Common Encryption Algorithms

Why This Matters

Understanding encryption algorithms isn't just about memorizing acronyms—it's about grasping the fundamental trade-offs that define modern security. You're being tested on your ability to distinguish between symmetric vs. asymmetric encryption, block ciphers vs. stream ciphers, and encryption vs. hashing. These distinctions determine everything from how your browser establishes a secure connection to how passwords are stored in databases.

The algorithms in this guide represent decades of cryptographic evolution, and exam questions will probe your understanding of why certain algorithms replaced others, when to use each type, and what vulnerabilities led to deprecation. Don't just memorize key sizes—know what security properties each algorithm provides and what problems it was designed to solve.

---

Symmetric Block Ciphers

Symmetric encryption uses the same key for both encryption and decryption. Block ciphers process data in fixed-size chunks, applying multiple rounds of substitution and permutation. The security of these algorithms depends on key length, block size, and resistance to cryptanalysis.

AES (Advanced Encryption Standard)

• The gold standard for symmetric encryption—adopted by the U.S. government in 2001 to replace DES, now used globally for everything from disk encryption to HTTPS
• Supports 128, 192, or 256-bit keys with a fixed 128-bit block size; more rounds applied as key size increases (10, 12, or 14 rounds respectively)
• Resistant to all known practical attacks when properly implemented, making it the default choice for most modern encryption needs

DES (Data Encryption Standard)

• Historically significant but now obsolete—the first widely adopted encryption standard (1977), demonstrating how security requirements evolve
• 56-bit key length is fatally short; can be brute-forced in hours with modern hardware operating on 64-bit blocks
• Important for understanding cryptographic deprecation—its fall illustrates why key length matters and why standards must adapt

3DES (Triple DES)

• A transitional fix for DES vulnerability—applies DES three times with different keys, extending effective key length to 112 or 168 bits
• Significantly slower than AES due to triple processing; block size remains 64 bits, creating vulnerabilities in high-volume applications
• Being phased out by 2023-2025 in most standards; know it as an example of backward-compatible security patches

Blowfish

• Fast, unpatented symmetric cipher designed by Bruce Schneier in 1993 as a DES replacement
• Variable key length from 32 to 448 bits provides flexibility, but 64-bit block size limits its use for large data volumes
• Still secure but showing age—the small block size makes it vulnerable to birthday attacks when encrypting large amounts of data

Twofish

• Blowfish's successor and AES finalist—designed for the AES competition, offers comparable security with 128-bit blocks
• Supports keys up to 256 bits with excellent performance in both hardware and software implementations
• Freely available with no patents—remains a solid alternative to AES for applications requiring open-source solutions

IDEA (International Data Encryption Algorithm)

• 128-bit key symmetric cipher operating on 64-bit blocks, known for its use in early PGP (Pretty Good Privacy)
• Patented until 2012, which limited adoption compared to freely available alternatives
• Strong security record but largely superseded by AES due to smaller block size and historical licensing restrictions

---

Stream Ciphers

Unlike block ciphers, stream ciphers encrypt data one bit or byte at a time, generating a continuous keystream. They're typically faster and better suited for real-time applications where data length is unknown.

RC4 (Rivest Cipher 4)

• Once ubiquitous, now deprecated—used in WEP, early TLS, and countless protocols due to simplicity and speed
• Variable key length (40-2048 bits) but suffers from statistical biases in keystream output that enable practical attacks
• A cautionary tale in cryptography—demonstrates how subtle mathematical weaknesses can render an algorithm insecure over time

ChaCha20

• Modern stream cipher replacing RC4—designed by Daniel Bernstein, now used in TLS 1.3 and many mobile applications
• 256-bit key with 64-byte blocks and a 96-bit nonce; provides strong security with excellent software performance
• Preferred on devices without AES hardware acceleration—often paired with Poly1305 for authenticated encryption (ChaCha20-Poly1305)

---

Asymmetric (Public-Key) Cryptography

Asymmetric encryption uses mathematically related key pairs—a public key for encryption and a private key for decryption. The security relies on computational problems believed to be intractable, like factoring large numbers or computing discrete logarithms.

RSA (Rivest-Shamir-Adleman)

• The foundational public-key algorithm—introduced in 1977, still widely used for key exchange and digital signatures
• Security based on integer factorization—multiplying large primes is easy, but factoring their product is computationally infeasible
• Requires large key sizes (2048+ bits) for security, making it slower and more resource-intensive than symmetric alternatives

ECC (Elliptic Curve Cryptography)

• Equivalent security with smaller keys—a 256-bit ECC key provides comparable security to a 3072-bit RSA key
• Based on the discrete logarithm problem over elliptic curves, offering efficiency advantages for mobile and IoT devices
• Increasingly preferred over RSA for new implementations due to performance benefits and smaller certificate sizes

Diffie-Hellman Key Exchange

• Enables shared secret generation over public channels—two parties can agree on a key without ever transmitting it
• Based on modular exponentiation—computing $g^{ab} \mod p$ is easy if you know $a$ or $b$, but finding them from $g^a$ and $g^b$ is hard
• Vulnerable to man-in-the-middle attacks without authentication; often combined with digital signatures for secure key exchange

---

Digital Signatures and Authentication

These algorithms ensure data hasn't been tampered with and verify the identity of the sender. They're essential for non-repudiation—proving that a specific party signed a message.

DSA (Digital Signature Algorithm)

• Federal standard for digital signatures—adopted by NIST in 1994, based on discrete logarithm problem
• Signature-only algorithm—unlike RSA, cannot be used for encryption, only for verifying authenticity
• Being superseded by ECDSA (elliptic curve variant) for better performance with equivalent security

HMAC (Hash-based Message Authentication Code)

• Combines hashing with a secret key for message authentication—ensures both integrity and authenticity
• Construction: $HMAC(K, m) = H((K' \oplus opad) \| H((K' \oplus ipad) \| m))$ where $H$ is a hash function
• Used in TLS, IPsec, and API authentication—a fundamental building block for secure protocols

---

Cryptographic Hash Functions

Hash functions produce fixed-size outputs from arbitrary inputs. They're one-way functions—you cannot recover the input from the hash—and are used for integrity verification, password storage, and digital signatures.

MD5 (Message Digest Algorithm 5)

• Produces 128-bit hash values and was once standard for checksums and password hashing
• Broken for security purposes—collision attacks demonstrated in 2004 make it unsuitable for cryptographic use
• Still acceptable for non-security checksums like file integrity verification where adversarial attacks aren't a concern

SHA (Secure Hash Algorithm) Family

• SHA-1 (160-bit) is deprecated due to collision vulnerabilities demonstrated in 2017
• SHA-256 and SHA-512 (from SHA-2 family) remain secure and are widely used in TLS, Bitcoin, and certificate validation
• SHA-3 uses a completely different internal structure (Keccak sponge construction), providing algorithm diversity for defense in depth

---

Quick Reference Table

---

Self-Check Questions

1. Which two symmetric algorithms were AES finalists, and what distinguishes AES's adoption from its competitor?

2. Compare RSA and ECC: What mathematical problem underlies each, and in what scenario would you choose ECC over RSA?

3. Why was DES replaced, and how does 3DES attempt to address its weakness? What limitation does 3DES still share with DES?

4. If an FRQ asks you to design a secure communication protocol, which algorithms would you combine for key exchange, bulk encryption, and message authentication? Justify each choice.

5. Explain why MD5 and SHA-1 are considered broken while SHA-256 remains secure. What type of attack compromised the weaker algorithms?