AES and Symmetric Key Ciphers

In this page, we discuss Symmetric key ciphers with a focus on block ciphers and some attacks on AES & DES

Symmetric key ciphers are a type of encryption method where the same key is used for both encrypting and decrypting data. Imagine it as a locked box: if you lock it with a specific key, only that key can unlock it. With symmetric encryption, both the sender and the receiver must have this same key to communicate securely.

Here’s an overview to help break down the basic ideas of symmetric key encryption:

How Symmetric Key Ciphers Work

1. The Shared Key: Both the sender and the receiver need to have the same key. This key is kept secret and is never shared with anyone else.

2. Encryption: The sender uses the key to scramble the data into an unreadable form.

3. Decryption: The receiver uses the same key to reverse the scrambling and retrieve the original message.

Why Use Symmetric Key Ciphers?

Symmetric ciphers are generally fast and efficient compared to other types, making them useful for encrypting large amounts of data. However, both parties need to securely share and protect the key, which can be challenging in some cases.

Types of Symmetric Key Ciphers

There are two main categories of symmetric key ciphers:

1. Stream Ciphers

   • Stream ciphers encrypt data bit-by-bit or byte-by-byte.

   • They’re often used in applications where data needs to be processed in a continuous stream, like audio or video streaming.

   Example: RC4

   • RC4 (Rivest Cipher 4) is a widely known stream cipher, once commonly used in SSL (Secure Sockets Layer) for secure web connections and in WEP for Wi-Fi security (though it’s now considered outdated for strong security needs).

RC4 is Essentially an XOR cipher (one time pad) except the password is generated using the RC4 Algorithm!

1. Block Ciphers

   • Block ciphers encrypt data in fixed-size blocks, usually 64 or 128 bits at a time.

   • They’re like locking and unlocking sections of text, each in blocks, so even if one part of the message is intercepted, it doesn’t reveal everything.

   Examples of Block Ciphers:

   • DES (Data Encryption Standard): An early and historically important block cipher developed in the 1970s, using 64-bit blocks and a 56-bit key. It’s now considered insecure due to its short key length and is no longer widely used.

   • 3DES (Triple DES): An improvement over DES, which applies DES encryption three times per block, effectively making it much harder to break. Although more secure than DES, it’s slower and still considered less secure than modern alternatives.

   • AES (Advanced Encryption Standard): The current gold standard, used worldwide by governments and organizations. AES can handle key sizes of 128, 192, or 256 bits and is known for its high security and efficiency. It’s used in many applications, from Wi-Fi encryption (WPA2) to secure file storage.

Pros and Cons of Symmetric Key Ciphers

Pros	Cons
Fast and efficient for large data	Requires secure key exchange
Simpler to implement	If the key is compromised, both parties are vulnerable
Good for file storage and secure data transfer	Not ideal for scenarios with multiple users, as each needs a unique key

Practical Applications

• File Encryption: AES is frequently used in software like WinRAR, 7-Zip, and VeraCrypt for file encryption.

• Network Security: Protocols like TLS (used for HTTPS) and IPsec (used for VPNs) use symmetric encryption to secure data transmitted over the internet.

• Wireless Security: WPA2 (Wi-Fi Protected Access 2) uses AES encryption to secure wireless networks.

Let’s talk more about block ciphers…

DES

DES (Data Encryption Standard) and 3DES (Triple Data Encryption Standard) are both symmetric-key block cipher encryption algorithms used to secure data, but they differ primarily in their security levels and operational mechanisms.

DES (Data Encryption Standard)

• Key Length: Uses a fixed key length of 56 bits.

• Block Size: Operates on 64-bit blocks of data.

• Security: Considered insecure today due to vulnerabilities such as brute-force attacks, as its short key length allows for exhaustive key search techniques.

• Operation: It performs the encryption in a single round of 16 iterations using various transformations.

3DES (Triple Data Encryption Standard)

• Key Length: Utilizes three keys (or a combination of two keys) for encryption, effectively increasing the key length to 112 or 168 bits.

• Block Size: Also operates on 64-bit blocks.

• Security: Provides significantly enhanced security compared to DES by encrypting the data three times. However, it is still considered less secure than modern encryption standards like AES (Advanced Encryption Standard).

• Operation: Encrypts data by applying DES three times (Encrypt-Decrypt-Encrypt) using either three distinct keys or two keys.

