Area 1: Common Infrastructure Technology
Student ID
Student name
Email address
Class
Submit date

October 2020

1. Title
Search Two Types of Encryption Keys: Public and Secret Key Algorithms

2. Purpose of the Study
The Internet is an open environment to exchange information, any information sent or received on the
Internet can be stolen or eavesdropped on. Therefore, one of the most effective solutions for this
problem is encryption. The main goal of this report is to give a brief overview of two encryption keys:
public and secret key algorithms for newcomers to cyber security and cryptography, hence, it will not go
too deep into coding techniques.

3. Contents and Scope
a. Contents
The content of this study is divided into four main sessions:
 A Basic Research on the Basic Cryptography Knowledge
 Algorithms that Commonly Used in Symmetric Cryptosystem
 Algorithms that Commonly Used in Asymmetric Cryptosystem
 Theoretical Analysis of Encryption Algorithm
b. Scope
This study will introduce some fundamental definitions and models in cryptography as well as
briefly give the explanations and related knowledge and informations of several common
symmetric encryption techniques of both symmetric and asymmetric key algorithms.

4. Results of the Study
4.1.

Basic Cryptography Definitions

Plaintext is the original content in documents may including typical characters, sentences,
figures, or images or texts which is readable. Ciphertext is the materials that replaced from
original characters, sentences, figures, or images to other characters, figures or images that can
not be recognized by manual method.
Encryption is the process in which data is converted into something that seems to be unreadable
or can be simply known as a process transforming plaintext into ciphertext. Decryption is the
process in which the encoded information is converted back to its original form or can be known
as a process transforming ciphertext into plaintext.
Key is a piece of information used in combination with an algorithm or a cipher to transform
plaintext into ciphertext, which called encryption, and vice versa, decryption.

1


Cryptosystem is a system consisting of encryption algorithm and decryption algorithm. The
picture below is a visual explanation how do this system work. For a given encryption key the
encryption algorithm will map a plaintext to a ciphertext, which is usually unique determined.
For the corresponding decryption key, the decryption algorithm will map the ciphertext to the
plaintext, which is usually unique determined too.

Figure 1. Cryptosytem

4.2.

Symmetric/Secret Key Algorithms


a. Symmetric encryption system
A symmetric encryption system is an encryption system that uses a shared secret key for both
encryption and decryption. In this system, the key is a random and secret value shared among
information exchange parties that can be generated from trusted third parties and distributed to
senders and receivers or can be directly created by the sender and transmitted to the receiver.
The mechanism of this system is simple: the sender uses the key to encrypt information and
sends it to the receiver, then the receiver uses that shared secret key to decrypt.
There many symmetric ciphers, for example: DES, 3DES, AES, RC4, etc. This study is about to
mention two most common secret key algorithms: DES and AES.
b. Data Encryption Standard (DES)
On May 15, 1973, the National Bureau of Standards (NBS), which is now known as NIST National Institute of Standards and Technology (USA), published a notice in the Federal Register
soliciting proposals for cryptographic algorithms to protect data during transmission and storage
and waited for the responses to come in. However, it received none until August 6, 1974, when
IBM submitted a candidate that it had developed internally under the name Lucifer. After
2


evaluating the algorithm with the help of the National Security Agency (NSA), the NBS adopted a
modification of the Lucifer algorithm as the new Data Encryption Standard (DES) on July 15,
1977.
DES is a very default method and also well known as a block cipher. It encrypts messages or data
in many blocks of size of 64 bits per each, means 64-bit blocks of plaintext goes as the input to
DES, which produces 64-bit blocks of ciphertext. The initial key also consists of 64 bits. However,
before the DES process even starts, every 8th bit of the key is discarded (at position 8, 16, 24, 32,
40, 48, 56 and 64) to produce a 56 bit key, so the final key length is 56 bits. The same algorithm
and key are used for encryption and decryption, with minor differences.
DES is based on the two fundamental attributes of cryptography: substitution 1 (also called as
confusion) and transposition2 (also called as diffusion). DES includes of 16 rounds, each round
performs the steps of substitution and transposition before generates the final ciphertext blocks.

