Symmetric Cipher
The concept of Symmetric Cipher could be explained by this section. Using the same secret key to encrypt and decrypt. The most popular encryption algo is AES.
Block Cipher vs Stream Cipher
- block cipher's length is fixed (e.g. 256 bits)
- stream cipher's length is flexible, coming as a sequence
AES is a block cipher algo, but it could be transformed to stream cipher, see this scheme.
Block Cipher Modes
What if the information of Block Cipher are larger than a block size? That's why a Block Cipher Modes such as (CBC, CFB, OFB, CTR, EAX, CCM and GCM) are needed.
- Common modes require a IV (initial vector), which are the random seed in the start
- CTR (Counter) is the good choice since it is secure, the length could be arbitrary, but it doesn't offer authentication
- GCM is an extension of CTR and adds message authentication to check integrity
- CBC works in fixed size, a padding oracle is needed, hence it's susceptible to such attack
- The insecure one is ECB because the input yield the result of output with same length, hence it doesn't offer cryptographic confusion
- Most blocks like CBC, CTR and GCM supports random access
CTR (Counter) & GCM
This is a diagram that shows how block cipher is encrypted. GCM differs from CTR from adding a calculation of authentication code at the end of every block.
AES (Advanced Encryption Standard)
AES could be operated at any key length, but the block size is always 128 bits. It's recommended to use AES-256 for higher security.
The AES algo is also used along for password to key derivation like Scrypt and PBKDF2.
Encryption & Decryption
The processes are illustrated here.
Encryption
- Algo params are selected which could be hardcoded in the source code (encrypt and decrypt must be the same).
- Derive the key by password using algo e.g. Scrypt.
- input msg + key ====> ciphertext + IV + MAC (encrypt)
- like AES-GCM, the auth code is already calculated
- ciphertext is calculated by input msg + random IV + key ======> ciphertext
- the algo should hold ciphertext + IV + MAC
Decryption
- Algo param should the same as Encryption
- ciphertext + IV + MAC ====> original msg + key (decrypt)
- original msg + key => MAC code
- compare decrypted MAC code and encrypted MAC code (if they are the same, the message is correct)