WEBVTT

1
00:00:00.150 --> 00:00:01.470
In this lesson,

2
00:00:01.470 --> 00:00:04.770
we will learn about symmetric algorithms.

3
00:00:04.770 --> 00:00:09.480
First, there are two basic types of encryption algorithms:

4
00:00:09.480 --> 00:00:12.150
Symmetric and Asymmetric.

5
00:00:12.150 --> 00:00:16.230
In this lesson, we'll focus on symmetric encryption.

6
00:00:16.230 --> 00:00:20.160
Symmetric encryption algorithms are encryption methods

7
00:00:20.160 --> 00:00:23.460
that result in the creation of a single key.

8
00:00:23.460 --> 00:00:27.870
The resultant symmetric key is used for both encryption

9
00:00:27.870 --> 00:00:29.670
and decryption.

10
00:00:29.670 --> 00:00:32.310
Common symmetric encryption algorithms

11
00:00:32.310 --> 00:00:36.330
include the Advanced Encryption Standard (AES),

12
00:00:36.330 --> 00:00:39.510
the Data Encryption Standard (DES),

13
00:00:39.510 --> 00:00:44.510
Triple DES, Blowfish, Twofish, Rivest Cipher 4 (RC4),

14
00:00:45.990 --> 00:00:47.580
and ChaCha20.

15
00:00:47.580 --> 00:00:49.290
Let's learn more about each

16
00:00:49.290 --> 00:00:52.380
of these symmetric encryption algorithms.

17
00:00:52.380 --> 00:00:55.200
But before we dive into the details

18
00:00:55.200 --> 00:00:57.630
of symmetric encryption algorithms,

19
00:00:57.630 --> 00:01:00.480
let's take a minute to define encryption.

20
00:01:00.480 --> 00:01:02.220
Encryption is the process

21
00:01:02.220 --> 00:01:06.600
of converting readable information, known as a plaintext,

22
00:01:06.600 --> 00:01:10.170
into an unreadable form called ciphertext

23
00:01:10.170 --> 00:01:14.250
using an encryption algorithm and a secret key.

24
00:01:14.250 --> 00:01:16.680
This process is two-way,

25
00:01:16.680 --> 00:01:18.810
meaning that encrypted data

26
00:01:18.810 --> 00:01:23.430
can be decrypted back to plaintext with the correct key.

27
00:01:23.430 --> 00:01:25.110
Now, for most folks,

28
00:01:25.110 --> 00:01:28.050
this is a fairly simple thing to understand

29
00:01:28.050 --> 00:01:30.540
because symmetric key encryption

30
00:01:30.540 --> 00:01:34.410
works just like the things you use on a daily basis,

31
00:01:34.410 --> 00:01:37.890
like a door lock on your house or your car.

32
00:01:37.890 --> 00:01:40.080
After all, when you go home

33
00:01:40.080 --> 00:01:42.900
and unlock your front door tonight,

34
00:01:42.900 --> 00:01:46.080
you're going to be using a physical form

35
00:01:46.080 --> 00:01:48.690
of symmetric key encryption.

36
00:01:48.690 --> 00:01:51.390
If you share your house with somebody else,

37
00:01:51.390 --> 00:01:53.520
like a spouse or a roommate,

38
00:01:53.520 --> 00:01:57.930
you're both going to have your own copy of the same key,

39
00:01:57.930 --> 00:02:02.010
and that same key is going to be used to both lock

40
00:02:02.010 --> 00:02:04.710
and unlock the front door.

41
00:02:04.710 --> 00:02:07.170
This makes it a symmetric key

42
00:02:07.170 --> 00:02:11.190
because the exact same key is used to lock

43
00:02:11.190 --> 00:02:13.620
and unlock the door.

44
00:02:13.620 --> 00:02:17.160
Now, when you hear the word symmetric key,

45
00:02:17.160 --> 00:02:19.950
I want you to remember that this refers

46
00:02:19.950 --> 00:02:23.250
to both people having the same key.

47
00:02:23.250 --> 00:02:26.040
Symmetric equals same.

