Common Secret Key Algorithms
All of the widely known secret key-block algorithms exhibit the cryptographic properties desired in a block cipher. Foremost is the fact that each bit of the ciphertext should depend on all bits. Changing any key bit should result in a 50 percent chance of changing any resulting ciphertext bit. Furthermore, no statistical relationships can be inferred between a plaintext and its corresponding ciphertext. Detailed descriptions of most common secret-key cryptographic algorithms can be found in [SCHN96, MENE96].
Modern secret key cryptographic systems are most notably known through the Data Encryption Standard (DES) algorithm [MEYE82]. DES, a symmetric cipher in which the same key is used for encryption and decryption, was developed by IBM cryptographers in the early 1970s and has been a U.S. government standard since 1976 for the protection of sensitive but unclassified electronic information. The algorithm is a block cipher, in which a 64-bit input block is transformed into a corresponding 64-bit output ciphertext. It employs a 56-bit length key expressed as a 64-bit quantity in which the least relevant bit in each byte is used for parity checking. Figure 1.6 illustrates a high level abstraction of DES.
FIGURE 1.6 Abstraction of the DES algorithm
DES, in its standard form, iterates over 16 rounds in each of which data is manipulated, using a combination of permutation and substitution transformations along with standard arithmetic and logical operations such as XOR, based on the key value.
Recently, and mainly because of the increased speed of computing systems, DES has come under brute force attack on several occasions demonstrating its vulnerability to exhaustive searching of the key space [WIEN94]. Triple-DES is simply the DES algorithm applied three times using either two or three keys. With two keys, triple-DES proceeds by encrypting a block of data using the first key and using the second key to decrypt the previous encryption. The first key is once more used to encrypt the result from the second step.
The three-key triple-DES uses a separate key for each of the three steps. The number of possible keys in triple-DES is 2112, compared to a key space of size 256 for DES.
Although less visible than DES, the International Data Encryption Algorithm (IDEA) has been classified by some of the contemporary cryptographers as the most secure and reliable block-algorithm [LAI91, ETH92]. Like DES, IDEA encrypts data in 64-bit input blocks; for each it outputs corresponding 64-bit cipher block. It employs the same algorithm for encryption and decryption, with a change in the key schedule during encryption. Unlike DES, IDEA employs 128-bit secret key and dominantly uses operations from three algebraic groups: XOR, addition modulo 216, and multiplication modulo 216 + 1. These operations are combined to make 8 computationally identical rounds followed by an output transformation resulting in the final ciphertext.
Recently nominated as a candidate to become the Advanced Encryption Standard (AES) [NIST01], a replacement of DES by the U.S. government, Rijndael is an iterated block cipher with a variable block length and a variable key length both of which can independently be 128, 192, or 256 bits. Rijndael's simple and elegant design makes it efficient and fast on modern processors. While it only uses simple whole-byte operations on single- and 4-byte words, and requires a relatively small amount of memory for its implementation. It is suitable for implementations on a wide range of processors including 8-bit hardware for power and space-restricted hardware such as smart cards. It lends itself well to parallel processing and pipelined multi-arithmetic logic unit processors. The Rijndael algorithm is a departure from the traditional so-called Feistel ciphers. Typically in such ciphers parts of the bits in its intermediate states are transposed unchanged. The Rijndael algorithm does not adopt the venerable Feistel structure. Instead, each round of transformations is composed of three distinct invertible transformations that treat each bit of the intermediate state of the cipher in a uniform and similar way.