The encoding process goes as follows:





Calculating the total of bits of the plaintext and dividing them into 64-bit blocks.
Separating the 64-bit blocks into two halves, says Left Group (L) and Right Group (R)
Substituting and transposing each group, those groups go through 16 rounds of
encryption process.
In the end, the two groups are rejoined, the finale result of this process is 64-bit
ciphertext.

Figure 2. DES encrpytion process

1 Substitution cipher is an encryption technique that replaces one symbol with another.
2 Transposition cipher is an encryption technique that reorders symbols in a block of symbols.

3


c. Advanced Encryption Standard (AES)
A replacement for DES was needed as its key size was too small comparing to a lot of information
that need to encrypt. Additionally, with the increasing of computing power, it was considered
vulnerable against Brute force attacks 3; so, triple DES4 was designed to overcome this drawback
but it was found slow. Therefore, a new encryption standard recommended by NIST to replace
DES and 3DES: Advanced Encryption Standard (AES). In fact, AES algorithm not only for security
but also for great speed and it is also a very popular and widely adopted symmetric encryption
algorithm likely to be encountered nowadays.
The AES encryption algorithm encrypts and decrypts data in blocks of 128 bits. It can do this

using 128-bit, 192-bit, or 256-bit keys. AES using 128-bit keys is often referred to as AES-128, and
AES-192 as well as AES-256 are referred in a way similar to the AES-128. The number of rounds in
AES is variable and depends on the length of the key: AES-128 uses 10 rounds, AES-192 uses 12
rounds and AES-256 used 14 rounds. Each of these rounds uses a different 128-bit round key,
which is calculated from the original AES key and comprise of some sub-processes including
substitution, transposition and mixing of the input plaintext to transform it into the final output
of ciphertext. The following diagram provides a simplified overview of the AES encryption
process.

Figure 3. AES encryption process
In order, these are about four sub-steps in one round of AES encoding cipher:
3 Brute force attacks is a very primitive form attack is also known as an exhaustive key search. It basically involves
trying every combination of numbers possible until the correct key is found.
4 Triple DES (3DES) is a sub-variant cipher of DES executing the DES algorithm three times.

4









Byte Substitution (SubBytes): The 16 input bytes are substituted by looking up a fixed table (Sbox) given in design. The result is in a matrix of four rows and four columns.
Shiftrows: Each of the four rows of the matrix is shifted to the left. Any entries that “fall off” are
re-inserted on the right side of row. Shift is carried out as:
○ First row is not shifted.
○ Second row is shifted one (byte) position to the left.

○ Third row is shifted two positions to the left.
○ Fourth row is shifted three positions to the left.
○ The result is a new matrix consisting of the same 16 bytes but shifted with respect to
each other.
MixColumns: Each column of four bytes is now transformed using a special mathematical
function. This function takes as input the four bytes of one column and outputs four completely
new bytes, which replace the original column. The result is another new matrix consisting of 16
new bytes. It should be noted that this step is not performed in the last round.
Addroundkey: The 16 bytes of the matrix are now considered as 128 bits and are XORed to the
128 bits of the round key. If this is the last round then the output is the ciphertext. Otherwise,
the resulting 128 bits are interpreted as 16 bytes and we begin another similar round.
The first round process is depicted below:

Figure 4. AES first round process
The decryption processes of an AES is similar to the encryption process in the reverse order and
both sender and receiver have the same key to encrypt and decrypt data. Each round consists of
the four processes conducted in the reverse order, like this:
5







