Main content

### Course: Computers and the Internet > Unit 4

Lesson 5: Data encryption techniques# Symmetric encryption techniques

A

**symmetric encryption**is any technique where the same key is used to both encrypt and decrypt the data. The Caesar Cipher is one of the simplest symmetric encryption techniques, and of course, one of the easiest to crack.Since then, cryptologists have invented many more symmetric encryption techniques, including the ones used today to encrypt data like passwords.

### Vigenère Cipher

French cryptologists invented the Vigenère Cipher in the mid 1500s. The cipher was considered especially strong, and author Lewis Caroll even called it “unbreakable” in 1868. It was indeed much stronger than the Caesar Cipher, but as we’ll see, it can definitely be cracked.

#### Encryption

The Vigenère cipher uses an entire word as the shift key, as opposed to the Caesar Cipher’s single shift amount.

Imagine that we want to encrypt the phrase

`VERSAILLES`

and use a shift key of `CHEESE`

.First, we need to repeat the shift key to line up with each of the letters in the phrase:

Original | V | E | R | S | A | I | L | L | E | S |
---|---|---|---|---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E | C | H | E | E |

Now we replace each letter of the original text according to the Vigenère table:

For the first letter "V", we select the row that starts with "V". Then since the corresponding shift key letter is "C", we move to the column that has a header of "C". The letter at the intersection of the "V" row and "C" column is "X". Thus, we encrypt "V" as "X".

Original | V | E | R | S | A | I | L | L | E | S |
---|---|---|---|---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E | C | H | E | E |

Encrypted | X | ? | ? | ? | ? | ? | ? | ? | ? | ? |

The letter at the intersection of the "E" row and "H" column is "L", so we encrypt "E" as "L".

Original | V | E | R | S | A | I | L | L | E | S |
---|---|---|---|---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E | C | H | E | E |

Encrypted | X | L | ? | ? | ? | ? | ? | ? | ? | ? |

If we keep going, we'll end up with the encrypted text "XLVWSMNSIW".

Original | V | E | R | S | A | I | L | L | E | S |
---|---|---|---|---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E | C | H | E | E |

Encrypted | X | L | V | W | S | M | N | S | I | W |

#### Decryption

Imagine that we receive the encrypted message "NVYZJI" from our ally, and we know they've used a Vigenère cipher with a shift key of "CHEESE".

Once again, we line the encrypted message up with the shift key:

Encrypted | N | V | Y | Z | J | I |
---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E |

Now we can do a reverse substitution according to the table:

We start by selecting the row for the first letter in the shift key "C". Then we scan down that row until we find the first encrypted letter "N". Once we find the "N", we look up to see the header for that column, "L". Thus, the decryption of "N" is "L".

Encrypted | N | V | Y | Z | J | I |
---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E |

Original | L | ? | ? | ? | ? | ? |

For the next letter, we select the "H" row, find the "V" in the row, and look up to see we're in column "O".

Encrypted | N | V | Y | Z | J | I |
---|---|---|---|---|---|---|

Shift key | C | H | E | E | S | E |

Original | L | O | ? | ? | ? | ? |

If we do that for each shift key and encrypted letter, we decrypt the entire phrase as "LOUVRE".

#### Cracking the cipher

The Vigenère Cipher is a type of polyalphabetic cipher, and it's a harder code to crack than the Caesar Cipher due to the use of an entire shift word.

If an intercepter had no idea what the shift key was and wanted to brute force their way to a decryption, they would need to try out all the possible shift words in the world, and perhaps even made-up words! For a mere mortal, that could take a lifetime. That's much more work than brute forcing the Caesar Cipher, where we just had to check 26 different shift amounts.

What about frequency analysis? Do messages encrypted with the Vigenere cipher have a special pattern in their distribution of letters?

Try it out for yourself! Encrypt the message below, and you'll see a frequency analysis of the original message and the encrypted message.

Notice that the frequency analysis of the original message is exactly what we'd expect for an English-language message: "E" is the most popular letter, and there is huge variance in the frequency of the letters.

The frequencies of the encrypted message are more similar to each other. We can't identify an obvious "E", since the letter "E" gets encrypted into different letters at different points in the message.

In the 1800s, people finally figured out different ways to use frequency analysis to crack the cipher. For example, in a long message, a short word like "THE" may get translated to the same three encrypted letters multiple times (just not every time), and that reveals possible lengths for the shift key.

Now that we have the use of powerful computers, the Vigenère Cipher is relatively easy to decipher, because a computer can quickly test out millions of words, and it can easily find the leaked information in the frequency analysis.

