Cryptographic algorithms can be categorized into three classes: Hash functions, Symmetric and Asymmetric algorithms. This article sheds light on their differences, purpose and main fields of application.
A lot of security services such as confidentiality, integrity, authentication, and non-repudiation can be provided by using cryptographic algorithms.
Confidentiality serves the purpose that information is not revealed to unauthorized entities. Confidentiality is accomplished by transforming the understandable information to a state that is unintelligible except by authorized entities. This transformation mechanism is called encryption. Decryption of unintelligible data is performed to restore it to its original state. Both symmetric and asymmetric algorithms can provide encryption. Confidentiality is not only important for data at rest but also for the network communication data.
Integrity is a mechanism that assures that the data has not been altered in an unapproved way. The integrity of data is maintained at the creation, transmission and storage phases. Alteration of data includes insertion, deletion and substitution breaches. Digital signatures and message authentication codes (MAC) are the cryptographic mechanisms which can be used to notice both intentional & accidental alterations.
There are 2 types of authentication services which can be achieved using cryptography i.e. Source and Integrity authentication. Source authentication assures identity of the entity that originally generated/crafted the information. Integrity authentication validates that data has not been modified and the integrity of data is protected.
Non-repudiation is the guarantee that no one can deny a transaction. The terminology of non-repudiation is frequently used for digital signatures and email messages. When a data hashing algorithm is combined with public/private keys, data origination authentication can be achieved. The well-known technique of data origin authentication is using digital certificates.
The 1st and last phases in the life of a key are generation and destruction respectively.
The other phases in the life of a key are securing storage, distribution, modification, renewal, backup/archival, revocation/suspension etc. Keys require protection in all phases of life. The protection may include compromise, modification and unauthorized disclosure. NIST publishes Federal Information Processing Standards (FIPS) and NIST Recommendations that stipulate cryptographic procedures for protecting unclassified and sensitive information.
Cryptographic algorithms can be categorized into three classes. This categorization is defined on basis of the number of cryptographic keys that are required for the algorithm.
Hash functions are the building blocks for modern cryptography. A hash function is a cryptographic algorithm which is used to transform large random size data to small fixed size data. The data output of the hash algorithm is called hash value or digest. The basic operation of hash functions does not need any key and operate in a one-way manner. The one-way operation means that it is impossible to compute the input from a particular output. The basic uses of hash functions are:
Symmetric-key algorithms also referred as secret-key algorithms use a single cryptographic key for encryption and decryption purposes. They convert data in a way that is problematic for an opponent to decrypt the data without the key. Symmetric keys are securely generated and distributed to the sender and receiver and are unknown to any other entity. But if a symmetric-key algorithm is being used by more than one receiver then the key has to be shared with all entities. If the key is compromised from one entity, communication of all the entities will be compromised. Symmetric Algorithms are further divided into Block & Stream algorithms. A block algorithm breaks the input into fixed-size blocks and then progresses the crypto operations. Stream algorithms perform “bit-by-bit” crypto operations. Primary purposes of symmetric key algorithms are:
Asymmetric-key algorithms are commonly referred to as “public-key algorithms”. They use two mathematically associated keys knows as public and private keys. One key is used for data encryption, and the other is used for decryption of data. The combination of a public and private key is called a key pair. The private key is always kept secret by the owner. The public key is distributed to the public and everyone can access it. The private key cannot be deduced from the public key. The public key is mostly bound to an identity by a Certificate Authority. Asymmetric-key algorithms are mostly based on mathematical problems like integer factorization and discrete logarithm problem. Main uses of asymmetric algorithms are:
A tabular chart is listed based on some characteristics of the algorithms.
Due to the above characteristics, symmetric and asymmetric algorithms are sometimes used in a hybrid approach. Asymmetric ciphers are characteristically used for identity authentication performed via digital signatures & certificates, for the distribution of symmetric bulk encryption key, non-repudiation services and for key agreement. Symmetric ciphers are used for bulk encryption of data due to their fast speed.