic weakness
in IDEA. The most significant cryptanalytic result is due to Daemen. He discovered a large class of 251 weak keys for which the use of such a key during encryption could be detected and the key recovered.
However, since there are 2128 possible keys, this result has no impact on the practical security of the cipher for encryption. IDEA is generally considered secure and both the cipher development and its
theoretical basis have been openly and widely discussed.
IPsec The IPsec protocol family consists of two protocols: Authentication Header (AH) and Encapsulated Security
Payload (ESP). Both are independent IP protocols. AH is the IP protocol 51 and ESP is the IP protocol 50. IPsec supports two encryption modes: Transport and Tunnel. The Transport mode encrypts only the
data portion (payload) of each packet, but leaves the header untouched. The more secure Tunnel mode encrypts both the header and the payload.
For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley
(ISAKMP/Oakley), which allows the receiver to obtain a public key and authenticate the sender using digital certificates.
To protect the con dentiality of the IP datagrams the IPsec protocols use standard symmetric encryption algorithms. The standard requires the implementation of NULL and DES but today usually stronger
algorithms are used like 3DES, AES and Blowfish are used.
RC6 This algorithm was submitted by RSA Labs and can be easily parameterized to accept key lengths upto
2040 bits. The main advantage of RC6 over 3DES is speed. It is much faster than 3DES in both software and hardware.
RSA RSA is an asymmetrical standard which can be use for data encryption and authentication developed in 1977 by Ron Rivest, Adi Shamir and Leonard Adleman.
(last update: September 2005) |