This document provides a summary of symmetric cryptography concepts and algorithms. It begins with a brief history of early ciphers like the Caesar cipher and Enigma machines. It then covers various types of symmetric ciphers including substitution, transposition, polyalphabetic, and one-time pads. Block cipher modes like ECB, CBC, CFB and OFB are also summarized. Popular symmetric algorithms like DES, AES, RC4, RC5 and Blowfish are mentioned along with their characteristics. The document concludes with pros and cons of symmetric cryptography, noting that while it is fast and secure, key management can be difficult without non-repudiation.

1. Cryptography II
Domain 5
Pages 790-821
Official CISSP CBK Third Edition
Jem Jensen
StaridLabs

2. A Quick Recap
● Converting plaintext into ciphertext through
transpositions or substitutions
● Spartan Scytale – Wrap message (written on a
belt/strap) around a stick to decipher
● Caesar cipher – shift the whole alphabet
● Nazi Enigma machines
● Key – used to encrypt/decrypt the plaintext

3. Substitution Ciphers
● Replaces a letter for a letter
● Like in the newspaper!
● Examples:
– Caesar cipher
– Decoder ring

4. Playfair Cipher
● Used through WW2
● Pre-shared keyword (Ex: CRYPTO)
● Keyword is fed into a table, followed by the
remaining alphabet
– Merge I&J
C R Y P T
O A B D E
F G H I/J K
L M N Q S
U V W X Z

5. Playfair Cipher
● Break apart plaintext into pairs
– Sprinkle filler characters (Ex: K)
WE AR EK ST AR IK DL AK BS

6. Playfair Cipher
● Draw a box between the 2 letters in the pair
– If the box is larger than 1xn, swap letters with the
other 2 corners (Ex: WE = BZ)
– If the box is only 1 row thick, use the next letter in
line (Ex: AR=RV)
C R Y P T
O A B D E
F G H I/J K
L M N Q S
U V W X Z

7. Transposition Cipher
● Change the order of letters
● Like pig latin!
● Move first letter of a word to the end
● Add an “a” sound at the end
● Et-gay ti-ay?

8. Rail Fence
● Like writing the message on a fence then tilting the posts to
the side
● Draw a box with 2+ columns thick
● Enter the text in a zig-zag fashion
● Read the text across the columns for encrypted version
(Ex: gvecslirmaieahodeael)
● Susceptible to frequency analysis

9. A quick side note
● Frequency analysis
● E, T, A, & O are the most common letters in English
words
● Z, Q, & X are the least used
● If you know a message is in English and you see a lot of
E, T, A & Os or very few Z, Q, or X – you know it's a
transposition cipher and can probably start guessing
some letters correctly

10. Rectangular Substitution Table
● Sender and receiver agree on table dimensions
and the order to read the message (Ex: 4x4
table, read top to bottom, left to right)
= WERAESIBATDSRAL
Also susceptible to frequency analysis
W E A R
E S T A
R I D L
A B S

11. Monoalphabetic Cipher
● Like a Caesar cipher except we scramble the
alphabet instead of shifting it
CAESAR
MONO
Ex: In the above Caesar, FEED=IHHG
In the above Mono, FEED=IWWU
A B C D E F ... ... Y Z
M G P U W I ... ... T K
A B C D E F ... ... Y Z
D E F G H I ... ... B C

12. Polyalphabetic Cipher
● Like a monoalphabetic except we add more rows
of scrambled alphabets
POLY
Ex: In the Mono, FEED=IWWU
In the above Poly, FEED=IXWC
A B C D E F ... ... Y Z
M G P U W I ... ... T K
N B V C X Z ... ... F W

13. Blaise De Vigenére
● Transposition table

14. Blaise De Vigenére
● Sender/receiver have a pre-shared keyword
● Locate the intersection of the keyword with the plaintext for the
cipher equivalent
Example
Keyword: CABBAGE
Plaintext: FEEDBOB
Ciphertext: HEFEBUF

15. Modular Mathematics
● Modulus/Modulo Operation
● The remainder after dividing a number by n
Example
5 mod 2 : 5/2 : 3/2 = 1
4 mod 2 : 4/2 : 4/2 = 0

16. Running Key Cipher
● Since there are 26 letters in the alphabet, we'll use mod
26
Ciphertext = (plaintext + key) mod 26
C = P + K (mod 26)
● Example:
Plaintext: E (or 4) C = (4 + 22) mod 26 = 0
Key: W (or 22) Ciphertext: A
A B C D E F ... ... Y Z
0 1 2 3 4 5 ... ... 24 25

17. Running Key Cipher
● To translate CHEEK using the key of FEED:
● The longer the key, the better, since there's less repetition
Ptxt C H E E K
Key F E E D F
n(P) 2 7 4 4 10
n(K) 5 4 4 3 5
n(C) 7 11 8 7 15
Ctxt H L I H P

