Asymmetric Key Algorithms

Previously you learned about asymmetric key algorithms and you should understand that asymmetric encryption requires two keys: public and private. As a review, using the flashcards define asymmetric key encryption, public key, private key, and digital certificate. Then read the section on asymmetric encryption.

This is one the simplest security schemes due to the fact that it requires both the sender and the receiver require access to a shared key which is used for both encryption and decryption of the message. Review the following advantages and disadvantages of symmetric key encryption.

Advantages Disadvantages
Can quickly encrypt and transfer large amounts of data. System can be completely compromised if key is not properly managed.
Easy to manage Requires high level of security in the transportation of the key.


With symmetric algorithms, the challenge is making sure that the encryption key remains secure. Users must find a secure method for exchanging the key. There is a special type of symmetric key referred to as a session key that is used to encrypt messages between two users during one communication session.


Examples of Symmetric Algorithms

3DES (Triple DES): Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size that uses a 56-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block of ciphertext. It always operates on blocks of equal size and it uses both permutations and substitutions in the algorithm.

A stream cipher inputs digits or bits and encrypts the stream of data. Stream ciphers combine a plain text bit with a pseudorandom cipher bit through an XOR operation. An XOR operation is a bitwise operation that takes two bit patterns that are an equal length and performs the logical exclusive OR operation on each pair. The result of the pair is a 1 if only the first bit is 1 or only the second bit is a 1. The result is 0 if both are 0 or both are 1. Stream ciphers are used in hardware implementations.

DES has four modes of operation:

  1. Electronic codebook (ECB) mode: the default mode of encryption. If the last block is not fully 64 bits, padding is added.
  2. Cipher block chaining (CBC) mode: If the last block is not fully 64 bits, CBC inserts some of the cipher text created from the previous block into the next one.
  3. Output feedback (OFB) mode: Uses plain text to feed back into the stream of cipher text, an initialization vector is used to create a seed value for the first encrypted block, and DES XORs the plain text with the seed value and applies it to subsequent data.
  4. Cipher feedback (CFB) mode: previously generated cipher text is added to subsequent streams.

Triple DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits. 3DES is resistant to attack, but it is much slower than DES.

3DES Encryption Cycle:

  1. Data encrypted by first DES
  2. Data decrypted by second DES
  3. Data re-encrypted by third DES

The reverse process is used to decrypt the ciphertext.

IDEA: The International Data Encryption Algorithm (IDEA) uses 64-bit blocks and 128-bit keys. IDEA performs eight rounds of transformations on each of the 16 blocks that results from dividing each 64-bit block. It was created in order to replace DES and is now used in PGP (Pretty Good Privacy). PGP is a program that provides privacy and authentication for data communication. GNU Privacy Guard (GPG) is a licensed, free version of PGP.

AES: The Advanced Encryption Standard AES) has a fixed block size of 128-bits but has an infinite key limit with common lengths of 128,163, and 259. The Advanced Encryption Standard algorithm approved by NIST in December 2001 uses 128-bit blocks. The cipher currently supports key lengths of 128, 192, and 256 bits. AES is the required algorithm for sensitive but unclassified U.S. government data.

Other block ciphers include Skipjack, developed by the NSA and Blowfish, one of the few algorithms that have not been patented, Twofish, RC4/RC5/RC6, and CAST.

In the following example, Bob and Barbara need to exchange a message using symmetric key encryption. In this case, Bob will encrypt the plaintext message using a key. Barbara will need to use the same key to decrypt the cipher text.

Figure 1 – Symmetric Key Encryption flow