Comparison of Common Encryption Algorithms

Source:http://dwz.date/afUd

1. Basic Concepts of Encryption

“Encryption” is a technology that restricts access to data transmitted over the network. The original data (also known as plaintext) is encoded into ciphertext by encryption devices (hardware or software) and keys. The process of restoring ciphertext back to the original plaintext is called decryption, which is the reverse of encryption, but the decryptor must use the same type of encryption device and key to decrypt the ciphertext.

Risks in Data Storage and Transmission:

Comparison of Common Encryption Algorithms

Basic Functions of Encryption Include:

1. Prevent unauthorized access to confidential data files;

2. Prevent confidential data from being leaked or tampered with;

3. Prevent privileged users (such as system administrators) from viewing private data files;

4. Make it difficult for intruders to easily locate files in a system.

Data encryption is an important mechanism for ensuring computer network security. Although it has not yet become widespread in networks due to costs, technical complexities, and management issues, data encryption is indeed one of the important means to achieve data security in distributed systems and network environments.

Data encryption can be implemented at multiple layers of the OSI seven-layer protocol (OSI stands for Open System Interconnect, a model established by the International Organization for Standardization (ISO) that divides network communication into seven layers: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, and application layer). Therefore, from the logical position of encryption technology applications, there are three methods:

① Link encryption: Usually refers to encryption below the network layer, mainly used to protect the data transmitted between communication nodes, with encryption and decryption performed by cryptographic devices placed on the line. It can further be divided into synchronous communication encryption and asynchronous communication encryption based on the synchronization method of the transmitted data, with synchronous communication encryption including byte-synchronous communication encryption and bit-synchronous communication encryption.

② Node encryption: An improvement on link encryption. Encryption is performed at the protocol transport layer, mainly to protect the data transmitted between the source node and the destination node, similar to link encryption, but the encryption algorithm must be combined with the encryption module attached to the node, overcoming the disadvantage of link encryption being easily accessed illegally at the node.

③ End-to-end encryption: Encryption above the network layer is called end-to-end encryption. It focuses on the main network layer and encrypts data information at the application layer, which is easy to implement with software and has low costs, but the key management issue is difficult. It is mainly suitable for situations where information is transmitted between multiple senders and receivers in large network systems.

2. Applications of Data Encryption

1. Media encryption: DRM

2. File encryption: text encryption, pdf, word

3. Data encryption: Data encryption in ASP.NET (C#)

4. Hardware encryption: encryption dongles

3. Trends in Encryption Technology Development

① Combining private key encryption technology with public key encryption technology: Given the characteristics of the two encryption systems, a compromise solution can be adopted in practical applications, i.e., using both DES/IDEA and RSA, with DES as the “core” and RSA as the “shell”. For data transmitted over the network, DES or IDEA can be used for encryption, while the key used for encryption can be transmitted encrypted with RSA. This method ensures data security while improving the speed of encryption and decryption, and it is also one of the new directions in the development of encryption technology.

② Seeking new algorithms: Moving away from common iterative-based construction ideas and detaching from construction methods based on the complexity of certain mathematical problems. For example, Mr. Liu Zunquan proposed the Liu algorithm, which is a key-based public key system that uses randomness to construct encryption and decryption transformations, with all computations controlled and hidden within the key, and the key length can vary. It constructs a large search space by selecting a certain length of segmentation to achieve a nonlinear transformation at once. This encryption algorithm has high encryption strength, fast speed, and low computational overhead.

③ Encryption will eventually be integrated into systems and networks. For example, the IPV6 protocol already has built-in encryption support, and in hardware, Intel is developing an encryption coprocessor that can be integrated into the main board of a microcomputer.

4. Classification of Encryption Technologies

Encryption types can be simply divided into four categories:

1. Not considering the decryption issue at all;

2. Private key encryption technology: Symmetric Key Encryption: Symmetric encryption uses the same key for both encryption and decryption. This encryption method is often difficult to implement in applications because sharing the same secure way of sharing keys is challenging. Examples include RC4, RC2, DES, and AES series encryption algorithms.

3. Public key encryption technology: Asymmetric Key Encryption: Asymmetric key encryption uses a pair of public/private key systems, using one key for encryption and another key for decryption. The public key can be widely shared and disclosed. This encryption method is more convenient when data needs to be transmitted to an external server in an encrypted manner. Examples include RSA.

