## Symmetric Encryption

• Encryption turns clear text into ciphertext

• Decryption restores clear text from ciphertext

• Keys enable encryption and decryption

• Encryption turns clear text into ciphertext

• Decryption restores clear text from ciphertext

• Keys enable encryption and decryption

© 2004 Cisco Systems, m

The figure shows symmetric encryption, also known as secret-key encryption. It is used for large volumes of data. During the data exchange, the keys may change several times. Asymmetric encryption, or public-key encryption such as RSA, is several times more CPUintensive, so it is usually used only for key exchanges.

With block ciphers, it is possible to further guarantee the integrity of the data received by using feedback. Cisco encryption algorithm incorporates cipher feedback (CFB), which does an Exclusive-OR of the plain text data with each block of encrypted data. CFB provides a means to verify that all data was received as transmitted.

The most important feature of a cryptographic algorithm is its security against being compromised. The security of a cryptosystem, or the degree of difficulty for an attacker to determine the contents of the ciphertext, is the function of a few variables. In most protocols, the cornerstone to security lies in the secrecy of the key used to encrypt data. The DES algorithm is built so that it is too difficult for anyone to be able to determine the clear text without having this key. In any cryptosystem, great lengths are taken to protect the secrecy of the encryption key.

DES is one of the most widely used symmetric encryption standards. DES turns clear text into ciphertext via an encryption algorithm. The decryption algorithm on the remote end restores clear text from ciphertext. Keys enable the encryption and decryption. DES is the most widely used symmetric encryption scheme today. It operates on 64-bit message blocks. The algorithm uses a series of steps to transform 64-bit input into 64-bit output. In its standard form, the algorithm uses 64-bit keys, of which 56 bits are chosen randomly. The remaining eight bits are parity bits, one for each seven-bit block of the 56-bit random value.

3DES is an alternative to DES that preserves the existing investment in software but makes a brute-force attack more difficult. 3DES takes a 64-bit block of data and performs the operations of encrypt, decrypt, and encrypt. 3DES can use one, two, or three different keys. The advantage of using one key is that, with the exception of the additional processing time that is required, 3DES with one key is the same as standard DES (for backward compatibility). Although DES and 3DES algorithms are in the public domain and freely available, 3DES software is controlled by United States export laws.

## Post a comment