18. One-time Pads
● Gilbert Vernam asserted that a cipher key as
long as the plaintext (that doesn't repeat)
should be unbreakable
● Requires a sender and receiver to exchange
the long key beforehand (ex: book ciphers)
● Ideally the key is randomly chosen values like
letters, numbers, Geiger counter readings

19. One-time Pads
● Key of ksosdfshepwlqz
● The key could be longer than the plaintext
Ptxt D O N O T
Key K S O S D
n(P) 3 14 13 14 19
n(K) 10 18 14 18 3
n(C) 13 32 27 6 22
Ctxt N B G W S

20. A step back
● So what have we learned?
● Crypto can provide integrity controls
● If the message was altered by a modification or error, it
won't decrypt
● Some degree of authentication
● Only the people who have the key should be able to use
it. If we only share the key with one person, we can know
it's them

21. Symmetric Cryptography
● The sender and receiver use a single shared
key for encryption/decryption
● Key management is the biggest problem
● We can't send the keys over the same channel we're
trying to encrypt!
● Send the key via out-of-band distribution (ex: fax, mailing
a CD, calling on the phone)

22. Symmetric Cryptography
● Fast, secure cheap
● Doesn't provide non-reputiation
● Limited message integrity and access control
● We can tell the message changed and it requires the key
in order to be read
● Physical example:
● 10 people have a key to the server room. Who entered at
11pm? We only know it was one of the 10

23. Examples of Symmetric Algorithms
● Caesar Cipher
● Spartan Scytale
● Enigma Machines

24. DES
● Data Encryption Standard
● Harst Feistal
● Take input block, divide it in half, and XOR several times
– Each XOR is called a round
● Became gov't standard in 1977
● Repaced by AES

25. Block Cipher Modes
● ECB – Electronic Codebook Mode
● Essentially a digital representation of a codebook. Feed in
plaintext and it outputs the ciphertext using a table
● Useful for very short messages to reduce repeating (64-bit)
● CBC – Cipher Block Chaining Mode
● Uses an IV and chaining function so that subsequent output
will be different even if the input was identical
● Initial input block is XORed with the randomly chosen IV
● Output if then XORed with next input

26. Block Cipher Modes
● CFB – Cipher Feedback Mode
● Input broken into segments (usually 8 bit)
● Segments are XORed with a random IV
● Previous segment is XORed with the next segment
● Drawback – if a bit is corrupted, everything after will be too
● OFB – Output Feedback Mode
● Like CFB but uses encrypted keystream instead of ciphertext so
that one corruption won't affect future encryption
● Can also generate keystream ahead of time for future use
● CTR – Counter Mode
● Like OFB but increments a counter for keystream
● Allows for out-of-order processing

27. Pros/Cons of DES
● Fast
● Breaking DES was unrealistic back in the day
● Susceptible to brute-forcing since key is only 56
bits long

28. Double DES
● Since brute forcing if our main method of
attack... let's just double the key!
● Done by running DES over DES with diff keys
Yo dawg! I heard
you like DES so I
DESed your DES
so you can DES
while you DES!

29. Double DES
● Meet in the middle attack
● Double DES had hoped that their “key
doubling” would result in an attack taking
exponentially longer
● Can still brute force
● Just takes twice as long
● Step 1: Encrypt plaintext with all
possible keys
● Step 2: Decrypt using all possible
keys

30. Triple DES (3DES)
● Third time's the charm!
● Eliminates meet in the middle attack
I don't know many more
times can I DES the
DES with a DES...

31. AES
● Beat out 3DES in terms of:
● Security
● Speed
● Larger block size
● Rijndael algorithm

32. CCMP
● Counter mode cipher block chaining message
authentication code protocol
● AES with 128 bit key
● 48 bit IV
– Prevents replay attacks
● CTR counter
– Provides data privacy
● MIC – message integrity check code
● Used in 802.11i standard

33. Algorithms
● Rijndael
● Substitute bytes (s-box substitution)
● shift rows (transposition)
● mix columns (substitution)
● add round key (XOR with this round's key)
● IDEA (1991)
● 8 rounds of transposition and substitution
● CAST (1996)
● 48 rounds

34. Algorithms
● SAFER
● Patent-free, 64 or 128 bit
● Used in bluetooth
● Blowfish
● Extremely fast and memory efficient
● Slow to regenerate keys
● Currently unreakable
● Twofish

35. Algorithms
● RC5
● RSA algorithm
● Very adaptable – 4 modes of operation
● RC4 (1987)
● Stream cipher
● Varying length keys

36. Pros/Cons of Symmetric Algorithms
● Very fast, secure
● Can be implemented in hardware and software
● Key management can be difficult
● Can be challenges with distributing the keys
● Manage additional out of bound channel
● Can't provide non-reputiation

37. Next Week:
Asymmetric Algorithms!