Comparison of Symmetric Block Encryption Algorithms

Comparison of Symmetric Block Encryption Algorithms Muhammad Umair [email protected] Department of Computer Science Virtual University of Pakistan ABSTRACT- Internet is the heart of today’s communication that has revolutionized all aspects of life. However, as every coin has two sides. Therefore, disadvantages of internet also exist. Over the last few decades, internet is being used for vide variety of fraudulent activities which results in losses of billions of dollars each year. This requires that information that is sent over the internet is secure and becomes meaningless to the attacker if he or she gets hold of it. How can data become meaningless to the attacker? The answer is Encryption. Encryption is transforming data into a form that becomes meaningless to the attacker. Only sender and receiver have hold of the key. Sender encrypts the information and receiver decrypts the received message to get the actual message. This research paper is intended for discussion of symmetric encryption algorithms. We will explore working of each algorithm, its merits and demerits, its implementation, performance, etc. KEYWORDS- DES, Triple DES, IDEA, AES, Blowfish, Serpent I.

INTRODUCTION

Security is important to every walk of life. In computer world, it becomes more important as all businesses round the world require some sort of communication through the use of internet. When one party sends some data to the other over the internet, security must not be compromised. When we talk about that fact that security must not be compromised, we actually mean that Confidentiality, Integrity and Availability (commonly referred to as CIA) should be achieved. Principle of CIA should be provided in every security system [1]. Confidentiality: Confidentiality means that information must not be disclosed to unauthorized individuals [2]. If unauthorized individuals access information then confidentiality is not preserved. Integrity: The word “trustworthiness” can be used to describe integrity of information i.e. receiver trusts the information that has been sent to him/her [3]. He/she is sure that it has not been altered or modified by the attacker. Availability: Availability means that information should be accessible to authorized users in time and whenever needed [4].

II.

RELATED WORK

Kansal and Mittal [5] have done a similar work in the past. They performed encryption and decryption experiments on both text files and image files. They have done performance analysis of various symmetric encryption algorithms based on following metrics.    

Encryption time Decryption time Throughput Memory utilization

Umaparvathi et al [6] have analyzed symmetric encryption algorithms for MANETs. They compared algorithms AES (Rijndael), DES, 3DES and blowfish in terms of power consumption. Results of power consumption were calculated for all types of media such as text, image, audio and video. Nie et al [7] compared CAST and RC5 encryption algorithms. They compared algorithms in terms of security, time to encrypt and decrypt and power consumption. Kofahil et al [8] analyzed three algorithms DES, 3DES and Blowfish based on execution time. Matin et al [9] compared their own proposed algorithm with AES in MANET and wireless LAN. Masram et al [14] have done comparison of different symmetric encryption algorithms in their study. Their focus was to figure out the results that which algorithm is best suited for parameters like data type, data size, data density and key size. Rani et al [15] also performed a similar study. They focused on scalability, avalanche effect, and security level. Patil et al [21], in their study, have also compared popularly used cryptographic algorithms DES, 3DES, AES, RSA and blowfish. They compared these algorithms based on encryption time, entropy, decryption time, memory usage, avalanche effect, and number of bits required to encode optimally. Verma et al [34] have also contributed to the comparison of DES, 3Des, Blowfish and AES. III.

CRYPTOLOGY

Cryptology is derived from two words kryptós (hidden) and γράφειν (writing) [10]. It is a field of study which allows constructing protocols that prevent unauthorized users from reading messages which they are not supposed to do. Cryptology is classified into two broad categories namely cryptography and crypt analysis. Cryptography uses mathematical functions to transform information into meaningless data as it travels across the network whereas crypt analysis means to break the encryption system [11].

in encryption process, each of 56 bit length as shown in the below figure.

Cryptology

Cryptography

Plaintext

Crypt Analysis

Figure 1 Classification of Cryptology

Encryption scrambles the original text resulting into cipher text. Decryption is the reverse of encryption and is applied on the cipher text to get the original message [12]. Symmetric algorithms, Asymmetric algorithms and protocols are used to perform the function of cryptography. Symmetric key means that sender and receiver share two instances of one key. Whereas asymmetric key is composed of two keys known as public key and private key. They are interrelated but if one person knows the public key, it does not mean that he can perform some algorithm and figure out the private key. According to Claude Shannon, secure block-cipher algorithms can be made by using confusion and diffusion multiple times. Confusion means to make the correlation between the key and the cipher text as complex as possible [13]. Diffusion means that if we change one character in the plaintext, then it should result in changing of multiple characters. IV.