48
00:02:26.040 --> 00:02:30.300
So symmetric cryptography is an encryption method

49
00:02:30.300 --> 00:02:33.807
where the same key is used for both encryption

50
00:02:33.807 --> 00:02:35.700
and decryption of data,

51
00:02:35.700 --> 00:02:38.010
making it efficient and fast,

52
00:02:38.010 --> 00:02:42.750
ideal for securing large amounts of data very quickly.

53
00:02:42.750 --> 00:02:45.690
Symmetric encryption is further divided

54
00:02:45.690 --> 00:02:48.540
into two types of encryption methods:

55
00:02:48.540 --> 00:02:51.660
Stream ciphers and Block ciphers.

56
00:02:51.660 --> 00:02:55.800
Stream ciphers are a type of symmetric encryption

57
00:02:55.800 --> 00:02:58.620
that encrypt data bit by bit

58
00:02:58.620 --> 00:03:03.620
or byte by byte using a pseudo-random stream generated

59
00:03:03.810 --> 00:03:05.610
by a secret key.

60
00:03:05.610 --> 00:03:08.430
This approach allows stream ciphers

61
00:03:08.430 --> 00:03:11.070
to encrypt data continuously,

62
00:03:11.070 --> 00:03:15.780
making them perfect for real-time applications like audio

63
00:03:15.780 --> 00:03:17.460
or video streaming,

64
00:03:17.460 --> 00:03:21.840
where the total length of the data stream is unknown.

65
00:03:21.840 --> 00:03:23.520
With stream ciphers,

66
00:03:23.520 --> 00:03:25.890
the key stream generator produces

67
00:03:25.890 --> 00:03:27.990
a pseudo-random bit stream,

68
00:03:27.990 --> 00:03:29.370
which is then combined

69
00:03:29.370 --> 00:03:33.840
with the plaintext being encrypted using an XOR,

70
00:03:33.840 --> 00:03:38.840
or Exclusive OR operation, to create encrypted ciphertext.

71
00:03:39.690 --> 00:03:43.200
Think of stream ciphers like a zipper on a jacket.

72
00:03:43.200 --> 00:03:44.730
The key stream generator

73
00:03:44.730 --> 00:03:46.950
is like one side of the zipper,

74
00:03:46.950 --> 00:03:49.170
creating a series of teeth

75
00:03:49.170 --> 00:03:52.080
that match up perfectly with the other side,

76
00:03:52.080 --> 00:03:55.350
which is the plaintext that's being encrypted.

77
00:03:55.350 --> 00:03:59.280
As the zipper, representing the XOR operation,

78
00:03:59.280 --> 00:04:01.500
pulls the two sides together,

79
00:04:01.500 --> 00:04:05.550
it locks them into a new tightly interwoven pattern,

80
00:04:05.550 --> 00:04:10.550
creating a secure barrier, which represents the ciphertext.

81
00:04:10.650 --> 00:04:13.470
Just like the zipper combines the teeth

82
00:04:13.470 --> 00:04:15.270
to keep the jacket closed,

83
00:04:15.270 --> 00:04:18.780
the XOR operation combines the key stream

84
00:04:18.780 --> 00:04:22.620
and plaintext into a secure message.

85
00:04:22.620 --> 00:04:26.790
The beauty of XOR is its reversibility.

86
00:04:26.790 --> 00:04:29.190
Just like unzipping a zipper,

87
00:04:29.190 --> 00:04:32.580
applying an XOR with the same key stream

88
00:04:32.580 --> 00:04:36.840
to the ciphertext restores the original plaintext.

89
00:04:36.840 --> 00:04:40.290
Overall, the security of a stream cipher

90
00:04:40.290 --> 00:04:43.620
depends on the uniqueness of the key stream,

91
00:04:43.620 --> 00:04:47.130
which, remember, is one side of the zipper

92
00:04:47.130 --> 00:04:50.970
that is generated using an initialization vector.

93
00:04:50.970 --> 00:04:54.570
An initialization vector, which changes constantly,

94
00:04:54.570 --> 00:04:57.600
ensures that each key stream is unique

95
00:04:57.600 --> 00:05:01.800
even when encrypting the same plaintext multiple times.

96
00:05:01.800 --> 00:05:05.340
However, if the initialization vector is weak

97
00:05:05.340 --> 00:05:09.330
or predictable, the encryption can be compromised.

