Symmetric algorithms

encryptioncrypto101

Symmetric algorithms (a.k.a. secret key algorithm) are algorithms in which the same key is used to encrypt and decrypt a cipher.

๐Ÿ”‘ The key length must be at least 128 bits to be acceptable. The longer the key, the more secure the encryption.

Encryption: we generate a cipher (c) from a message (m) using a key (k) and an algorithm C giving us: c = C(k, m)

Decryption: we generate back the message (m) from the cipher (c) and the same key (k) using an algorithm D giving us: m = D(k, c)

โžก๏ธ They are usually faster, with a smaller key, and easier to set up.


Two types of algorithms ๐Ÿ‘ช

Stream cipher (chiffrement par flot)

These algorithms encrypt the message bit by bit/byte by byte. They produce a continuous stream of encrypted data which is combined (XORed) with the plaintext to produce the ciphertext.

๐Ÿ‘‰ Examples: One Time Pad, RC4...

Block cipher (chiffrement par bloc)

These algorithms split the message into blocks of fixed size n. If a block is not "full", some padding is added. Each block is encrypted using an algorithm, generating a block of the final ciphertext. Each key has the same length n as the block.

๐Ÿ‘‰ Examples: ECB, AES...

โžก๏ธ Since the key, the block, and the cipher all have the same length, the output c can be viewed as a permutation of m.

โžก๏ธ n is usually 128 bits.


Caesar cipher (Code de Cรฉsar)

Caesar ๐Ÿ‘‘ was replacing letters such as: $a \to d,\ b \to e,\ ...,\ z \to c$. We shift each letter by amount which is the key ($k=3$ here).

It's also a rotation cipher (rot). As $k=13$, it is called rot13.

Encryption: shift each letter $k$ times

Decryption: apply the reverse operation ๐Ÿ”„๏ธ

  • Possible values for k ๐Ÿฆ„: 26
  • Attacks ๐Ÿงจ
    • Brute force attack
    • Frequency analysis
  • Try it online ๐ŸŒ: Caesar cipher online (cryptii.com)
  • Still used? ๐ŸŸฅ: no

Substitution cipher (Chiffrement par substitution)

Similar to Caesar's cipher. Each letter is associated with another: $a \to w,\ b \to e,\ etc.$ The key is a dictionary of 26 letters (a-z).

Encryption: use the key to replace each letter

Decryption: apply the reverse operation ๐Ÿ”„๏ธ

  • Possible values for k ๐Ÿฆ„: $26! โ‰ˆ 2^{88.4}$
  • Attacks ๐Ÿงจ
    • Frequency analysis
    • Cribbing attack
  • Try it online ๐ŸŒ: Substitution cipher (dcode.fr)
  • Still used? ๐ŸŸฅ: no

Vigenรจre cipher (Cryptage en bloc de Vigenรจre)

This is a Caesar cipher but split into blocs. The goal was to prevent frequency analysis because the same letter will most likely be enciphered as different ciphertext letters.

Example of encryption/decryption
  • message โœ‰๏ธ: memorize
  • key ๐Ÿ”‘: vgn
  • ciphertext: memorize+vgnvgnv=hkzjxvuk
    • $M=12$, $V=21$, $12+21=33\equiv 7\ (mod\ 26)=H$
    • $E=4$, $G=6$, $4+6=10\equiv 10\ (mod\ 26)=K$
    • $M=12$, $N=13$, $12+13=25\equiv 25\ (mod\ 26)=Z$
    • ...
  • decrypt: hkzjxvuk+vgnvgnv=memorize
    • $H=7$, $V=21$, $7 - 21 + 26 \equiv 12\ (mod\ 26)=M$
    • $K=10$, $G=6$, $10 - 6 + 26 \equiv 4\ (mod\ 26)=E$
    • $Z=25$, $N=13$, $25 - 13 + 26 \equiv 12\ (mod\ 26)=M$
    • $J=9$, $V=21$, $9 - 21 + 26 \equiv 14\ (mod\ 26)=O$
    • ...
  • Possible values for k ๐Ÿฆ„: variable
  • Attacks ๐Ÿงจ
    • Kasiski examination
    • Friedman test
  • Try it online ๐ŸŒ: Vigenรจre cipher (cryptii.com)
  • Still used? ๐ŸŸจ: yes, but in niche applications

One Time Pad (Masque jetable)

The One Time Pad, or One Time password, abbreviated as OTP, is theoretically unbreakable if used correctly. It's not quite used because the key must be as long as the message.

  • $C = m \oplus k$
  • $D = c \oplus k$

Since both $m$ and $k$ are letters, we need to convert them to binary to use the $\oplus$ (XOR, ou exclusif) operator using ASCII encoding (a=77).

  • Possible values for k ๐Ÿฆ„: random, unique, and as long as $m$
  • Attacks ๐Ÿงจ
    • Known plaintext attack
    • Key reuse/two-time pad
  • Try it online ๐ŸŒ: One Time Pad (boxentriq.com)
  • Still used? ๐ŸŸจ: yes, but in niche applications

Advanced Encryption Standard (AES)

introductiontonetworking docker_layers

The Advanced Encryption Standard, abbreviated as AES, is a part of the Block ciphers algorithms.

AES-ECB (Electronic Code Book)

Using this mode, each block is encrypted using the same key.

  • Attacks ๐Ÿงจ
    • Brute force attack
    • Known plaintext attack
    • Dictionary attack
  • Still used? ๐ŸŸจ: yes, in some applications, mostly for integrity rather than confidentiality.
AES-CBC (Cipher Block Chaining)

Using this mode with AES, we introduce a new parameter IV (unique and not inferable) to encrypt the first block. Then, we use the generated cipher of the previous block to encrypt the next block...

  • Attacks ๐Ÿงจ
    • Padding oracle attack
    • Bit-flipping attack
  • Still used? ๐ŸŸฉ: yes, it's widely used, but there are better
  • Possible values for k ๐Ÿฆ„: a string of 128/192/256 bits
  • Attacks ๐Ÿงจ
    • Brute force attack
    • Known plaintext attack
    • Side-channel/timing attacks
  • Try it online ๐ŸŒ: One Time Pad (boxentriq.com)
  • Still used? ๐ŸŸฉ: yes, it's widely used (AES-GCM/AES-CCM/...)

Pentester Notes โ˜ ๏ธ

XOR Attacks

the-last-dance

ChaCha20 is a stream cipher algorithm that uses XOR similarly to the OTP algorithm. Given the plaintext and the cipher text, we can use XOR to get the key stream (key+nonce).

def xor_strings(s1, s2):
    return bytes(b1 ^ b2 for b1, b2 in zip(s1, s2))
    
message = b''
ciphertext = b''
key_stream = xor_strings(message, ciphertext)

If the key and the nonce were reused to encrypt another message, then we can use the key stream to decrypt it.

ciphertext_2 = b''
padding_length = len(key_stream) - len(ciphertext_2)
ciphertext_2 += b'\x00' * padding_length
message_2 = xor_strings(key_stream, flag)

Random Notes

Modulus with subtraction Algorithm

babyencryption

To decode a message encoded with (a * x - b) % c, we need to reverse each operation giving us (a^{-1} * (x+b)) % c.

with open('./msg.enc','rb') as f:
    # Reverse hexa encoding + byte encoding
    text = bytes.fromhex(f.read().decode())
    pt = []
    for byte in text:
        # Reverse Modulus and Addition
        pt.append(chr((179 * (byte - 18)) % 256))
    # Print the Result
    print(''.join(pt))