CLASSIFICATION OF SYMMETRIC BLOCK ENCRYPTION ALGORITHMS

There are many symmetric algorithms currently in use. Some algorithms were used in the past and some were deemed unsecure. The algorithms that we will look in this paper are DES, Triple DES, AES, IDEA, Serpent and Blowfish. V.

WORKING AND IMPLEMENTATION

DES: DES (Data Encryption Standard) was designed by IBM in 1972 and was adopted by US in 1974 as a standard [15]. It work on Feistel network and uses 64 bit block. It has key length of 56 bits whereas it completes encryption process in 16 rounds. Before entering the first round, each block is subjected to initial permutation. Each round divides the message block into two halves. Furthermore, each round uses a subkey function to generate a 48 bit subkey from the original 56 bit key. After last round, left and right side are swapped and inverse permutation is performed to get the cipher text. DES was finally cracked using brute force attack using a $250,000 machine called EFF DES cracker. Triple DES: In Triple DES or 3DES, DES algorithm is run three times to provide better security. Three keys are used

DES Encryption

Key K1

DES Decryption

Key K2

DES Encryption

Key K3

Cipher text Figure 2 Triple DES

Experts recommend using three different keys for encryption and decryption. If three different keys are used, data are encrypted, decrypted and encrypted. When three different keys are used, data is scrambled even more when it is decrypted with different key. AES: It is also known as Rijndael algorithm and is developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen [16]. It has a variable key length of 128, 192 and 256 bits. If longer key length is used, more round are used during encryption process. 128 bit text is divided into 16 bytes and represented as a column-major matrix. Entries of first row are not shifted. Second row is shifted one byte left. Third row is shifted two bytes left. Fourth row is shifted three bytes left. It is to be noted that bytes are circular shifted. This results into a new 4x4 matrix. Each column is processed through a mathematical function and is replaced with the input column. This produces another 4x4 matrix. If this isn’t the last round, the 128 bits of 4x4 matrix are XORed to the round bits. For decryption, all previous steps are performed in the reverse order to get the original message. IDEA: IDEA (International Data Encryption Algorithm) was a patented algorithm until recently when in 2012 patent expired and it became free for all users. IDEA uses 52 subkeys, each comprising of 16 bits. The algorithm works in the following manner [17]. 

64 bit block is divided into four blocks of 16 bits called A, B, C and D.



128 bit key is divided into 52 keys called K1 through K52.

AK1, K2+B, CK3, DK4 are computed Round 1: The following are computed in order. E = A⊕C F = B ⊕D E = EK5 F=E+F F = FK6 E=E+F A = A⊕F

C = C⊕F B = B⊕E D = D⊕E Swap B and C Repeat above process eight times, next time with keys K7 through K12, K13 through K18 and so on. Notice that swap operations will not be performed in the final round. Serpent: It was designed by Ross Anderson, Eli Biham and Lars Knudsen and got the second position for AES standard after Rijndael was declared the winner [18]. Encryption and Decryption process of Serpent algorithm are shown in figure 3 [19].

Plain text

Plain text

XOR

Encryption Key

XOR

Decryption Key Applied 32 times

Application of S-boxes substitution and mathematical permutation

Round No. 31

Inverse application of Sboxes substitution and mathematical permutation

Yes XOR

Decryption Key

No Linear Transformation

Round No. 31 Encryption Key

Yes

XOR No

Applied 32 times

Linear Transformation

Ciphertext

Serpent Encryption Process

Plaintext

Serpent Encryption Process

Figure 3 Serpent Encryption and Decryption Process

Blowfish: It was developed by Bruce Schneier. It has 64 bit block size and key length can vary from 32 bits to 448 bits. It takes 16 rounds to complete encryption process [20]. Blowfish uses a large number of subkeys that need to be precomputed before encryption and decryption. Blowfish algorithm for encryption is as follows [22]. x = 64 bit block

xL = left 32 bits of x xR = right 32 bits of x for i = 1 to 16 xL = xL XOR Pi (Pi is the subkey) xR = F(xL) XOR xR swap xL and xR

After 16th round, undo swap xL and xR. Then combine xL and xR to get the ciphertext. VI.