98
00:05:09.330 --> 00:05:14.310
For example, wired equivalent privacy, or WEP,

99
00:05:14.310 --> 00:05:18.120
used a short 24-bit initialization vector,

100
00:05:18.120 --> 00:05:21.030
making it vulnerable to brute force attacks

101
00:05:21.030 --> 00:05:24.450
and rendering its encryption insecure.

102
00:05:24.450 --> 00:05:28.200
Block ciphers are a type of symmetric encryption

103
00:05:28.200 --> 00:05:31.320
that encrypt data in fixed-size blocks,

104
00:05:31.320 --> 00:05:36.320
usually 64 or 128 bits, using a secret key.

105
00:05:36.990 --> 00:05:38.880
This method means

106
00:05:38.880 --> 00:05:42.390
that block ciphers process data in chunks,

107
00:05:42.390 --> 00:05:46.950
making them ideal for applications like file encryption

108
00:05:46.950 --> 00:05:49.050
and secure communications

109
00:05:49.050 --> 00:05:52.770
where the data size is known and large.

110
00:05:52.770 --> 00:05:55.410
The block cipher encryption process

111
00:05:55.410 --> 00:05:58.920
involves breaking the plaintext into blocks,

112
00:05:58.920 --> 00:06:02.100
applying the encryption algorithm to each block,

113
00:06:02.100 --> 00:06:05.880
and combining the blocks to form the ciphertext.

114
00:06:05.880 --> 00:06:09.690
Because block ciphers handle data in chunks,

115
00:06:09.690 --> 00:06:14.010
they offer strong security through structured encryption.

116
00:06:14.010 --> 00:06:17.610
Block ciphers use a combination of confusion

117
00:06:17.610 --> 00:06:21.510
and diffusion techniques to secure the data.

118
00:06:21.510 --> 00:06:24.930
Confusion makes the relationship between the key

119
00:06:24.930 --> 00:06:27.360
and the ciphertext complex.

120
00:06:27.360 --> 00:06:31.440
While diffusion spreads the plaintext information

121
00:06:31.440 --> 00:06:33.240
throughout ciphertext,

122
00:06:33.240 --> 00:06:37.200
ensuring that even a small change in the plaintext

123
00:06:37.200 --> 00:06:40.800
or key significantly alters the output.

124
00:06:40.800 --> 00:06:42.570
You can think of confusion

125
00:06:42.570 --> 00:06:46.200
and diffusion techniques like writing a secret message

126
00:06:46.200 --> 00:06:50.520
into a puzzle with letters on the puzzle pieces.

127
00:06:50.520 --> 00:06:54.300
Confusion is like scrambling the letters of the message,

128
00:06:54.300 --> 00:06:56.880
so the words are hard to recognize

129
00:06:56.880 --> 00:06:58.920
even if you can see them all.

130
00:06:58.920 --> 00:07:02.550
Diffusion is like scattering those scramble pieces

131
00:07:02.550 --> 00:07:04.260
all across the puzzle,

132
00:07:04.260 --> 00:07:05.490
making it difficult

133
00:07:05.490 --> 00:07:08.790
to spot any coherent groups of the letters.

134
00:07:08.790 --> 00:07:11.070
This dual approach of confusion

135
00:07:11.070 --> 00:07:15.750
and diffusion makes block ciphers resilient to attacks

136
00:07:15.750 --> 00:07:17.820
that aim to reveal the key

137
00:07:17.820 --> 00:07:21.510
or plaintext by analyzing patterns.

138
00:07:21.510 --> 00:07:25.560
Unlike stream ciphers, which encrypt continuously,

139
00:07:25.560 --> 00:07:29.970
block ciphers apply multiple rounds of these transformations

140
00:07:29.970 --> 00:07:31.290
to each block,

141
00:07:31.290 --> 00:07:34.890
enhancing the security of the encrypted data.

142
00:07:34.890 --> 00:07:37.710
A critical aspect of block ciphers

143
00:07:37.710 --> 00:07:41.460
is their use of different modes of operation,

144
00:07:41.460 --> 00:07:45.630
which define how each block interacts with other blocks

145
00:07:45.630 --> 00:07:47.370
during the encryption.