4. Digital certificates: Digital certificates are a form of asymmetric key encryption, but an organization can use a certificate and associate a set of public and private keys with its owner through digital signatures.

5. Introduction to Encryption Algorithms

1. Symmetric Encryption

Symmetric encryption algorithms are used to encrypt sensitive data and other information. Common algorithms include:

DES (Data Encryption Standard): A fast encryption standard suitable for encrypting large amounts of data.

3DES (Triple DES): Based on DES, it encrypts a block of data three times with three different keys for higher strength.

AES (Advanced Encryption Standard): The next generation encryption algorithm standard, fast, and with a high level of security.

AES vs. 3DES Comparison

2. Asymmetric Encryption

RSA: Invented by RSA Security, it is a public key algorithm that supports variable-length keys; the length of the file block to be encrypted can also vary.

DSA (Digital Signature Algorithm): A standard for digital signatures (DSS);

ECC (Elliptic Curves Cryptography): A form of elliptic curve cryptography.

Compared to RSA, ECC has absolute advantages in many aspects, primarily reflected in the following areas:

Strong resistance to attacks. For the same key length, its resistance to attacks is many times stronger.

Small computational load and fast processing speed. ECC is much faster overall than RSA and DSA.

Small storage space requirement. The key size and system parameters of ECC are much smaller compared to RSA and DSA, meaning it occupies much less storage space. This is particularly important for the application of encryption algorithms on IC cards.

Low bandwidth requirements. When encrypting and decrypting long messages, all three types of cryptosystems have the same bandwidth requirements, but when applied to short messages, ECC has much lower bandwidth requirements. Low bandwidth requirements give ECC broad application prospects in wireless networks.

The following two images show the comparison of security and speed between RSA and ECC.

Comparison of RSA and ECC security modulus lengths

3. Hash Algorithms

A hash is a distillation of information, typically much shorter than the information and of a fixed length. A strongly encrypted hash must be irreversible, meaning that the original information cannot be deduced from the hash result. Any change in the input information, even a single bit, will lead to a significant change in the hash result, known as the avalanche effect. Hashing should also be collision-resistant, meaning it should not be possible to find two pieces of information with the same hash result. Hash results with these characteristics can be used to verify whether the information has been modified.

One-way hash functions are generally used to produce message digests, key encryption, etc., with common examples including:

MD5 (Message Digest Algorithm 5): A one-way hash algorithm developed by RSA Data Security, irreversible, producing the same ciphertext for the same plaintext.

SHA (Secure Hash Algorithm): Can compute and generate a 160-bit value for data of any length;

Comparison of Symmetric and Asymmetric Algorithms

The above summarizes the principles of the two encryption methods, which mainly differ in the following aspects:

In terms of management: Public key cryptography algorithms achieve their goals with fewer resources, and there is an exponential difference in key distribution between the two (one is n, the other is n²). Therefore, private key cryptography algorithms are not suitable for use over wide area networks, and importantly, they do not support digital signatures.

In terms of security: Since public key cryptography algorithms are based on unresolved mathematical problems, they are nearly impossible to crack. For private key cryptography, although AES is theoretically uncrackable, from the perspective of computer development, public key is superior.

In terms of speed: The software implementation speed of AES has reached several megabits or tens of megabits per second, which is 100 times faster than public key algorithms. If implemented in hardware, this ratio can expand to 1000 times.

6. Choosing an Encryption Algorithm

1. Since asymmetric encryption algorithms run much slower than symmetric encryption algorithms, when we need to encrypt a large amount of data, it is recommended to use symmetric encryption algorithms to improve encryption and decryption speed.

2. Symmetric encryption algorithms cannot achieve signatures, so signatures can only be done with asymmetric algorithms.

3. Since key management for symmetric encryption algorithms is a complex process, the management of keys directly determines their security. Therefore, when the data volume is small, we can consider using asymmetric encryption algorithms.

4. In practical operations, the usual approach is to use asymmetric encryption algorithms to manage the keys of symmetric algorithms and then use symmetric encryption algorithms to encrypt data. This way, we integrate the advantages of both types of encryption algorithms, achieving both fast encryption speed and secure and convenient key management.

5. For RSA, it is recommended to use a 1024-bit key; for ECC, a 160-bit key; and for AES, a 128-bit key is sufficient.