Cryptographic algorithms can be categorized into three classes:hash functions, symmetric, and asymmetric algorithms. This article sheds light on their differences, purposes, and main fields of application. A lot of security services such as confidentiality, integrity, authentication, and non-repudiation can be provided by using cryptographic algorithms. Confidentiality serves the purpose of ensuring that information is not revealed to unauthorized entities. Confidentiality is achieved by transforming the understandable information into a state that is unintelligible except to authorized entities. This transformation mechanism is called encryption. Decryption of unintelligible data is performed to restore it to its original state. Both symmetric and asymmetric algorithms can provide encryption. Confidentiality is not only important for data at rest but also for network communication data. Integrity is a mechanism that assures that the data has not been altered in an unapproved way. The integrity of data is maintained at the creation, transmission, and storage phases. Alteration of data includes insertion, deletion, and substitution breaches. Digital signatures and message authentication codes (MAC) are the cryptographic mechanisms that can be used to notice both intentional and accidental alterations. There are 2 types of authentication services that can be achieved using cryptography, i.e., source and integrity authentication. Source authentication assures the identity of the entity that originally generated or crafted the information. Integrity authentication validates that data has not been modified and that the integrity of the data is protected. Non-repudiation is the guarantee that no one can deny a transaction. The term "non-repudiation"is frequently used for digital signatures and email messages. When a data hashing algorithm is combined with public or private keys, data origination authentication can be achieved. The well-known technique of data origin authentication is using digital certificates. The proper approach to incorporate security services for applications and protocols dealing with data security is the use of cryptographic methods. A lot of public/open source and proprietary algorithms are available. Users and developers are presented with many new choices in their use of cryptographic mechanisms. Adoptions of obsolete or less known/indigenous algorithms may result in a security breach of data and information. Public and NIST approved algorithms have undergone rigorous security testing and cryptanalysis prior to their approval, to assure that the algorithms provide satisfactory security. The document “NIST Special Publication 800-57 Part 1 Revision 4” provides background information and establishes frameworks to support appropriate decisions when selecting and using cryptographic mechanisms.1. Security Services
1.1 Confidentiality
1.2 Data Integrity
1.3 Authentication
1.4 Non-Repudiation
2. Importance of Guidance on Cryptographic Algorithms
3. Importance of Keys in an Algorithm
Keysin the field of cryptography are analogous to the pattern/PIN/password or physical key applied to a security locker.Appropriate management of cryptographic keys is essential for the operative use of cryptography. If an attacker is able to find out the combination of security locker, whatever state-of-the-art and however strong technology, the locker will fail. A security locker is analogous to an encryption algorithm. If the keys are not managed properly, encryption algorithms will be compromised.
The 1stand last phases in the life of a key are generation and destruction respectively.
The other phases in the life of a key are securing storage, distribution, modification, renewal, backup/archival, revocation/suspension etc. Keys require protection in all phases of life. The protection may include compromise, modification and unauthorized disclosure. NIST publishes Federal Information Processing Standards (FIPS) and NIST Recommendations that stipulate cryptographic procedures for protecting unclassified and sensitive information.
4. Classes of Cryptographic Algorithms
Cryptographic algorithms can be categorized into three classes. This categorization is defined on basis of the number of cryptographic keys that are required for the algorithm.
- Hash Functions
- Symmetric-Key Algorithms
- Asymmetric-Key Algorithms
4.1 Hash Functions
Hash functions are the building blocks for modern cryptography. A hash function is a cryptographic algorithm which is used to transform large random size data to small fixed size data. The data output of the hash algorithm is called hash value or digest. The basic operation of hash functions does not need any key and operate in a one-way manner. The one-way operation means that it is impossible to compute the input from a particular output. The basic uses of hash functions are:
- Generation and verification of digital signatures
- Checksum/Message integrity checks
- Source integrity services via MAC
- Derivation of sub-keys in key-establishment protocols & algorithms
- Generation of pseudorandom numbers
4.2 Symmetric-key algorithms
Symmetric-key algorithms also referred as secret-key algorithms use a single cryptographic key for encryption and decryption purposes. They convert data in a way that is problematic for an opponent to decrypt the data without the key. Symmetric keys are securely generated and distributed to the sender and receiver and are unknown to any other entity. But if a symmetric-key algorithm is being used by more than one receiver then the key has to be shared with all entities. If the key is compromised from one entity, communication of all the entities will be compromised. Symmetric Algorithms are further divided into Block & Stream algorithms. A block algorithm breaks the input into fixed-size blocks and then progresses the crypto operations. Stream algorithms perform “bit-by-bit” crypto operations. Primary purposes of symmetric key algorithms are:
- Confidentiality is achieved as encryption and decryption is performed using single key.
- Integrity and source authentication is achieved by using Message Authentication Codes because the MAC is generated and validated by the same key.
