ENCRYPTION AND DECRYPTION ALGORITHMS

Encryption is the process in which messages are changed into an unidentifiable form. The
encrypted message is then sent over the network. The sender needs an encryption algorithm
along with a key that helps change the message into ciphertext. Encryption is also commonly
referred to as enciphering. The data that is encrypted is called plaintext. The encrypted,
unrecognizable data is called ciphertext. The encryption algorithm is the cryptographic algorithm
that helps transform the plaintext into ciphertext using a key. Encryption can be performed using
symmetric and asymmetric fundamental cryptography techniques, of which symmetric
algorithms encrypt and decrypt a message using the same key. Encryption helps protect your
confidential data, such as passwords and login IDs. It provides private information
confidentiality and helps ensure that the document or file has not been altered. The encryption
process also prevents plagiarism and protects IP, which is helpful for network communication
(like the internet) and where a hacker can easily access unencrypted data. It is an essential
method as it helps to securely protect data that do not want anyone else to have access.

Decryption is the reverse process of encryption. Decryption converts encoded/encrypted

data into a form that is readable and understood by a human or a computer. This method is
performed by unencrypting the text manually or using keys to encrypt the original data.
Decryption converts the ciphertext back to plaintext. The receiver has to use a decryption
algorithm and a key to decipher the ciphertext. Deciphering is another word for decryption. The
decryption algorithm is the reverse process of the encryption algorithm which uses the ciphertext
and the key to change the ciphertext to plaintext. Its primary function is converting a hidden
message into an understandable form easily understood by a human. Several symmetric key
algorithms are used, among which Blowfish Encryption Algorithm, Twofish, RSA algorithm
(Rivest-Shamir-Adleman), 3DES (Triple DES), and Advanced Encryption Standard
(AES) are a primary concern of this paper.
The Triple Data Encryption Algorithm, alternately referred to as Triple DES (Data
Encryption Standard), is an algorithm that hackers eventually learned to defeat with relative ease.
At one time, Triple DES was the industry's recommended standard and the most widely used
symmetric algorithm. The Triple DES is another mode of DES operation which takes three 64-
bit keys for an overall key length of 192 bits. In Stealth, type in the 192-bit (24-character) key
rather than entering each of the three keys individually. The Triple DES DLL then breaks the
user-provided key into three subkeys, padding the keys if necessary, so they are each 64 bits
long. The procedure for encryption is the same as regular DES, but it is repeated three times,
hence the name Triple DES. The data is encrypted with the first key, decrypted with the second
key, and finally encrypted with the third key.
Triple DES used to be one of the most prominent forms of encryption. It is based on the DES
algorithm but has since been superseded by AES in most use cases. On the other hand, triple
DES is vulnerable to meet-in-the-middle attacks because it gives a total security level of 2^112
instead of using 168 bits of the key. The block collision attack can also be made because of the
short block size and using the same key to encrypt the large size of the text. It is also vulnerable
to a sweet32 attack. 

One advantage of triple DES is that it is easy to implement and accelerate in hardware and
software. It is also ubiquitous: most systems, libraries, and protocols support it. Moreover, triple
DES is believed to be secure up to at least "2112" security which is quite a lot, and quite far in
the "not breakable with today's technology."

On the other hand, triple DES has some weaknesses as it has designed for hardware
implementations, so it is slow, especially in software. It can be applied three times on the same
data, consuming and wasting much time. Triple DES may run three times slower than DES but is
much more secure if used properly. The procedure for decrypting something is the same as
encryption, except it is executed in reverse. Like DES, data is encrypted and decrypted in 64-bit
chunks. Although the input key for DES is 64 bits long, the actual key used by DES is only 56
bits in length. The least significant (right-most) bit in each byte is a parity bit and should be set
so that there are always an odd number of 1s in every byte. These parity bits are ignored, so only
the seven most significant bits of each byte are used, resulting in a critical length of 56 bits. This
means that the adequate key strength for Triple DES is 168 bits because each of the three keys
contains eight parity bits that are not used during the encryption process.

