Secret-key Crytography

Secret-key Crytography

The scientific development phase of cryptography begins with the presentation of symmetric keys.Secret-key Crytography starts with Shannon’s paper——《Communication theory of secrey systems》(1949).In this paper, Shannon proposed the concept of perfect secrecy.

Let’s talk about perfect secrecy first. Perfect secrecy means that the level of knowing ciphertext and not knowing the ciphertext adversary has not changed.That is, the adversary cannot determine the content of the plaintext uniquely through the ciphertext. In a system with perfect secrecy the number of keys is at least equal to the number of massage.

So how do you evaluate the quality of a cryptographic algorithm? Shannon proposed
the concept of Unicity distance.

N0=log2E/d(N0 is the minimum length required to uniquely determine the key by ciphertext.)(d is the redundancy of the plaintext language)

Ps:Let me spend some time to expain what are redundancy and rates.d=R-r (bits).R is
the absolute rate (The minimum number of bytes used to represent characters) and r is the true rate (Average length that must be).For an alphabet of size A,R=log2A. For natural language,R is about 4.7 bits,r is about 1~1.5 bits,and d is about 3.2 bits.

There is a classic perfect secrecy——One-time-pad(Vernam cipher).It guarantees the key sequence is a truly random sequence. For every character of plaintext, it randomly generates a key. Let’s calculate the size of its N0.For One-time-pad,E=26k(E is the total amount of keys).So log2E is about 4.7k.And N0 is about 1.27k. This means that to obtain 1.27 times of ciphertext in order to uniquely determine the key sequence, this is obviously impossible for ciphertext attacks.

Although One-time-pad guarantees extremely high security, it has low encryption efficiency and high cost, which is not convenient in practical use. The actual encryption algorithm only needs to ensure pracitical or computational security.

In the 20th century, the United States established DES as the data encryption
standard, and subsequently established AES as the current data encryption
standard. Let’s take a look at DES first. Although it is no longer safe, its design has great enlightenment value for future generations.

DES
is a block cipher. The classic block password is Playfair cipher(1850). I won’t go into details here, let’s mainly look at DES. Before that, we need to know the design principles for modern block ciphers.

1.Safety principle: We mainly use diffusion and confusion to design.

2.Implement principle: We should consider whether the hardware can implement this algorithm and whether the algorithm is efficient enough.

3.The method of encryption and decryption is similar. This is mainly to ensure efficiency. We should try to find appropriate involution function.

Below I formally talk about the structure of DES. DES uses Feistel structure. The parameters in Feistel structure are:block size、key size、number of rounds、subkey generation algorithm and round function f.DES uses XOR. XOR makes encryption and decryption a reverse process.

Fi(Li-1,Ri-1)=(Li-1 XOR f(ki,Ri-1),Rj-1)

FiFi(Li-1,Ri-1)=Fi(Li-1 XOR f(ki,Ri-1),Rj-1)=(Li-1 XOR f(ki,Ri-1) XOR f(ki,Ri-1),Ri-1)=(Li-1,Ri-1)

Encryption process:DES=(IP-1)F16TF15T``````TF1(IP)

Decryption process:DES= (IP-1)F1TF2T``````TF16(IP)

As for the S-Boxs of DES, the input 6-bit output 4 bits, according to the first bit and the last bit of the table, which row is decided to be output, the middle 4 bits determine which column to output.

The number of rounds of DES is 16 rounds. After 8 rounds of DES, every person in
the plaintext will be affected. However, 8 rounds did not provide sufficient complexity, so 16 rounds were chosen.

Speaking of this, I have to mention the weakness of DES. DES has the following
weaknesses:

1.complement property:
u’=u+1( mod 2 )

DESz(x)=DESz’(x’)

This causes the number of keys to be reduced by half.

2.Not every key is a good key:

There are some weak keys and semi-weak keys

3.Exhaustive attack:

DES has 256(about 1011)keys. If it takes 1e-6 seconds to verify a key, it only takes 1e11 seconds to decipher. In 1999.1, it can be deciphered in 22 hours and 15 minutes. About cost,in 1997,it required 20,000,000 dollars. In 1987,it only require 200,000
dollars.And in 1993,it only required 100,000 dollars(1.5 days).If we have 1,000,000 dollars,it will only need 3.5 hours.Now we can decipher DES faster. So it is not safe anymore.

So we thought about increasing the key length and multiple methods. But this does not improve its security in essence. The security of the algorithm lies in itself. We can attack the double DES by means of a man-in-the-middle attack. It only needs to inquire
257 times not 2112 times. But Triple DES(eg:EDE) still has some security, and now it has application value.

Here is also a common attack method - differential attack. Differential attacks are a choice of plaintext attacks that look different through XOR. Its complexity is related to the number of rounds. The differential attack for 16 rounds of DES is more complex than the enumeration attack, and the differential attack is suitable for DES with fewer attack rounds. This is one of the reasons why DES designers use 16 rounds. It can be
seen that the design of DES is very precise, and it can be inspired by studying DES.

In addition to DES there are many symmetric key algorithms, some of which are
listed here.

FEAL: High speed software encryption algorithm

LOK191: It can be deciphered by the presence of weak keys, related plaintext attacks, and selective plaintext attacks.

Blowflsh: Secure when the key length is greater than 64 bits. The attack complexity increases when the number of rounds is large. Can be attacked by enumeration attack.

IDEA:block size——64 bits;key size——128 bits; More than 8 rounds of safety.

TEA——Tiny Encryption Algorithm:block size——64 bits;key size——128 bits;number of rounds——64. The key is equivalence. Used in Microsoft’s X-box, it can be used for hashing.

And the current US data encryption standard AES(Advanced Encryption Standard)——Rjindael. Designed by Joan Daemen and Vincent Rijmen of Belgium, Rijindael is based on the Square algorithm and its design strategy is Wide Trail Strategy. The Wide Trail Strategy is proposed for differential analysis and linear analysis.Its greatest advantage is that it can give the probability of the optimal differential feature of the algorithm and the bound of the deviation of the best linear approximation. The details about AES won’t be expanded here.

This article is only a summary of Secret-key Crytography, and there are many points
worth exploring.