- Generation of pseudorandom random numbers
4.3 Asymmetric-key algorithms
Asymmetric-key algorithms are commonly referred to as “public-key algorithms”. They use two mathematically associated keys knows as public and private keys. One key is used for data encryption, and the other is used for decryption of data. The combination of a public and private key is called a key pair. The private key is always kept secret by the owner. The public key is distributed to the public and everyone can access it. The private key cannot be deduced from the public key. The public key is mostly bound to an identity by a Certificate Authority. Asymmetric-key algorithms are mostly based on mathematical problems like integer factorization and discrete logarithm problem. Main uses of asymmetric algorithms are:
- Creation of digital signatures
- To establish/distribute session keys such as in case of TLS protocol
5. Differences between Hash functions, Symmetric, and Asymmetric algorithms
A tabular chart is listed based on some characteristics of the algorithms.
6. Combination of Symmetric and Asymmetric algorithms
Due to the above characteristics, symmetric and asymmetric algorithms are sometimes used in a hybrid approach. Asymmetric ciphers are characteristically used for identity authentication performed via digital signatures & certificates, for the distribution of symmetric bulk encryption key, non-repudiation services and for key agreement. Symmetric ciphers are used for bulk encryption of data due to their fast speed.
References and Further Reading
- Selected articles on Key Management(2012-16), by Ashiq JA, Chuck Easttom, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Matt Landrock,Peter Landrock,Steve Marshall, Torben Pedersen, Maria Stokes, John Trankenschuh and more
- NIST Special Publication 800-57 Part 1 Revision 4Recommendation for Key Management Part 1: General(2016), by Elaine Barker, Computer Security Division Information Technology Laboratory,National Institute of Standards and Technology
- Predictions 2017: Customer-Obsessed Enterprises Launch Cloud’s Second Decade(November 2016)
- “Cybersecurity Incidents What Happened.”(2016), the United States Office of Personnel Management.
Image: "Hash Tag", courtesy ofMichael Coghlan,(CC BY-SA 2.0)
As an expert in the field of cryptography, I bring a wealth of knowledge and experience to shed light on the concepts discussed in the article. My expertise is grounded in a comprehensive understanding of cryptographic algorithms, their applications, and the crucial role they play in ensuring information security.
Cryptographic Algorithms Overview:
-
Security Services:
- Cryptographic algorithms provide essential security services, including confidentiality, integrity, authentication, and non-repudiation.
1.1 Confidentiality:
- Achieved through encryption, ensuring information remains unintelligible to unauthorized entities.
- Both symmetric and asymmetric algorithms can provide encryption for data at rest and during network communication.
1.2 Data Integrity:
- Ensures data remains unaltered during creation, transmission, and storage.
- Digital signatures and message authentication codes (MAC) detect intentional and accidental alterations.
1.3 Authentication:
- Involves source and integrity authentication.
- Source authentication verifies the identity of the entity generating the information, while integrity authentication ensures data integrity.
1.4 Non-Repudiation:
- Guarantees that a transaction cannot be denied.
- Achieved through digital signatures and email messages, often utilizing data hashing algorithms and digital certificates.
-
Importance of Guidance on Cryptographic Algorithms:
- Proper selection of cryptographic methods is crucial for application and protocol security.
- Public and NIST-approved algorithms undergo rigorous testing to ensure satisfactory security.
- The document "NIST Special Publication 800-57 Part 1 Revision 4" provides guidance for selecting and using cryptographic mechanisms.
-
Importance of Keys in an Algorithm:
- Cryptographic keys are analogous to PINs or passwords for a security locker.
- Proper key management, including generation, destruction, storage, distribution, and protection, is vital for effective cryptography.
- NIST publishes standards for cryptographic procedures to protect information.
-
Classes of Cryptographic Algorithms:
- Three main classes: Hash Functions, Symmetric-Key Algorithms, and Asymmetric-Key Algorithms.
4.1 Hash Functions:
- Building blocks of modern cryptography.
- Transform large data into fixed-size values (hash values) without the need for keys.
- Used for digital signatures, message integrity checks, source integrity services, and pseudorandom number generation.
4.2 Symmetric-Key Algorithms:
- Use a single key for encryption and decryption.
- Ensure confidentiality, integrity, and source authentication through the use of Message Authentication Codes.
- Divided into Block and Stream algorithms.
4.3 Asymmetric-Key Algorithms:
- Use public and private key pairs for encryption and decryption.
- Mainly used for creating digital signatures and establishing/distributing session keys.
-
Differences between Hash Functions, Symmetric, and Asymmetric Algorithms:
- A tabular chart likely provides a detailed comparison based on key characteristics.
-
Combination of Symmetric and Asymmetric Algorithms:
- Hybrid approaches use both types for specific purposes, such as identity authentication, key distribution, non-repudiation services, and key agreement.
In conclusion, a solid understanding of cryptographic algorithms and their appropriate use is crucial for maintaining the security of data and information in various applications and protocols. The expertise provided here serves as a guide for users and developers in making informed decisions in the complex landscape of cryptographic methods.