There are different modes used in Triple DES. The Triple ECB (Electronic Code Book) works
the same way as the ECB mode of DES. This is the most commonly used mode of operation.
Besides, a method very similar to the standard DES CBC mode is Triple CBC (Cipher Block
Chaining). As with Triple ECB, the effective key length is 168 bits, and keys are used in the
same manner described above, but the chaining features of CBC mode are also employed. The
first 64-bit vital acts as the Initialization Vector to DES. Triple ECB is then executed for a single
64-bit block of plaintext. The resulting ciphertext is then XORed with the next plaintext block to
be encrypted, and the procedure is repeated. This method adds an extra layer of security to Triple
DES and is, therefore, more secure than Triple ECB, although it is not used as widely as Triple
ECB.

The AES (Advanced Encryption Standard) also known as the Rijndael algorithm is a

symmetric block cipher algorithm with a block/chunk size of 128 bits. It converts these
individual blocks using 128, 192, and 256 bits keys. Once it encrypts these blocks, it joins them
to form the ciphertext. It is based on a substitution-permutation network, also known as an SP
network. It consists of linked operations, including replacing inputs with specific outputs
(substitutions) and others involving bit shuffling (permutations).

Some features of AES are SP Network which works on an SP network structure rather than a
Feistel cipher structure, as seen in the case of the DES algorithm. The Key Expansion takes a
single key up during the first stage and is later expanded to multiple keys used in individual
rounds. Other features are Byte Data and Key length. The AES encryption algorithm operates on
byte data instead of big data, so it treats the 128-bit block size as 16 bytes during the encryption
procedure. The critical length refers to the number of rounds to be carried out depending on the
length of the key used to encrypt data. The 128-bit key size has ten rounds, the 192-bit key size
has 12 rounds, and the 256-bit key size has 14 rounds.

As AES is implemented in hardware and software, it is the most robust security protocol. It uses
larger key sizes such as 128, 192, and 256 bits for encryption. Hence it makes the AES algorithm
more robust against hacking. Another benefit of AES is that no one can hack personal
information because it is the most common security protocol used for various applications such
as wireless communication, financial transactions, e-business, and encrypted data storage. It is
also one of the most spread commercial and open-source solutions used worldwide. For 128-bit,
about 2128 attempts are needed to break. This makes it very difficult to hack it; as a result, it is a
very safe protocol. Some downside of AES, it uses too simple an algebraic structure. Every block
is always encrypted in the same way. AES in counter mode is complex to implement in software,
taking both performance and security into consideration.

The RSA algorithm (Rivest-Shamir-Adleman) is the basis of a cryptosystem -- a suite

of cryptographic algorithms that are used for specific security services or purposes -- which
enables public key encryption and is widely used to secure sensitive data, particularly when it is
being sent over an insecure network such as the internet.
The RSA algorithm is a public-key signature algorithm developed by Ron Rivest, Adi Shamir,
and Leonard Adleman. Their paper was first published in 1977, and the algorithm uses
logarithmic functions to keep the working complex enough to withstand brute force and
streamlined enough to be fast post-deployment. RSA can encrypt and decrypt general
information to securely exchange data and handle digital signature verification. 
RSA derives its security from the difficulty of factoring large integers that are the product of two
large prime numbers. Multiplying these two numbers is easy, but determining the original prime
numbers from the total -- or factoring -- is considered infeasible due to the time it would take
using even today's supercomputers. The public and private key generation algorithm is the most
complex part of RSA cryptography. The Rabin-Miller primality test algorithm generates two
large prime numbers, p, and q. A modulus, n, is calculated by multiplying p and q. This number
is used by public and private keys and provides the link between them. Its length, usually
expressed in bits, is called the critical length. The public key consists of the modulus n and a
public exponent, e, which is usually set at 65537, as it is a prime number that is not too large.
The e-figure does not have to be a secretly selected prime number, as the public key is shared
with everyone. The private key consists of the modulus n and the private exponent d, calculated
using the Extended Euclidean algorithm to find the multiplicative inverse concerning the totient
of n.

When using RSA for encryption and decryption of general data, it reverses the key set usage.
Unlike signature verification, it uses the receiver’s public key to encrypt the data and the
receiver’s private key to decrypt the data. Thus, there is no need to exchange any keys in this
scenario. There are two broad components when it comes to RSA cryptography. First is the Key
Generation, which generates the keys for encrypting and decrypting the data to be exchanged.
The Encryption/Decryption Function, on the other hand, is the step that needs to be run when
scrambling and recovering the data.

