Encryption

Secure Your Organization’s Data With These Encryption Algorithms

Data security is one of the essential parts of an organization; it can be achieved using various methods. Encryption Key has a significant role in the overall process of data. Data encryption converts the plaintext into an Encoded form (non-readable), and only authorized persons/parties can access it.

Read time: 6 minutes

Data security is one of the essential parts of an organization; it can be achieved using various methods. Encryption Key has a significant role in the overall process of data. Data encryption converts the plaintext into an Encoded form (non-readable), and only authorized persons/parties can access it.

Many algorithms are available in the market for encrypting such data. The encrypted data has been safe for some time, but we never think it is permanently secure. As time goes on, there is a chance that someone gets the data hacked.

Fig: Encryption and Decryption Process

In this article, we have considered various encryption algorithms and techniques for improving the security of the data, Information Security using encryption. Comparisons of encryption algorithms based on their performance, efficiency in hardware and software, key size, availability, implementation techniques, and speed.

Summary of the algorithms

We compare the measured speed of encryption algorithms with various other algorithms available as standard in Oracle JDK, using Eclipse IDE, and then summarize multiple other characteristics of those algorithms. The encryption algorithms consider here are AES (with 128 and 256-bit keys), DES, Triple DES, IDEA, and BlowFish (with a 256-bit key).

Performance of the algorithms

The figure below shows the time taken to encrypt various numbers of 16-byte blocks of data using the algorithms mentioned above.

It is essential to note right from the beginning that beyond some ridiculous point, it is not worth sacrificing speed for security. However, the measurements obtained will still help us make certain informed decisions.

Characteristics of algorithms

Table 1 summarizes the main features of each encryption algorithm, with what we believe is a fair overview of the current security status of the algorithm.

FactorsRSADES3DESAES
Created ByIn 1978 by Ron Rivest, Adi Shamir, and Leonard AdlemanIn 1975 by IBMIn 1978 by IBMIn 2001 by Vincent Rijmen and Joan Daemen
Key LengthIt depends on the number of bits in modulus n, where n = p*q56 bits168 bits (k1, k2, and k3)
112 bits (k1 and k2)
128, 192, or 256 bits
Rounds1164810-128 bit key,
12-192 bit key,
14-256 bit key
Block SizeVariable64 bits64 bits128 bits
Cipher TypeAsymmetric Block CipherSymmetric Block CipherSymmetric Block CipherSymmetric Block Cipher
SpeedSlowestSlowVery SlowFast
SecurityLeast SecureNot Secure enoughAdequate SecurityExcellent Security

Table 1: Characteristics of commonly used encryption algorithms

Comparison

The techniques have been compared based on that how much:

  • CPU processing speed for encrypting and decrypting data.
  • Rate of key generation.
  • Key size.
  • Security consideration.
  • Efficient on the hardware and software in case of implementation.
  • The amount of memory required to hold the data in the encryption process.
  • Number of users accommodated by the model.
  • Time required by the model to recover the data in case of key failure.
  • Time available to the hacker to produce various types of attacks.
  • The complexity of algorithm technique.
Fig: Comparison of encryption algorithm based on Percentage Efficiency

Formulation and Case Study

Case Study

Symmetric ciphers use the same key for encrypting and decrypting, so the sender and the receiver must both know — and use — the same secret key. All key lengths are deemed sufficient to protect classified information up to the “Secret” level, with “Top Secret” information requiring either 192- or 256-bit key lengths. There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys — a round consists of several processing steps that include substitution, transposition, and mixing of the input plaintext and transform it into the final output of ciphertext.

AES Design

Rounds

Padding is the method of adding additional Dummy data. During the encryption process of a message, if the message is not divisible by the block length, then the padding is used. E.g., if the message consists of 426 bytes, we need seven additional bytes of padding to make the message 432 bytes long because 432 is divisible by 16. Three key sizes can be used in AES, and depending on key sizes, the number of rounds in AES changes. The standard key size in AES is 128 bits, and the rounds are 10. for AES encryption, two sub keys are generated and in 1st round a round key is added in the first round.

No.Key SizeNo of Rounds
1128 bits10
2192 bits12
3256 bits14

For 128 bits, plain text and 128 bits key are used, and 10 rounds are performed to find the ciphertext. In the first step, 10 round keys are generated for each round, and there is a separate round key. But in the first round, an extra round key, the initial round, is added to the round, and then transformation is started. The transformation consists of four steps.

  1. Substitute Bytes
  2. Shift Rows
  3. Mix Columns
  4. Add Round Key

The Following figure explains all the encryption stages from plain text to ciphertext.

Fig: Shows the stages of each round

Encryption with AES

The encryption phase of AES can be broken into three steps: the initial round, the main rounds, and the final round. All of the stages use the same sub-operations in different combinations as follows:

  1. Initial RoundAdd Round Key
  2. Main Round
    • Sub Bytes
    • Shift Rows
    • Mix Columns
    • Add Round Key
  3. Final Round:
    • Sub Bytes
    • Shift Rows
    • Add Round Key
  4. Add Round Key

    This is the only phase of AES encryption that directly operates on the AES round key. In this operation, the input to the round is exclusive-or with the round key.

  5. Sub Bytes

    Involves splitting the input into bytes and passing each through a Substitution Box or S-Box. Unlike DES, AES uses the same S-Box for all bytes. The AES S-Box implements inverse multiplication in Galois Field 2.

  6. Shift Rows

    Each row of the 128-bit internal state of the cipher is shifted. The rows in this stage refer to the standard representation of the internal state in AES, which is a 4×4 matrix where each cell contains a byte. Bytes of the internal state is placed in the matrix across rows from left to right and down columns.

  7. Mix Columns

    Provides diffusion by mixing the input around. Unlike Shift Rows, Mix Columns performs operations splitting the matrix by columns instead of rows. Unlike standard matrix multiplication, Mix Columns performs matrix multiplication per Galois Field 2.

Decryption with AES

To decrypt an AES-encrypted ciphertext, it is necessary to undo each stage of the encryption operation in the reverse order in which they were applied. The three-stage of decryption is as follows:

  1. Inverse Final Round
    • Add Round Key
    • Shift Rows
    • Sub Bytes
  2. Inverse Main Round
    • Add Round Key
    • Mix Columns
    • Shift Rows
    • Sub Bytes
  3. Inverse Initial Round
    • Add Round Key

Conclusion

The study of various algorithms shows that the model’s strength depends upon the key management , type of cryptography, number of keys, number of bits used in a key. All the keys are based on mathematical properties. The keys having more number of bits requires more computation time, indicating that the system takes more time to encrypt the data. AES data encryption is a more mathematically efficient and elegant cryptographic algorithm, but its main strength is the option for various key lengths. AES allows you to choose a 128-bit, 192-bit, or 256-bit key, making it exponentially strong. AES uses permutation-substitution, which involves a series of substitution and permutation steps to create the encrypted block

References

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download
Encryption Services

About the Author

Anish Bhattacharya is a Consultant at Encryption Consulting, working with PKIs, HSMs, creating Google Cloud applications, and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo