Symmetric ciphers

There are many types of symmetric ciphers, the most known are DES, or 3 DES and AES.

Encryption Standard DES
Data Encryption Standard was developed from an IBM-based algorithm that was named LUCIFER. This algorithm was designed within a project carried out by the research group and led by Horst Feistel. LUCIFER is a Feistel block cipher that works with 64-bit data blocks and the key has a length of 128 bits.

Encryption standard DES that was developed from this algorithm uses 64-bit data blocks and key with the length of 56 bits.
This standard was adopted in 1977 by the National Bureau of Standards, later by NIST (National Institute of Standard and Technology). The encryption algorithm was named as DEA (DataEncryptionAlgorithm).

Initially, the DES encryption standard was designed for applications in finance. In 1999, NIST adopted a new version of the DES standard called 3DES. It uses triple encryption using the DES algorithm and uses two or three different keys.

The potential vulnerability of the DES algorithm to the total test method has prompted an interest to find the alternative approaches and improve the original algorithm. One of the possibilities of enhancing the security of the DES algorithm is multiple encryption with multiple keys, which is the basis of DES algorithm modifications. The most used modifications of the DES algorithm are:

• double DES
• triple DES with two keys
• triple DES with three keys
  

From our experience in electronic field we know that the use of 3DES encryption mechanisms is also used in RFID products, for example ISO cards from ACM and readers from Stronglink

Since the long-term use of the DES encryption algorithm has shown the potential for its breakage, NIST announced a public tender in 1997 to select a new symmetric encryption algorithm to encrypt the data that was named AES (Advanced Encryption Standard). The aim was to choose an algorithm whose security would be greater than 3DES security, and would allow encrypting blocks of 128 bit length, or to work with 128, 192 and 256-bit keys.

In the first round, 15 cryptographic algorithms were selected and 5 algorithms (MARS, RC6, Rijndael, Serpent, Twofish) were short-listed. The resulting NIST rating was published in the form of a standard (FIPS PUB 197) in November 2001, with AES being based on the Rijndael algorithm, which was signed by the Belgian Joan Daemen and Vincent Rijmen.

The requirements for the new AES standard formulated by NIST were divided into 3 categories:

• security
• costs
  
• implementation

Security represents the amount of effort, or work needed to break the algorithm by cryptanalysis. Since 128 bits was determined as the minimum length of the AES key, the total test method using the current or the envisaged technologies was not taken into consideration.
AES costs were based on the assumption that this algorithm should cover a wide range of applications and should be of high computational efficiency in order to be applicable to applications with high transfer rates, for example in broadband networks.
Implementation covers a wide range of parameters such as, for example, flexibility, simplicity, and the ability to be used in a variety of hardware and software resources.

The AES encryption standard is also used by our long-term partner, Lantronix, in their Xport and xPico products

Symmetric ciphers form a broad category of algorithms that include both, block and stream ciphers. Their advantage is mainly the speed and disadvantage is the large number of encryption users, or the keys users, or their safe distribution. This was a challenge especially for cryptologists and the formation of cryptography with public key.

Our company, as one of many on the market, does not require special encryption systems. We keep saying, "The cost of data security must be less than the cost of encryption." Encryption mechanisms are expensive.
But, in the case of development companies where know-how protection is needed, you need to consider introducing encryption systems. However, it should be remembered that such encryption within the product may also lead to discomfort to the end-user, for example if they need to use an external encryption system. One of the best known is, for example, internet banking where authentication / authorization (SMS message, token, etc.) is required when entering a bank account. Or when buying a product - a hardware key is required for the software.