A detailed comparison of all algorithms discussed in this paper is given in Table 1.

COMPARISON OF SYMMETRIC BLOCK ENCRYPTION ALGORITHMS

Comparison of Symmetric Block Encryption Algorithms [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [35] DES Triple DES AES IDEA Serpent Blowfish Developed in 1974 1998 1998 1991 1998 1993 year Ross Vincent Xuejia Lai, Anderson, Eli Bruce IBM Rijmen, Joan Developed by IBM James Massey Biham, Lars Schneier Daemen Knudsen Key length 56 112, 168 128, 192, 256 128 128, 192, 256 32–448 (bits) Block size 64 64 128 64 128 64 (bits) 16 48 10, 12, 14 8.5 32 16 Rounds SubstitutionLaiSubstitutionFeistel Feistel Feistel Structure of permutation Massey permutation network network network algorithm network scheme network BlackBerry Enterprise Server, HTTPS, smart cards, Pretty Good Electronic FTPS, SFTP, Real world SIM cards, Privacy (PGP) DiskCryptor Linux payment WebDAVS, example routers v2.0 industry, OFTP Microsoft OneNote meet-in-theEFF DES middle attack, 4 rounds, SWEET32 Best Known cracking 7/8/9 rounds narrow11/12 rounds SWEET32 attack attacks machine bicliques attack attack Encryption High High High Low High High Time Decryption Medium Medium High High Low Low Time 256 2168 2128,2192, 2256 2128 2128,2192, 2256 Up to 2448 Security Table 1 Comparison of Symmetric Block Encryption Algorithms

VII.

CONCLUSION AND FUTURE WORK

In this paper, we looked at the working and implementation of different symmetric block cipher algorithms. At the end, we did a comparative analysis. In our opinion, Blowfish and Serpent are best candidates in terms of security. As a future work, we would like to do comparative analysis of asymmetric algorithms too. As a future work, we will also like to get actual results of different algorithms by performing encryption and decryption using some simulation tool. VIII.

REFERENCES

[1] "The CIA principle,". [Online]. Available: http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm. [2] S. Feruza and T.-H. Kim, "IT security review: Privacy, protection, access control, assurance and system

security," International Journal of Multimedia and Ubiquitous Engineering, vol. 2, no. 2, 2009. [3] Folio, "Infosecurity cert," 2005. [Online]. Available: https://cryptome.org/2013/09/infosecuritycert.pdf. [4] J. N. D. Gupta and S. Sharma, Eds., Handbook of research on information security and assurance. Boca Raton, FL, United States: Information Science Reference, 2008, ch. 19, p. 232. [5] S. Kansal and M. Mittal, "Performance evaluation of various symmetric encryption algorithms," 2014 International Conference on Parallel, Distributed and Grid Computing, Dec. 2014. [6] M. Umaparvathi and D. K. Varughese, "Evaluation of symmetric encryption algorithms for MANETs," 2010 IEEE International Conference on

Computational Intelligence and Computing Research, Dec. 2010. [7] T. Nie, Y. Li, and C. Song, "Performance evaluation for CAST and RC5 Encryption Algorithms," 2010 International Conference on Computing, Control and Industrial Engineering, 2010. [8] N. A. Kofahi, T. Al-Somani, and K. Al-Zamil, "Performance evaluation of three encryption/decryption algoriithms," 2003 46th Midwest Symposium on Circuits and Systems. [9] M. A. Matin, M. M. Hossain, and M. F. Islam, "Performance evaluation of symmetric encryption algorithm in MANET and WLAN," 2009 International Conference for Technical Postgraduates (TECHPOS), Dec. 2009. [10] "Cryptography," in Wikipedia, Wikimedia Foundation, 2016. [11] H. C. A. van Tilborg, FUNDAMENTALS OF CRYPTOLOGY A professional reference and interactive Tutorial. KLUWER ACADEMIC PUBLISHERS. [12] Microsoft, "Data Encryption and Decryption," 2016. [13] Cybrary, "Confusion and diffusion and their role in Cryptography," Cybrary, 2016. [Online]. Available: https://www.cybrary.it/study-guides/comptiacasp/confusion-and-diffusion-and-their-role-incryptography/. [14] R. Masram, V. Shahare, J. Abraham, and R. Moona, "Analysis and comparison of symmetric key cryptographic Algorithms based on various file features," International Journal of Network Security & Its Applications, vol. 6, no. 4, pp. 43–52, 2014. [15] M. Rani and S. Kumar, "Analysis on different parameters of Encryption Algorithms for information security," International Journal of Advanced Research in Computer Science and Software Engineering, 2015. [16] J. Schwartz, "TECHNOLOGY; U.S. Selects a new Encryption technique," in Business Day, The New York Times, 2000. [Online]. Available: http://www.nytimes.com/2000/10/03/business/technology -us-selects-a-new-encryption-technique.html. [17] "IDEA (international data Encryption algorithm),". [Online]. Available: http://www.quadibloc.com/crypto/co040302.htm. [18] "Serpent home page,". [Online]. Available: http://www.cl.cam.ac.uk/~rja14/serpent.html. [19] K. F. LLC, "How works serpent algorithm," 2010. [Online]. Available: http://en.kryptotel.net/serpent.html. [20] S. Manku and K. Vasanth, "BLOWFISH ENCRYPTION ALGORITHM FOR INFORMATION SECURITY," vol. 10, no. 10, 2015. [21] P. Patil, P. Narayankar, N. D.G, and M. S.M, "A comprehensive evaluation of cryptographic Algorithms: DES, 3DES, AES, RSA and blowfish," Procedia Computer Science, vol. 78, pp. 617–624, 2016.