### Modern ciphers

In the age of computers, ciphers can't just be hard to crack by an enterprising human; they have to be hard to crack by a computer that can do trillions of calculations per second.

Fortunately, cryptologists have invented encryption techniques that are secure in the digital world, and are continuing to improve them every year.

One of the most common encryption standards is AES-128, a block cipher approved by the federal government and used often for secure file transfer.

What makes it so secure?

One reason is that each key is always 128 bits long. That means there are ${2}^{128}$ possible keys. That's this many:

Wow! But wait, there's more: the AES cipher requires applying a sequence of 10 mathematical operations for

*each*bit of the key. Multiply that number above by 10, and that's the number of calculations a computer would need to do.The fastest computer can calculate around $145\times {10}^{15}$ operations per second. That's this many:

The fastest computer would still take 500 trillion years to try every possible 128-bit key!

What about frequency analysis? It won't work. The AES cipher does not reveal any information about the original text, thanks to the multi-step sequence of operations on blocks of bits.

The AES ciphers, and other modern ciphers, may not be secure forever. Security researchers spend their time trying to find clever ways to break the cipher, and present findings in blogs and conference talks.

Cryptography research is done in the open, with the hope that the public finds out about a security breach

*before*a malicious cybercriminal discovers one.🙋🏽🙋🏻♀️🙋🏿♂️Do you have any questions about this topic? We'd love to answer—just ask in the questions area below!

## Want to join the conversation?

- I seem to recall a movie or something I watched a while back that mentioned "white hat hacking," which has the intent mentioned in the last couple paragraphs - to try and find security breaches to help make systems more secure. Is this still a thing, and how do people become involved in it if so?(19 votes)
- Yep, that's still a thing! In fact, Khan Academy has a HackerOne page for users to safely disclose vulnerabilities:

https://hackerone.com/khanacademy

The first step to getting involved is to really dive deep into cybersecurity, so you can learn more about system vulnerabilities and ways to compromise them. There are various courses for that, check out this list here for some ideas:

https://github.com/CSIRT-MU/edu-resources(34 votes)

- Is it possible to use many fast computers to crack the encryption of a AES-128 system? The fastest computer takes 500 trillion years to try every key, but what if many fast computers were used, each trying a different range of keys for example?(5 votes)
- It still will take a
*lot*of time. But in few years, they say that computers will outtake humans, so maybe that won't be impossible. But that will be scary...(4 votes)

- i "LOUVRE" you

white hats hackers good?(3 votes)- Yes, white hat hackers are employed by governments, organizations, and companies to find bugs in their software, websites, etc. Once they find them, they fix them so that black hat hackers (the not-nice hackers) cannot use the bugs to find a weakness in the system(3 votes)

- What would be the steps to being a professional cryptographer?(2 votes)
- Generally, you need at minimum a bachelor's degree in mathematics, computer science, or something similar. Obtaining a master's degree in one of those fields would also be beneficial. You should also obtain certifications in cybersecurity.(3 votes)

- On question 2 where it says decipher NVSO with CHEE how are we supposed to get to LOOK. Because when you match up C and V you get P and when I matched up V and H I got C, someone please explain this to me(2 votes)
- The shift key goes on the top and the actual message goes on the side of the table.(1 vote)

- Has the AES-128 block cipher ever been cracked by a intercepting enemy?

Also, what is a polyalphabetic cipher?(1 vote)- Although there are theoretical ways to break AES encryption, they are generally not considered to be practical. As of right now, there do not appear to be any successful instances of a properly implemented AES encryption being broken.

A polyalphabetic cipher is a cipher that replaces a plaintext message with items from multiple substitution alphabets. For example, the Enigma Machine used during WWII encrypted messages using a polyalphabetic cipher.(2 votes)

- how could chinese hackers steal

US government information if it is so encrypted? it seems like an impossible task.(1 vote)- hard but not impossible(1 vote)

- why does this matter to internet safety?(1 vote)
- What else is there?(1 vote)
- on ka? a LOT.

https://www.khanacademy.org/search?referer=%2Fprofile%2Fme%2Fcourses&page_search_query=message+encryption(1 vote)

- Is it possible to have it where the key and the encrypted message have none of the same letters?(1 vote)
- It is certainly possible to design such an encryption scheme, but it would probably not be a good idea. If someone is trying to break the encryption and they have the encrypted message, then they know that any letter that appears in the encrypted message does not appear in the key. So, it would be easier for them to guess the key and decrypt the message.(0 votes)