Add round key
Mix columns
Shift rows
Byte substitution


Since sub-processes in each round are in reverse manner, the encryption and decryption
algorithms needs to be separately implemented, although they are very closely related.
Comparing AES and DES algorithm, we can notice that they are both symmetric block ciphers,
but AES is more mathematically efficient. The main benefit of AES lies in its key length options.
The time required to crack an encryption algorithm is directly related to the length of the key
used to secure the communication: 128-bit, 192-bit or 256-bit keys. Therefore, it is exponentially
stronger than the 56-bit key of DES and it is also significantly faster than 3DES. The table below
display more detail about several differences between AES and DES cryptosystem.
Table 1. Difference between AES and DES ciphers
AES – Advanced Encryption Standard
Key length can be of 128-bits, 192-bits and 256bits.
Number of rounds depends on key length: 10
rounds for 128-bits, 12 rounds for 192-bits and 14
rounds for 256-bits
The structure is based on substitutionpermutation network.

DES – Data Encryption Standard
Key length is 56 bits.
Involving 16 rounds of identical operations
The structure is based in feistel network.

The rounds in AES are: Byte Substitution, Shift
Row, Mix Column and Key Addition

Can be broken easily as it has known
vulnerabilities. (3DES - Triple DES is a variation of
DES which is secure than the usual DES).
The rounds in DES are : Expansion, XOR operation
with round key, Substitution and Permutation


Can encrypt 128 bits of plaintext.

Can encrypt 64 bits of plaintext.

Be derived from square cipher.

Be derived from Lucifer cipher.

More secure than the DES cipher and is the de
facto world standard.

Was designed by Vincent Rijmen and Joan
Daemen.
No known crypt-analytical attacks against AES but
side channel attacks against AES implementations
possible. Biclique attack have better complexity
than brute-force but still ineffective.

4.3.

Was designed by IBM.
Known attacks against DES include: Brute-force,
Linear crypt-analysis and Differential cryptanalysis.

Asymmetric/Public Key Algorithms

a. Asymmetric encryption system
An asymmetric encryption system is an encryption system that uses a pair of keys for every
party: public key which are published openly, and a private key which are never revealed for
encryption and decryption. It means the key used encryption process will be totally different

from the key used to decrypt the data. In this system, the sender sends the information
encrypted by public key through a non-confidential communication channel to the receiver. The
6


recipient who receives the information will use the private key to decrypt it. Advantage of this
encryption system is hackers will also know the public key, however, because there is no private
key, they cannot see the submitted information.
One of the most widely used asymmetric key cryptosystem is RSA and digital signature, which
use the public key encryption system as a principle to verify the authenticity of digital messages
or documents.
b. Rivest–Shamir–Adleman (RSA)
The RSA algorithm has come to be known by the acronym from the inventors’name: Ron Rivest,
Adi Shamir and Leonard Adleman. The three authors firstly described the RSA cipher in 1977 and
that idea was patented in 1983 by Massachusetts Institute of Technology (MIT), but it was not
until the early days of the Internet that the algorithm began to see widespread adoption as an
important security tool. Moreover, the RSA cryptosystem has stood the test of time to this day,
where it is used in cryptographic applications from banking, and e-mail security to e-commerce
on the Internet.
RSA cryptosystem involves these major steps.






Key Generation
o Select two large prime numbers5, and . The prime numbers need to be very
large, and also relatively far apart, so that they will be difficult for someone to
figure them out.

o Calculate a trap function6:
o Calculate the Euler’s totient function:
o Select an integer , such that is co-prime 7 to and . The pair of numbers makes
up the public key.
o Calculate such that . The number can be found using the Extended Euclidean
Algorithm. The pair makes up the private key.
Encryption
Given a plaintext , represented as a number, the ciphertext is calculated as:
Decryption
Using the private key , the plaintext can be found using:

To sum up, the basic principle of this cipher is to find three very large positive integers , and can
be found where:
The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public key
consists of two numbers where one number is multiplication of two large prime numbers. And
5 Prime number is a number that cannot be divided by any other number except itself and the number 1. For
example, 2, 3, and 7 are prime numbers.
6 A trapdoor function is a function that is easy to compute in one direction, yet believed to be difficult to compute
in the opposite direction (finding its inverse) without special information.
7 In number theory, two integers and are relatively prime, mutually prime, or coprime if the only positive integer
that evenly divides (is a divisor of) both of them is 1.