[22] "Blowfish Encryption Algorithm,". [Online]. Available: https://kr8wiw.by3302.livefilestore.com/y3mn3k7FBjmE bM6DYm4kEkVF2PF8t-YBos5BfEwxnuJWdjMs3JuzrpucJcGLiYHrSUsyL32svkCi2cQ9p1VIMOAcVXOLnd_iUyz5TWpx1an A_Cj8ftxTdswv7jHf9yIcxPwWzZpvRFdIMHUU3VSG9 4A/Blowfish%20Encryption.pdf?download&psid=1. [23] "International data Encryption algorithm," in Wikipedia, Wikimedia Foundation, 2016. [Online]. Available: https://en.wikipedia.org/wiki/International_Data_Encrypti on_Algorithm. [24] "Data Encryption standard," in Wikipedia, Wikimedia Foundation, 2016. [Online]. Available: https://en.wikipedia.org/wiki/Data_Encryption_Standard. [25] "Triple DES," in Wikipedia, Wikimedia Foundation, 2016. [Online]. Available: https://en.wikipedia.org/wiki/Triple_DES. [26] "Advanced Encryption standard," in Wikipedia, Wikimedia Foundation, 2016. [Online]. Available: https://en.wikipedia.org/wiki/Advanced_Encryption_Stan dard. [27] "Serpent (cipher)," in Wikipedia, Wikimedia Foundation, 2016. [Online]. Available: https://en.wikipedia.org/wiki/Serpent_(cipher). [28] Posted and M. Rouse, "What is data Encryption standard (DES)? - definition from WhatIs.com," SearchSecurity, 2014. [Online]. Available: http://searchsecurity.techtarget.com/definition/DataEncryption-Standard. [29] "BlackBerry enterprise server encryption algorithms and the impact on blackBerry smartphone users,". [Online]. Available: http://support.blackberry.com/kb/articleDetail?ArticleNu mber=000013160. [30] J. C. Villanueva, "What AES Encryption is and how it’s used to secure file transfers," 2016. [Online]. Available: http://www.jscape.com/blog/aes-encryption. [31] Sa. PRajapati, "Roopesh Kewlani," 2014. [Online]. Available: http://www.slideshare.net/Saurabhprajapati759/idea34236642. [32] Wired, "Schneier on security: Blowfish: Products that use blowfish," 2000. [Online]. Available: https://www.schneier.com/academic/blowfish/products.ht ml. [33] A. A. R. Tamimi, "Performance analysis of data Encryption Algorithms,". [Online]. Available: http://www.cse.wustl.edu/~jain/cse56706/ftp/encryption_perf/. [34] O. P. Verma, R. Agarwal, D. Dafouti, and S. Tyagi, "Peformance analysis of data encryption algorithms," 2011 3rd International Conference on Electronics Computer Technology, Apr. 2011.

[35] M. Çakirolu, "Software implementation and performance comparison of popular block ciphers on 8-bit low-cost microcontroller," International Journal of the Physical Sciences, vol. 5, no. 9, pp. 1338–1343, 2010.