Feistel Networks

A Feistel network is a method for constructing a symmetric key block cipher. It operates by dividing the input data into two halves and applying a series of transformation rounds, which include both substitution and permutation operations. The key feature of a Feistel network is its ability to allow decryption to be performed using the same operations as encryption, but in reverse order.

Structure of a Feistel Network

1. Data Division:

   • The plaintext input (or data block) is split into two equal halves: Left (L) and Right (R). For example, for a 64-bit block, each half would be 32 bits.

2. Rounds:

   • The Feistel network consists of multiple rounds (typically 16 rounds in DES). Each round includes the following steps:

     • Round Function (F): A function F is applied to one half of the data (usually the right half, R). This function takes both the current half of the data and a round-specific subkey derived from the main encryption key.

       FF

     • XOR Operation: The output of the round function F is combined with the left half (L) using an XOR operation.

     • Swap: The halves are then swapped for the next round, so the new left half becomes the old right half and vice versa.

3. Final Output:

   • After the last round, the two halves are combined (typically, they may or may not be swapped again) and then subjected to a final permutation to produce the ciphertext.

AES

The Advanced Encryption Standard (AES) is one of the most widely used encryption algorithms in the world today. It's essential for securing data, and understanding how it works can provide a good foundation in cryptography. Here’s a beginner-friendly overview of AES:

How AES Works

AES works through a series of steps that include multiple rounds of transformation on the data block:

1. Initial Round:

   • AddRoundKey: The initial plaintext block is combined with the encryption key using a bitwise XOR operation.

   
2. Main Rounds: Depending on the key size, there are 10, 12, or 14 rounds. Each round consists of four main operations:

   • SubBytes: Each byte in the block is substituted with another byte using a fixed substitution table (S-box).

   

   • ShiftRows: The rows of the block are shifted cyclically to the left. The amount shifted depends on the row number.

   

   • MixColumns: The columns of the block are mixed by a linear transformation to provide diffusion (spreading out the plaintext bits).

   

   • AddRoundKey: The block is combined with a round key derived from the original key.

3. Final Round: The final round is similar to the main rounds but omits the MixColumns step. It consists of SubBytes, ShiftRows, and AddRoundKey.

All together:

Please learn more about AES on:

https://cryptohack.org/challenges/aes/

Security of AES

AES is considered highly secure and is widely used in various applications, from securing data in transit (like in HTTPS) to encrypting files on disk. It has withstood extensive cryptanalysis and is recommended for government and industry use.

Applications of AES

• Data Encryption: Protecting sensitive data in files, databases, and communication channels.

• Secure Protocols: Used in protocols such as SSL/TLS for secure internet communications.

• Wi-Fi Security: Implemented in WPA2 and WPA3 for securing wireless networks.

Key Differences Between AES and Feistel Ciphers

1. Structure:

   • AES: AES is based on a substitution-permutation network (SPN) rather than a Feistel structure. It operates on blocks of data using a series of substitutions (S-boxes) and permutations (P-boxes), creating a more complex mixing of the input data and key material.

   • Feistel Ciphers: In a Feistel cipher, the data block is split into two halves, and each half is processed through multiple rounds, using the other half and a round function. The output from one half is combined with the other half via an XOR operation.

2. Rounds:

   • AES: AES typically uses 10, 12, or 14 rounds, depending on the key length (128, 192, or 256 bits). Each round includes multiple steps: SubBytes (substitution), ShiftRows (permutation), MixColumns (mixing), and AddRoundKey (XOR with the round key).

   • Feistel Ciphers: Commonly use a fixed number of rounds (like 16 in DES), where each round involves the round function and XOR operations but does not include the same substitution-permutation mix as AES.

3. Key Management:

   • AES: The key schedule generates a series of round keys from the original key, which are used in each round.

   • Feistel Ciphers: Each round typically uses a subkey that is derived from the original key, but the way keys are used can vary between implementations.

4. Data Processing:

   • AES: AES processes the entire data block (e.g., 128 bits for AES) simultaneously in each round, whereas Feistel ciphers work on two halves of the data block, processing them in a way that often requires swapping.

   

Block Cipher Modes of Operation

These modes apply to both Feistel and substitution-permutation networks.

Usually we attack misconfigurations or mishandling of these modes of operations.

Electronic Codebook (ECB)

• Description: Each block of plaintext is encrypted independently using the same key.

• Main Properties:

  • Simplicity: Easy to implement and understand.

  • Parallel Processing: Allows for parallel encryption and decryption of blocks.