7


private key is also derived from the same two prime numbers. So if somebody can factorize the
large number, the private key is compromised; though, even knowing , and , it is very difficult to
find . Therefore encryption strength totally lies on the key size and if we double or triple the key
size, the strength of encryption increases exponentially. RSA keys can be typically 1024 or 2048
bits long. Although experts believe that 1024 bit keys could be broken in the near future, it

seems to be an infeasible task so far.

Figure 5. RSA cryptosystem
c. Diffie-Hellman (DH) key exchange algorithm
Although symmetric key algorithms are fast and secure, key exchange is always an issue. A
solution for this problem is using hybrid crypto system, the combination of symmetric and
asymmetric encryption. Asymmetric encryption is used as a technique in key exchange
mechanism to share secret key. After the key is shared between senders and receivers, the
communication will take place using symmetric encryption, and then, the shared secret key will
be used to encrypt the communication. The Diffie-Hellman algorithm, named after two authors
Whitfield Diffie and Martin Hellman, is a method for securely exchanging cryptographic keys over
a public communications channel. Actually, the keys are not really exchanged, but they are
jointly derived. The DH algorithm is also one of the earliest known asymmetric key
implementations that is still in use today.
DH key exchange is a complicated cipher and it can be difficult to understand how it works
because it uses huge amount and a lot of math. Basically, the original idea of this algorithm is
illustrated in the picture below:

8


Figure 6. Basic idea of Diffie-Hellman algorithm
Claiming that there are two people, Alice and Bob, need to exchange their secret paint colors
through a mixture of colors. At first, Alice and Bob publicly agree on an arbitrary starting color
that does not have to be kept secret ( ■). Each person also secretly selects a color that they keep
to themselves (Alice’s color is ■, and Bob’s color is ■). The next crucial part of the process is the
two parties mix their own private color together with their mutually shared one and then
publicly exchange the two mixtures ( ■ and ■). After received the mixture from the other, each
person adds their own secret color to get the identical color mixture ( ■). This final mixtures are
exactly the same for both people and only the two know, called the common secret color.

The important point of this key exchange method is that both parties can get the same result,
without having to send all the shared secrets on the communication channel. Choose a generic
color, their own private color, swap the first mixture and then add their own color again, giving
both sides a way to go to the same generic secret without having to submit the whole. If there is
an outsider listening for the exchange, he or she could only know the common color ( ■) and the
exchanged mixture (■ and

■) because it will be not easy (in terms of calculation) to figure out
the two's shared secrets or the final color ( ■). Now, the two parties will use this shared secret to
encrypt and decrypt data transmitted on public channels, which means they can safely
communicate with each other.

9


The cryptographic explanation of the DH algorithm is described in the table below. In this table,
is a prime number, is a primitive root8 of and they are both publicly available numbers. On the
other hand, and are the private values selected by the two parties.
Table 2. DH process
Action
Public keys available
Private key selected
Key generated
Exchange the generated keys
Key received
Secret key generated

Alice

Bob


Since , we can algebraically show that . In this process, only the numbers and are kept secret.
All the other values, such as , , and are sent in the clear. The strength of the scheme comes
from the fact that take extremely long times to compute just from the public values. Once the
two parties complete computing the shared secret key they can use it to encrypt the messages
for sending and communicating across the same open channel.
The Diffie–Hellman key agreement is not limited to negotiating a key shared by only two
participants. Any number of users can take part in an agreement by performing iterations of the
agreement protocol and exchanging intermediate data, which does not itself need to be kept
secret.

4.4.

Theoretical Analysis of Encryption Algorithm

The table below shows several different points between the four algorithms mentioned above in the
study.
Table 3. Comparison between the DES – AES – RSA – DH Algorithms