SPE1.1.0.2
CIPHER ALGORITHM CHOICE

CONTENTS
CIPHER ALGORITHM
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption - a series of well defined steps that can be followed as a procedure.
An alternative, less common term is encipherment. To encipher or encode is to convert information into cipher or code. In common parlance, "cipher" is synonymous with "code", as they are both a set of steps that encrypt a message; however, the concepts are distinct in cryptography, especially classical cryptography.
The operation of a cipher usually depends on a piece of auxiliary information, called a key (or, in traditional NSA parlance, a cryptovariable).
Ciphers can be distinguished into two types by the type of input data:
- Block ciphers - which encrypt block of data of fixed size;
- Stream ciphers - which encrypt continuous streams of data.
BLOCK CIPHERS
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks.
They are specified elementary components in the design of many cryptographic protocols and are widely used to encrypt large amounts of data, including in data exchange protocols. It uses blocks as an unvarying transformation.
Even a secure block cipher is suitable for the encryption of only a single block of data at a time, using a fixed key.
A multitude of modes of operation have been designed to allow their repeated use in a secure way to achieve the security goals of confidentiality and authenticity. However, block ciphers may also feature as building blocks in other cryptographic protocols, such as universal hash functions and pseudorandom number generators.
Note:
Block ciphers may be capable of operating on more than one block size, but during transformation the block size is always fixed. Block cipher modes operate on whole blocks and require that the last part of the data be padded to a full block if it is smaller than the current block size. There are, however, modes that do not require padding because they effectively use a block cipher as a stream cipher.
STREAM CIPHERS
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream).
In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream.
Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining operation is an exclusive-or (XOR).
The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers. The seed value serves as the cryptographic key for decrypting the ciphertext stream. Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in such a way that it acts effectively as a stream cipher.
Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to security breaches (see stream cipher attacks); for example, when the same starting state (seed) is used twice.
CIPHER ALGORITHM CHOICE
The choice of cipher algorithm is key in configuring the used crypto primitives.
If a block cipher is used, the system automatically generates an IV, the size of which is directly dependent on the type of the selected algorithm.

Fig.1. Cipher algorithm selection.
Cipher algorithm selection is done by selecting the algorithm from the list of standard algorithms in the Cipher algorithms combo box located in the Encrypted settings panel.
Standard Crypto Settings (SCS). Cipher Algorithm.
- Blowfish - Symmetric-key block cipher (RFC 2451);
- Twofish - Symmetric-key block cipher, block size 128 bits, key sizes up to 256 bits (RFC 4772);
- IDEA - International Data Encryption Algorithm (RFC 3058);
- Cast256 - CAST-256 (CAST6) symmetric-key block cipher (RFC 2612);
- Mars - MARS IBM's block cipher (Specification);
- RC4 - RC4 (Rivest Cipher 4, ARC4, ARCFOUR) stream cipher (RFC 7465);
- RC6 - RC6 (Rivest cipher 6) symmetric key block cipher (RFC 2040);
- AES - Advanced Encryption Standard (AES), symmetric key block cipher (RFC 3826);
- Square - Symmetric cipher (RFC 2234);
- SCOP - Scanning Code of Practice (RFC 2365);
- Sapphire - Stream cipher (RFC 5246);
- 1 DES - Data Encryption Standard block symmetric cipher (RFC 2948);
- 2 DES - Data Encryption Standard block symmetric cipher (RFC 3961);
- 3 DES - Data Encryption Standard block symmetric cipher(RFC 8429);
- 2 DDES - Symmetric-key block cipher (RFC 5469);
- 3 DDES - Symmetric-key block cipher (RFC 8429);
- 3 TDES - Triple Data Encryption Algorithm (TDEA, Triple DEA), symmetric-key block cipher (RFC 2420);
- 3 Way - Triple Data Encryption Algorithm (TDEA, Triple DEA), symmetric-key block cipher (RFC 2420);
- Cast 128 - Triple Data Encryption Algorithm (TDEA, Triple DEA), symmetric-key block cipher (RFC 2420);
- GOST (ГОСТ) - Symmetric-key block cipher, block size of 64 bits, defined in the standard GOST 28147-89 (RFC 5830);
- Magma - Symmetric-key block cipher (RFC 8891);
- MISTY1 - Symmetric-key block cipher (RFC 2994);
- New DES - Symmetric-key block cipher (RFC 4772);
- Q 128 - Symmetric-key block cipher (IETF RFC 8446 TLS);
- RC 2 - ARC2 symmetric-key block cipher (RFC 2268);
- RC 5 - Symmetric-key block cipher (RFC 2040);
- SAFER - Family of symmetric-key block ciphers (RFC 7525);
- Shark - Symmetric-key block ciphers (RFC 3826);
- Skipjack - Symmetric-key block ciphers (RFC 2773);
- TEA - Tiny Encryption Algorithm, symmetric-key block ciphers (RFC 7253);
- XTEA - eXtended TEA, symmetric-key block ciphers (RFC 8998);
- TEAN - Tiny Encryption Algorithm, symmetric-key block ciphers (RFC 7321).
Note: The number of algorithms used is different for the standard and advanced versions of the crypto primitives configuration module. Only cipher algorithms that have proven their reliability and crypto resistance are used in BS Project applications.
Contents < Previous Next >