RSA is more potent than any other symmetric key algorithm. Though it has too many
computations, the edge of RSA over other symmetric vital algorithms is that there is no crucial
sharing. RSA algorithm depends on using the receiver’s public key, so sharing any secret key to
receive messages from others is not necessary. The Proof of Authenticity is also applied; since
the key pairs are related, a receiver cannot intercept the message since they will not have the
correct private key to decrypt the information. RSA is Faster Encryption. The encryption process
is faster than that of the DSA algorithm. Data will be tamper-proof in transit since meddling with
the data will alter the usage of the keys, and the private key will not be able to decrypt the
information, alerting the receiver of manipulation.

Blowfish was created by the Security guru Bruce Schneier in 1993 to be an alternative to

Data Encryption Standard (DES). Because Blowfish is a symmetric encryption method, it is
faster and offers a better encryption rate. Blowfish has a variable key length between 32 and 448
bits. As a 64-bit block cipher, it encrypts data in chunks or blocks. It is also more substantial than
stream cipher.

Blowfish divides the data into two parts. Each side is divided into smaller pieces and encrypted
separately. Then, it encrypts the bits of data several times over. After that, it replaces the bits of
encrypted data from each side. Finally, it recombined them into one part. Since it is symmetrical
encryption, the decryption process is identical to the encryption process but is in reverse. Some
password management software uses BlowfishBlowfish to generate, store, and encrypt data.
Even ransomware creators used BlowfishBlowfish in the past to encrypt victim files illegally.

Symmetrical encryption is faster because encryption and decryption are the same. Blowfish is
not patented, free, or open-source. Anyone can use it for their cryptography projects. Moreover,
Blowfish's key schedule is time-consuming to encrypt data, which is both its pro and con.
Probabilistic-based attacks can also crack the algorithm due to the tiny data bits. The best thing
about Blowfish is that it uses less computing power because it performs fewer operations than
other algorithms. It remains unbreakable even to this day because brute force attacks will take
years to crack.

Cryptographer Bruce Schneier designed Twofish based on his previous work on

Blowfish. Twofish is the “upgrade Blowfish.” When the National Institute of Standards and
Technology (NIST) held a competition for an Advanced Encryption Standard (AES) algorithm to
replace the DES algorithm, Twofish was a Finalist. Like Blowfish, Twofish is one of the
symmetric encryption algorithms that use block ciphers. The block sizes are 128 bits, and keys
are up to 256 bits. Twofish works by passing the data through several formulas. First, the data
will pass through Function F, which separates the data into smaller encrypted pieces. Each piece
of data goes through another formula for more encryption. Then, the bits of data are swapped
with each other. The swapped pieces are combined through another algorithm. The output goes
through another round of encryption until it is complete. To this day, no cryptanalysis has
managed to crack Twofish. So, it is alive and well and remains unbreakable. TrueCrypt used
Twofish as the cryptography algorithm to encrypt Windows drives. 

Twofish was also used to encrypt files before sending them from a local computer to the
database. Each function in Twofish serves a distinct role, which makes the design conservative.
Twofish combines best-in-class cryptography systems in one compact algorithm. Twofish can
encrypt a large amount of data with the same key much faster than Blowfish. While it is faster
than Blowfish, some algorithms are much faster and provide a higher level of security. Twofish
uses S-boxes for encryption, which makes it vulnerable to side-channel attacks. Twofish uses a
different key for each dataset, which makes it slow. To compare, Twofish is more advanced,
secure, and safe than Blowfish. However, these algorithms have limited uses. From a security
standpoint, they might even be outdated. Consider AES when looking for a secure VPN, wireless
network, or mobile app algorithm. It is the most widely used algorithm today because it is the
standard. Use Blowfish and Twofish for study or training purposes. For serious projects, stick
with the standard. However, since Blowfish and Twofish are open-source, they can be used as a
basis to create their algorithm. That way, hackers will be pretty hard to break the system.

In summary, encryption and decryption can protect your identity and privacy even though
they cannot ensure complete security. You can also protect your data by employing well-
implemented encryption and decryption systems. Encryption and decryption are critical for
keeping data secure and private. Numerous online tools are available to help you encrypt and
decrypt your data. These tools use various encryption and decryption algorithms, and you can
use any based on your needs.