A brief comparison of common encryption and encoding algorithms, and some supplementary content may be useful.
Symmetric Encryption Algorithm
Algorithm
Key Length
Encryption Strength
Performance
Quantum Computing Resistance
Copyright
DES
56
Weak
Fast
Weak
United States
3DES
168
Medium
Slow
Medium
United States
IDEA
128
Strong
Medium
Medium
Switzerland
AES
128/192/256
Strong
Fast
Strong
United States
SM1
128
Strong
?
Medium
China
SM4
128
Strong
Medium
Medium
China
The symmetric algorithms are usually implemented by block cipher. The modes of operation of block cipher include ECB, CBC, OFB, CFB, CTR.
Pros and Cons of Modes of Operation
ECB
Good points: Very simple, encryption and decryption can be run in parallel.
Bad points: Horribly insecure.
CBC
Good points: Secure when used properly, parallel decryption.
Bad points: No parallel encryption, susceptible to malleability attacks when authenticity checks are bad / missing. But when done right, it’s very good.
OFB
Good points: Keystream can be computed in advance, fast hardware implementations available.
Bad points: Security model is questionable, some configurations lead to short keystream cycles.
CFB
Good points: Small footprint, parallel decryption.
Bad points: Not commonly implemented or used.
CTR
Good points: Secure when done right, parallel encryption and decryption.
Bad points: Not many. Some question the security of the “related plaintext” model but it’s generally considered to be safe.
Performance Comparison
The performance evaluation is based on the image file which has a size of 10M with 100 encryption/decryption times.
Public-Key Algorithm Families of Practical Relevance
Integer-Factorization Schemes Several public-key schemes are based on the fact that it is difficult to factor large integers. The most prominent representative of this algorithm family is RSA.
Discrete Logarithm Schemes There are several algorithms which are based on what is known as the discrete logarithm problem in finite fields. The most prominent examples include the Diffie–Hellman key exchange, Elgamal encryption or the Digital Signature Algorithm (DSA).
Elliptic Curve (EC) Schemes A generalization of the discrete logarithm algorithm are elliptic curve public-key schemes. The most popular examples include Elliptic Curve Diffie–Hellman key exchange (ECDH) and the Elliptic Curve Digital Signature Algorithm (ECDSA).
Algorithm
Encryption Strength
Key Generation Performance
Encryption/Decryption Performance
Quantum Computing Resistance
Copyright
RSA
Medium
Slow
Fast
Low
RSA Security LLC
ECC
Strong
Fast
Slow
Low
United States
SM2
Strong
Fast
Slow
Low
China
The encryption strength is relative. e.g., ECC provides the same level of security as RSA or discrete logarithm systems with considerably shorter operands (approximately 160–256 bit vs. 1024–3072 bit). And the safety of RSA algorithm will significantly decrease against quantum computer.
Main Security Mechanisms of Public-Key Algorithms
Key Establishment There are protocols for establishing secret keys over an insecure channel. Examples for such protocols include the Diffie–Hellman key exchange (DHKE) or RSA key transport protocols.
Nonrepudiation Providing nonrepudiation and message integrity can be realized with digital signature algorithms, e.g., RSA, DSA or ECDSA.
Identification We can identify entities using challenge-and-response protocols together with digital signatures, e.g., in applications such as smart cards for banking or for mobile phones.
Encryption We can encrypt messages using algorithms such as RSA or Elgamal.
Performance Comparison
Key Generation Performance
1 2 3 4 5 6 7 8 9 10 11 12 13
echo "RSA Private Key Generation" time for i in {1..100}; do openssl genrsa -out key_rsa.pem 2048 &> /dev/null; done echo echo "RSA Public Key Generation" time for i in {1..100}; do openssl rsa -in key_rsa.pem -outform PEM -pubout -out public_rsa.pem &> /dev/null; done echo
echo "EC Private Key Generation" time for i in {1..100}; do openssl ecparam -name prime256v1 -genkey -noout -out key_ec.pem &> /dev/null; done echo echo "EC Public Key Generation" time for i in {1..100}; do openssl ec -in key_ec.pem -pubout -out public_ec.pem &> /dev/null; done echo
ECC has no tools for encrypting and decrypting. ECC doesn’t define these directly. Instead, ECC users use Diffie-Hellman (DH) key exchange to compute a shared secret, then communicate using that shared secret. This combination of ECC and DH is called ECDH. Here gives the ECC private key and public key generation and the shared secret key derivation.
Comparable Security Strengths of Symmetric Block Cipher and Asymmetric-key Algorithms
Security Strength
Symmetric Key Algorithms
FFC (DSA, DH, MQV)
IFC (RSA)
ECC (ECDSA, EdDSA, DH, MQV)
128
AES-128
L = 3072, N = 256
k = 3072
f = 256-383
192
AES-192
L = 7680, N = 384
k = 7680
f = 384-511
256
AES-256
L = 15360, N = 512
k = 15360
f = 512+
Hash Algorithm
Algorithm
Length
Conflict Probability
Safety
Performance
Copyright
MD5
128
Medium
Medium
Medium
MIT
SHA
160/256
Low
High
Medium
United States
SM3
256
Low
High
Slow
China
Performance Comparison
1 2 3 4 5 6 7 8 9
echo "MD5 Hash" time for i in {1..1000}; do openssl dgst -md5 foo.bin &> /dev/null; done echo echo "SHA-256 Hash" time for i in {1..1000}; do openssl dgst -sha256 foo.bin &> /dev/null; done echo echo "SM3 Hash" time for i in {1..1000}; do openssl dgst -sm3 foo.bin &> /dev/null; done echo
Processing time:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
MD5 Hash
real 0m29.763s user 0m21.060s sys 0m6.182s
SHA-256 Hash
real 0m39.433s user 0m30.555s sys 0m6.302s
SM3 Hash
real 1m0.990s user 0m52.656s sys 0m5.975s
References
Christof Paar, 2010, Understanding Cryptography, Springer-Verlag Berlin Heidelberg
