Symmetric Key Algorithms Part 3

Due to the length and the details that need to be covered I divided the Symmetric Key Algorithm section into 3 parts.

The part 1 covers the Data Encryption Standards (DES) algorithm.

The part 2 covers 3DES, Blowfish, and IDEA.

This final part covers the RCA Algorithms and the ASE.


RC4, RC5, RC6

RC4, is a stream cipher, was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. RSA Security has never officially released the algorithm. RC4 has become part of some commonly used encryption protocols and standards, including WEP and WPA for wireless cards and TLS.

Security Issues

The keystream generated by the RC4 is biased in varying degrees towards certain sequences making it vulnerable to distinguishing attacks.

in 2001 it was discovered that the over all possible RC4 keys, the statistics for the first few bytes of output key stream are strongly non-random, leaking information about the key. If the long-term key and nonce are simply concatenated to generate the RC4 key, this long-term key can be discovered by analyzing a large number of messages encrypted with this key.

In 2005, Andreas Klein presented an analysis of the RC4 stream cipher showing more correlations between the RC4 key stream and the key.

A combinatorial problem related to the number of inputs and outputs of the RC4 cipher was first posed by Itsik Mantin and Adi Shamir in 2001, whereby, of the total 256 elements in the typical state of RC4, if x number of elements (x ≤ 256) are only known (all other elements can be assumed empty), then the maximum number of elements that can be produced deterministically is also x in the next 256 rounds. This conjecture was put to rest in 2004 with a formal proof given by Souradyuti Paul and Bart Preneel.

In 2013, a group of security researchers at the Information Security Group at Royal Holloway, University of London reported an attack that can become effective using only 224 connections. While yet not a practical attack for most purposes, this result is sufficiently close to one that it has led to speculation that it is plausible that some state cryptologic agencies may already have better attacks that render RC4 insecure

RC5 is a symmetric key algorithm with block cipher notable for its simplicity. Designed by Ronald Rivest in 1994, RC stands for “Rivest Cipher”, or alternatively, “Ron’s Code”. The Advanced Encryption Standard (AES) candidate RC6 was based on RC5.

12-round RC5 (with 64-bit blocks) is susceptible to a differential attack using 244 chosen plaintexts. 18–20 rounds are suggested as sufficient protection.

Distributed.net has brute-forced RC5 messages encrypted with 56-bit and 64-bit keys, and is working on cracking a 72-bit key; as of February 2014, 3.112% of the keyspace has been searched. At the current rate, it will take approximately 287 years to test every possible remaining key, and thus guarantee completion of the project

RC6 (Rivest Cipher 6) is a symmetric key block cipher derived from RC5. It was designed to meet the requirements of the Advanced Encryption Standard (AES) competition. The algorithm was one of the five finalists, and also was submitted to the NESSIE and CRYPTREC projects. It is a proprietary algorithm, patented by RSA Security.

RC6 proper has a block size of 128 bits and supports key sizes of 128, 192, and 256 bits, but, like RC5, it may be parameterised to support a wide variety of word-lengths, key sizes, and number of rounds. RC6 is very similar to RC5 in structure, using data-dependent rotations, modular addition, and XOR operations; in fact, RC6 could be viewed as interweaving two parallel RC5 encryption processes, however, RC6 does use an extra multiplication operation not present in RC5 in order to make the rotation dependent on every bit in a word, and not just the least significant few bits.

As RC6 has not been selected for the AES, it is not guaranteed that RC6 is royalty-free.
Join Amazon Prime – Listen to Over a Million Songs – Start Free Trial Now

Advanced Encryption Standards (AES)

The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

 

AES is based on the Rijndael cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, who submitted a proposal to NIST during the AES selection process. Rijndael is a family of ciphers with different key and block sizes.

 

AES has been adopted by the U.S. government and is now used worldwide.

 

AES became effective as a federal government standard on May 26, 2002 after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages, and is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA approved cryptographic module.

 

Side-channel attacks do not attack the underlying cipher, and thus are not related to security in that context. They rather attack implementations of the cipher on systems which inadvertently leak data. There are several such known attacks on certain implementations of AES.

 

Between early 2009 and 2010 there are several exploits that were discovered including

  • Related key attack
  • Distinguished key attack
  • Related subkey attack
  • Key-recovery attacks
  • Biclique attack

These attacks targets on recovering the keys for AES-128, AES-192 and AES-256.