  • Weakness: Identical plaintext blocks produce identical ciphertext blocks, making patterns in the plaintext visible in the ciphertext. This can lead to vulnerabilities in certain contexts.

Encryption Equation: C_i = E(P_i, k)

Decryption Equation: P_i = D(C_i, k)

Cipher Block Chaining (CBC)

• Description: Each plaintext block is XORed with the previous ciphertext block before being encrypted. An initialization vector (IV) is used for the first block.

• Main Properties:

  • Security: The use of an IV and chaining makes identical plaintext blocks produce different ciphertext blocks.

  • Error Propagation: An error in one ciphertext block affects the decryption of that block and the next block.

  • Sequential Processing: Encryption and decryption cannot be parallelized since each block depends on the previous one.

Encryption Equations:

C_1 = E(P_1 ⨁ IV , k)

C_i = E(P_i ⨁ C_{i-1} ,k) i > 1

Decryption Equations:

P_1 = D(C_i , k) ⨁ IV

P_i = D(C_i , k) ⨁ C_{i-1}, i > 1

Output Feedback (OFB)

• Description: An IV is used to generate a keystream, which is then XORed with the plaintext. The keystream is generated independently of the plaintext.

• Main Properties:

  • No Error Propagation: Errors do not propagate; they affect only the current block.

  • Synchronous Operation: Can be used for streaming, similar to CFB.

  • Vulnerability: If the same keystream is used with different plaintexts, it can lead to vulnerabilities.

Encryption Equations: $C_i = P_i ⨁ O_i \space \text {where}\space i = 1,..., N-1 \newline C_N = PN ⨁ MSB(O_N) \newline I_1 = Nonce \newline I_i = O{i-1} \space \text {where}\space i = 2,..., N \newline O_i = E(I_i , k)$

The term MSB means the most significant bits. This applies for the last block which can be partially full.

Decryption Equations: $P_i = C_i ⨁ O_i \space \text {where}\space i = 1,..., N-1 \newline P_N = CN ⨁ MSB(O_N) \newline I_1 = Nonce \newline I_i = O{i-1} \space \text {where}\space i = 2,..., N \newline O_i = E(I_i , k)$

Counter (CTR)

• Description: Instead of chaining, a counter value is encrypted and then XORed with the plaintext. Each block uses a different counter value.

• Main Properties:

  • Parallel Processing: Both encryption and decryption can be performed in parallel since there’s no dependency between blocks.

  • High Efficiency: Generally faster than CBC, especially for large amounts of data.

  • Error Resilience: Errors in transmission affect only the corresponding block.

Encryption Equations: C_i = E(CTR_i , k) ⨁ P_i

Decryption Equations: P_i = E(CTR_i , k) ⨁ C_i

Feel free to check the link down below for more about block cipher modes of operation.

https://joyofcryptography.com/pdf/chap8.pdf

Claude Shannon's Principles

Claude Shannon, known as the father of information theory, introduced the concepts of confusion and diffusion to enhance encryption and data transmission security. Confusion makes the relationship between the key and ciphertext complex, while diffusion spreads the influence of a single plaintext digit across many ciphertext digits. These ideas help obscure patterns in the data, making it harder for unauthorized parties to decipher messages. Shannon's work laid the groundwork for modern cryptography and secure communication systems.

What is Confusion?

• Simple Explanation: Confusion is about making the relationship between the original message (plaintext), the scrambled message (ciphertext), and the key (the secret code used to encrypt the message) complicated and hard to understand.

• How It Works: When you encrypt a message, confusion helps to mix things up so that even if someone knows what the scrambled message looks like, they can’t easily figure out what the original message was or what the secret key is. Think of it like changing the letters in a word randomly; even if you see the jumbled letters, you can’t easily guess the original word.

• Example: In a method called AES (a popular encryption standard), confusion is done using a process called SubBytes. This means each letter or number in your message is replaced with another letter or number according to a specific chart. This makes it hard for anyone trying to decode the message without knowing the chart.

Confusion = Substitution

What is Diffusion?

• Simple Explanation: Diffusion is about spreading out the influence of each part of the original message so that changing just one part of the original message changes many parts of the scrambled message.

• How It Works: When you change even a single letter in the original message, diffusion ensures that many letters in the scrambled message will change. This way, it becomes very hard to figure out which part of the original message was changed just by looking at the scrambled message.

