1. Basic Concepts
- Message to be encrypted is the plaintext
- Symmetric cipher uses a secret key, shared with recipient, to transform the plaintext
- Transformation performs multiple transpositions and substitutions of bits, to generate ciphertext
- Decryption inverts the transformation, using same key
- Transformation should be easily reversible if we know the key, nearly impossible to reverse if we don’t
2. Types of Symmetric Cipher
Block cipher块密码
块密码, 信息被分成了很多大小相等的块,然后用一个密钥对每个块分别进行加密,通常密钥的长度跟每个块的长度差不多甚至更长。目前最为常用的块加密的实际协议是 AES ,同时它也是最著名的对称加密协议,被用于 HTTPS 等各种的常见系统中。
Processes plaintext in fixed-size blocks
Adds padding so plaintext size is a multiple of block size
Examples: DES, RC2, Blowfish, Camellia, AES
Stream cipher流密码
流密码的原理是用伪随机数做密码流去加密信息的方法,信息被看做是一个二进制流。流密码的工作原理类似一次性密码本,只可以密码流不是真随机数,所以安全性比一次性密码本低。
Processes plaintext continuously
Uses key to generate a stream of pseudorandom data, then XORs (⨁) this with plaintext
Examples: RC4, Rabbit, SNOW 3G
3. Requirements For Key
- Large enough that it cannot be found by brute-forcing
- Random enough that it can’t be predicted
- Stored and shared securely
Brute-Forcing of Keys
Advanced Encryption Standard (AES)
- Block cipher, with 128-bit blocks
- Key sizes of 128, 192 or 256 bits
- Fast in software
AES Block Processing
- 16-byte blocks of plaintext are treated as 4 × 4 squares
- 4 × 4 square is fed through multiple iterations of a round function, finally yielding ciphertext
AES Round Function
Round function takes three inputs: the 4 × 4 square output by the previous round, the round number, and a round key