Abstract
Symmetric encryption is the most common method to guarantee the confidentiality of a message or information. Encryption is a cryptographic process that makes it impossible for anyone who needs the decryption key to gain knowledge of plaintext. It is called symmetric when it uses the same key for encryption and decryption. The required key length for symmetric encryption must be at least 256 bits to guarantee sufficient protection against brute force attacks and the possible arrival of quantum computers. To conclude, well-established cryptographic libraries implementing standard algorithms should be preferred over homemade implementation.
You have full access to this open access chapter, Download chapter PDF
1 Introduction
To guarantee the confidentiality of a message or information, different encryption methods are used. In almost all applications, data is encrypted symmetrically. In most cases, it is advised to encrypt data using symmetric methods. The key length for symmetric encryption must be at least 256 bits to guarantee a sufficient level of protection against the possible arrival of quantum computers. The use of standard methods such as AES with 256 bits should be promoted.
2 Analysis
Different encryption methods can be used to guarantee the confidentiality of a message or information. Symmetric encryption is the most common method, for example, for file encryption, messaging and data transfer, as it is fast and secure, provided the length of the encryption key is large enough. The encryption key is exchanged through a secure channel or asymmetric encryption methods.
2.1 Definition
Encryption is a cryptographic process that makes it impossible to gain knowledge of plaintext for anyone who does not have the decryption key. Encryption is called symmetric when it uses the same key for encryption and decryption. See Chap. 3 for details on asymmetric cryptography.
Symmetric ciphers are generally grouped into two sub-categories: stream and block ciphers. Stream ciphers generate a continuous keystream and combine it bit by bit with the plaintext to produce the ciphertext, typically using the exclusive-or (XOR) operator; block ciphers divide the plaintext into fixed-size sequences of bits called blocks, potentially applying some padding. They then run the same encryption procedure on each block. Various procedures have been standardized, also known as modes of operation [1, 2]. In order to ensure a good level of security, each block should have a length of at least 128 bits. The distinction between the two cipher types is loose since block ciphers applied to 1-bit blocks are essentially stream ciphers. Block ciphers operating in counter mode (CTR) provide a good example, where a block-counter appended to a fixed random nonce is encrypted, de facto providing a keystream, which is then XOR-ed with the blocks of plaintext. The output feedback mode (OFB) is another example with a similar structure.
It is essential to verify that an encrypted message has not been modified during its transport. This is why the authenticity—or at least the integrity—of the encrypted message should be verified before decrypting it. This requirement can be satisfied by using, e.g., Authenticated Encryption or Authenticated Encryption with Associated Data (AEAD) [3, 4], which ensure data confidentiality as well as authenticity.
2.2 Trends
It is advised to encrypt data using symmetric methods in the future. However, the required key length for symmetric encryption must be at least 256 bits to guarantee a sufficient level of protection against brute force attacks and the possible arrival of quantum computers. Therefore, standard methods such as AES [5] with 256 bits should be promoted.
When symmetric encryption is used, it is recommended to complement it with methods that guarantee the encrypted message’s authenticity—or at least integrity.
3 Consequences for Switzerland
Switzerland should continue to use symmetric encryption methods with an appropriate level of security, as detailed in Sect. 2.2.2.
3.1 Implementation Possibilities
In general, one should not develop symmetric encryption algorithms on one’s own, as the standard methods are secure and efficient. Instead, well-established cryptographic libraries that implement those standard algorithms should be preferred over homemade implementations. Moreover, when buying a product, one should check that its parameter setup corresponds to symmetric security of at least 256 bits, e.g., standard symmetric encryption algorithms such as AES [5] with 256 bits. The AES Algorithm is also known as Rijndael’s Algorithm. The four other algorithms (Serpent, Twofish, RC6, and MARS) that were selected for the final round of the competition conducted by NIST in 2001 [6] can also be used in addition to the standard AES.
4 Conclusion
Over the last decades, the use of methods guaranteeing the confidentiality of a message has exploded, and symmetrical methods have been proven secure in this domain. If the proper implementations and parameters are used, these algorithms will remain secure even with the arrival of the quantum computer—see, for example, Section 2.5 of [7]. Therefore, the choice of secure algorithms and the size of the parameters proposed in this document is expected to stay the same over the next decade.
References
Morris J. Dworkin. Recommendation for Block Cipher Modes of Operation: Methods and Techniques. Technical Report SP 800-38A, National Institute of Standards and Technology, December 2001.
Morris J. Dworkin. Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode. Technical Report SP 800-38A Addendum, National Institute of Standards and Technology, October 2010.
Mihir Bellare, Phillip Rogaway, and David Wagner. The EAX mode of operation. In International Workshop on Fast Software Encryption, pages 389–407. Springer, 2004.
Morris J. Dworkin. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. Technical Report SP 800-38D, National Institute of Standards and Technology, November 2007.
Morris J. Dworkin, Elaine B. Barker, James R. Nechvatal, James Foti, Lawrence E. Bassham, E. Roback, and James F. Dray Jr. Advanced Encryption Standard (AES). Technical report, National Institute of Standards and Technology, November 2001.
James Nechvatal, Elaine Barker, Donna Dodson, Morris J. Dworkin, James Foti, and Edward Roback. Status report on the first round of the development of the advanced encryption standard. Journal of Research of the National Institute of Standards and Technology, 104(5):435, September 1999.
European Telecommunications Satandards Institute. Quantum Safe Cryptography and Security - An introduction, benefits, enablers and challenges. https://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf, 2015.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Weissbaum, F., Lugrin, T. (2023). Symmetric Cryptography. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-33386-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)