• Example: In AES, there’s a step called MixColumns where the algorithm takes the scrambled message and mixes up the bits (or pieces of information) in a way that makes it difficult to trace back to the original message. It’s like making a fruit salad: if you add a slice of a new fruit, it mixes with the existing fruits, and you can't tell which slice is new just by looking.

Diffusion = Transposition or Permutation

Why Are Confusion and Diffusion Important?

• Teamwork: Confusion and diffusion work together to make encrypted messages secure. Confusion makes it hard to guess the original message or the key, while diffusion ensures that small changes in the original message have a big impact on the scrambled version.

• Security: By using both confusion and diffusion, encryption algorithms protect our information better. This makes it much harder for anyone who shouldn't see the message to figure out what it says, even if they manage to see the scrambled version.

Confusion Happens in the Blue Shaded area, and Diffusion Happens in the Orange shaded area.

Famous Attacks on Block Ciphers

Padding Oracle Attack

What It Is: A Padding Oracle Attack is a type of cryptographic attack that targets systems using certain modes of block ciphers, like Cipher Block Chaining (CBC). It exploits the way padding is handled in the encryption of data.

How It Works:

1. Understanding Padding: When encrypting data, especially when it doesn’t fit perfectly into the block size of the cipher, padding is added to fill it out. For example, if a block size is 16 bytes and you have 14 bytes of data, you might add 2 bytes of padding.

2. The Oracle: In this context, an "oracle" is a service that reveals whether the padding of a decrypted message is correct. If an attacker can send altered ciphertext to the oracle and receive feedback on whether the padding is valid or not, they can start to deduce information about the plaintext.

3. Attacking Process:

   • The attacker intercepts an encrypted message (ciphertext).

   • They modify the ciphertext and send it to the oracle, observing the response (whether the padding is valid or invalid).

   • By iteratively changing the ciphertext and analyzing the oracle’s responses, the attacker can figure out the plaintext byte by byte.

   • This process continues until the entire plaintext is revealed.

Example: Imagine an encrypted message that’s padded to ensure it’s the correct size for the encryption algorithm. If an attacker can adjust this message and see if the system accepts the padding, they can reverse-engineer the original message without needing to crack the encryption key.

Meet-in-the-Middle Attack

What It Is: The Meet-in-the-Middle (MitM) attack is a cryptographic attack aimed primarily at encryption algorithms that use multiple keys or layers of encryption. It’s often used against two-key encryption systems.

How It Works:

1. Concept: The idea is to reduce the effort needed to break the encryption by "meeting" in the middle of the encryption and decryption processes.

2. Basic Steps:

   • Suppose you have a two-key encryption scheme (like using two different keys to encrypt the same data).

   • An attacker wants to find the keys used.

   • They can encrypt a known plaintext with every possible key for the first layer and store the results in a table.

   • Simultaneously, they decrypt the ciphertext using every possible key for the second layer and check if the result matches any of the previously computed values.

3. Efficient Search: By using this approach, the attacker only needs to store a manageable amount of data (the intermediate values), allowing them to significantly cut down the number of brute force attempts needed.

---

The next couple of attacks are more general and apply to more than just symmetric or block ciphers, keep that in mind!

Known Plaintext Attack (KPA)

A known plaintext attack is when an attacker has both the plaintext (the original, unencrypted message) and the corresponding ciphertext (the encrypted message). The goal of the attacker is to find out the secret key used to encrypt the plaintext.

Here’s how it works:

1. Example: Imagine a situation where the attacker knows that a message says "HELLO," and they also have the encrypted version of that message, say "XQWTR."

2. Analysis: By examining the relationship between "HELLO" and "XQWTR," the attacker tries to figure out how the encryption works and possibly deduce the key.

3. Goal: Once they find the key, they can decrypt other messages encrypted with the same key.

Chosen Plaintext Attack (CPA)

A chosen plaintext attack is more sophisticated. In this case, the attacker can choose any plaintext they want and get the corresponding ciphertext.

Here's a simplified explanation:

1. Example: The attacker might ask a system to encrypt the word "SECRET" and receive its encrypted form.

2. Experimentation: The attacker can try different plaintexts, like "HELLO," "WORLD," etc., and observe the results.

3. Goal: By analyzing how different plaintexts are encrypted, the attacker aims to discover the encryption algorithm or the key used.

Key Differences

• KPA: The attacker has access to some pairs of plaintext and ciphertext but cannot choose them.

• CPA: The attacker can choose specific plaintexts to get their ciphertexts, which gives them more control and potentially makes it easier to break the encryption.