The recent tiff between the FBI and Apple for an iPhone hacking added new elements to the now ongoing debate on privacy, data safety and national security. That it is a tricky topic for everyone involved is simply undeniable. While we’ll stay away from that debate, it is an opportune time to discuss the current status something of importance to data scientists – encryption algorithms.
With the intensity and capabilities of brute force attacks increasing by the day, the onus of building better and safer encryption algorithms has been on the best brains on our generation. Before we delve deeper into some of those, it is important to state a rather simple but largely unstated fact regarding encryption algorithms. Encryption algorithms aren’t technically unbreakable. They are considered unbreakable if the security algorithm can outlive the brute force attacks on the products they are meant to protect.
Symmetric vs Asymmetric
If the look at the algorithm landscape, we’ll see the broad categorization of symmetric (symmetric key) and asymmetric (public key) algorithms. For the uninformed, asymmetric algorithms use the combination of public and private keys for encryption and decryption of the cipher. So from a mere theoretical standpoint, they outwit the symmetric algorithms where the same key has to be shared between the two parties beforehand. But in practical applications, both the types are extensively used. A major underlying factor is the higher computational demands of the asymmetric algorithms – thereby sometimes limiting their standalone usage in practical applications. Two of the most popular asymmetric key algorithms used today include RSA and Diffie-Hellman. For those with a technical eye – while RSA is more closely identifiable with problem of factoring large composite integers into a product of prime numbers, Diffie-Hellman uses finding the logarithm of a given integer (to a given base) modulo a given prime integer.
After that, the second most talked about aspect is the minimum key length used for encryption by the algorithm. Arguably, longer key lengths are difficult to break. Below, we look at some of the typical key lengths used by the algorithms.
Elliptic Curve and Hash Functions
Technically, the field of cryptography algorithms also includes two more categories – Elliptic Curve (function over points in finite fields that belong to elliptic curves) and Hash (provided constant size output for any input and is irreversible). Examples of hash functions are Secure Hash Algorithm 1 (SHA-1) and SHA-256.
Future with QCR
In terms of future prospects, there is considerable murmur around Quantum Computing Resistant (QCR) algorithms. However, we haven’t witnessed much wide scale disruptions yet. Aside that, another area where I foresee higher activity is the advancements in techniques by which stored encrypted data on the cloud could be analysed without decryption to the server. The underlying need is driven by the fact that with more and more data being stored on the cloud, an ever increasing need for its analysis is often hindered by the encryption code.
One must also add that for all practical applications, the product managers mustn’t always get swayed by the mathematical competency of the algorithms alone. Tactical needs of the product security and algorithm implementation are also of equal importance.
Among symmetric algorithms, AES is considering to be the standard today. It uses a minimum of 128 bit keys. Among asymmetric algorithms, RSA (Rivest-Shamir-Adleman) is considered to the standard today.
Some of the most common and well-known encryption algorithms used today are mentioned below.
- Honey – Misleads the attacker, producing a cipher, which, when decrypted with an incorrect key by the attacker, feeds a fake plausible looking password or encryption key. It works well against trial decryption attacks. Encryption involves coding using the Distribution Transforming Encoder (DTE) algorithm and then encrypted using the symmetric algorithm scheme on the supplied password. Decryption takes the reverse route.
- AES (Rijndael) – The Rijndael algorithm is symmetric block cipher algorithm that supports key sizes of 128, 192 and 256 bits, with data handled in 128-bit blocks. Rijndael uses a variable number of rounds, depending on key/block sizes. US NIST selected it as the candidate for Advanced Encryption Standard (AES).
- Blowfish – Blowfish is also a symmetric cipher algorithm. It splits messages into blocks of 64 bits and encrypts them. It is freely available online and is considered fairly fast and flexible. By virtue of these attributes, it is widely used across industries, including password management tools.
- Twofish – Twofish is also a symmetric cipher algorithm with key length up to 256 bits. It too is freely available online and is also considered a fast algorithm.
- Triple DES – Until a few years ago, Triple DES (Data Encryption Standard) was the gold standard in encryption algorithms. It applies the DES cipher algorithm thrice on each block (total key strength is 168 bits). A symmetric key algorithm, Triple DES still find a lot of favors in the financial services industry, particularly against brute force attacks.
- Serpent – Similar to Rijndael, Serpent is a 128 bits symmetric key algorithm with higher security margins (16, 32 rounds). It supports a key size of 128, 192 or 256 bits. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. It is also a free algorithm.
- Camellia – Considered equally suitable for software and hardware applications, it is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. Compared to Serpent, it uses 18 or 24 rounds (with a logical transformation layer after every 6 rounds).
- CAST–128 (CAST5) – Another 128 bits symmetric key block cipher. It is a 12- or 16-round Feistel network with a 64-bit block size and a key size of between 40 to 128 bits (but only in 8-bit increments). It is also freely available.
- SHA – Secure Hash Algorithm (SHA) is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS). It includes SHA-0, SHA-1, SHA-2 and SHA-3. SHA-256 and SHA-512 are SHA-2 algorithms with 32 and 64 word bits, respectively.
- RIPEMD – RACE Integrity Primitives Evaluation Message Digest (RIPMED) family of hash functions are relatively less employed than SHA.
- Tiger – Tiger has value size is 192 bits. Its large S-boxes (4 S-boxes, each with 256 64-bit entries) have rendered its implementations in hardware or small microcontrollers difficult. Though it is frequently used in Merkle hash tree form, as Tiger Tree Hash (TTH).
- WHIRLPOOL – Another free has function algorithm designed after the Square Block cipher. It takes a message of any length less than 2^256 bits and returns a 512-bit message digest.
- DSA (Digital Signature Algorithm) – A Federal Information Processing Standard for digital signatures, this needs no introduction. It has components of key generation, signing and verifying.
- RSA (Rivest-Shamir-Adleman) – We’ve already talked about a little bit about asymmetric algorithms. In particular, RSA is relatively slow and not that popular for directly encrypting user data. Mostly, it passes encrypted shared keys for symmetric key cryptography.
- ECDH, ECDSA – In Elleptic Curve, ECDH (Elliptic curve Diffie–Hellman) is a method for key exchange and ECDSA (Elliptic Curve Digital Signature Algorithm) is used for digital signatures. Hash algorithms are also called digital fingerprinting algorithms.
Despite all these efforts, there are still considerable challenges for this market. In another post, we’ll look into those.