11.2 Cryptographic Algorithms
Cryptography is a way to scramble data by the possessor or sender A so that those not intended by A cannot read the data. Cryptography involves complex mathematical computation. When we talk about cryptography, we have at least two individuals or parties to the discussion: the possessor or sender A, and the reader or receiver B. A sends B sensitive data. A does not want anyone else but B to see the data. Therefore, A scrambles or encodes or encrypts or enciphers the data before sending. A wants it to be mathematically impossible for the smartest interceptor (who is not B) in the world with a large bank of the world’s fastest computers to be able to unscramble or decode or decrypt or decipher the data. This requires some genius on the part of A to maintain such tremendously high level of protection over the data during transit between A’s computer and B’s computer over an unsecured channel such as the Internet. The
trip the data makes between A’s and B’s computers involves going over the Internet, and hence, a large number of computers en route. It is quite likely that one or more of these computers is unfriendly, or has unfriendly users with the intent to see the data, capture and decipher it and use it for monetary or other benefits.
Protection over the data during transmission is now readily available by using encryption that is mathematically almost impossible to break. A cryptographic algorithm or tool is evaluated with respect to criteria such as the following [MvOV96].
Level of Security: How secure is the algorithm? That is, how difficult is it to break the algorithm? This may involve trying to obtain the cleartext from captured ciphertext with or without any (partial) knowledge of the keys, and with or without one or more captured cleartext–ciphertext pairs. Usually, the level of security is defined as an upper bound on the amount of work necessary to break the algorithm. Breaking attempts may be straight-forward brute-force techniques where one tries all possible value of the key, or more intelligent approaches where it is not essential to examine the complete key space. Examples of intelligent techniques include differential and linear cryptanalysis, and other mathematics-based attacks.
Performance: How efficient are the encryption and decryption processes? For example, one can judge an encryption algorithm by the number of bits per second that it can encrypt.
Ease of Implementation: How easy or difficult is the algorithm to implement in hardware or software?
Functionality: In what ways various cryptographic algorithms can be used to achieve an information security goal at hand? For example, when should conventional cryptography be applied? When should public-key cryptography be applied? To what effect and why?
Methods of Operation: Cryptographic algorithms when applied in various ways with various inputs may provide different effects such as different levels of security. What are these modes of operation? How should they be used and assessed?
There are essentially two types of cryptographic algorithms:
• conventional or symmetric cryptographic algorithms, and
• public-private key or asymmetric cryptographic algorithms.
We discuss these in the sections that follow in very brief.