146
00:07:47.370 --> 00:07:51.303
Common modes include electronic code book, or ECB,

147
00:07:52.320 --> 00:07:55.560
cipher block chaining, or CBC,

148
00:07:55.560 --> 00:07:59.460
and the Galois/Counter Mode, or GCM.

149
00:07:59.460 --> 00:08:03.720
The security of a block cipher depends on its algorithm,

150
00:08:03.720 --> 00:08:07.050
key length, and mode of operation.

151
00:08:07.050 --> 00:08:12.000
Now, let's categorize some specific encryption algorithms.

152
00:08:12.000 --> 00:08:17.000
First, we have the Advanced Encryption Standard, or AES.

153
00:08:17.430 --> 00:08:20.670
AES is one of the most widely used

154
00:08:20.670 --> 00:08:23.508
symmetric encryption algorithms today.

155
00:08:23.508 --> 00:08:27.390
AES can operate as both a block cipher,

156
00:08:27.390 --> 00:08:32.390
encrypting fixed-size 128-bit blocks of data,

157
00:08:32.400 --> 00:08:34.680
and as a stream cipher,

158
00:08:34.680 --> 00:08:39.420
using configurations like Galois/Counter Mode, or GCM,

159
00:08:39.420 --> 00:08:42.240
to handle continuous data streams.

160
00:08:42.240 --> 00:08:45.480
The ability to operate as both a block

161
00:08:45.480 --> 00:08:50.480
or stream cipher is unique and distinguishable to AES.

162
00:08:50.730 --> 00:08:54.300
This versatility makes AES suitable

163
00:08:54.300 --> 00:08:59.300
for a range of applications, including securing files,

164
00:08:59.430 --> 00:09:01.170
data communications,

165
00:09:01.170 --> 00:09:04.860
and even encrypting storage on mobile devices.

166
00:09:04.860 --> 00:09:09.860
AES supports key sizes of 128, 192, and 256 bits,

167
00:09:13.170 --> 00:09:16.110
providing scalable security levels

168
00:09:16.110 --> 00:09:19.500
depending upon the sensitivity of the data.

169
00:09:19.500 --> 00:09:24.500
AES is commonly used in WPA2 and WPA3 Wi-Fi security,

170
00:09:26.700 --> 00:09:31.110
securing file transfers, and encrypting messaging apps.

171
00:09:31.110 --> 00:09:33.690
Additionally, modern processors,

172
00:09:33.690 --> 00:09:36.360
like those found in smartphones,

173
00:09:36.360 --> 00:09:40.860
often have built-in hardware acceleration for AES,

174
00:09:40.860 --> 00:09:44.520
allowing it to perform encryption tasks quickly

175
00:09:44.520 --> 00:09:48.270
without significant impact on performance.

176
00:09:48.270 --> 00:09:53.250
Second, we have the Data Encryption Standard, or DES,

177
00:09:53.250 --> 00:09:57.120
and Triple DES (3DES).

178
00:09:57.120 --> 00:09:59.490
The Data Encryption Standard was one

179
00:09:59.490 --> 00:10:02.130
of the earliest encryption standards,

180
00:10:02.130 --> 00:10:07.130
using a 56-bit key to encrypt 64-bit data blocks.

181
00:10:08.130 --> 00:10:10.800
Despite its initial popularity,

182
00:10:10.800 --> 00:10:14.340
DES's short key length made it vulnerable

183
00:10:14.340 --> 00:10:18.150
to brute force attacks, rendering it unsecure.

184
00:10:18.150 --> 00:10:22.620
To improve security, Triple DES was developed.

185
00:10:22.620 --> 00:10:27.030
Triple DES applies the DES algorithm three times

186
00:10:27.030 --> 00:10:29.130
using three different keys.

187
00:10:29.130 --> 00:10:33.870
This increases the effective key length to 112 bits,

188
00:10:33.870 --> 00:10:36.630
significantly enhancing security,

189
00:10:36.630 --> 00:10:40.500
but also slowing down the encryption process.

190
00:10:40.500 --> 00:10:45.500
Triple DES was widely adopted in banking and legacy systems

191
00:10:46.170 --> 00:10:49.680
but has largely been replaced by AES

192
00:10:49.680 --> 00:10:54.630
due to AES's superior performance and security.

193
00:10:54.630 --> 00:10:57.960
Despite being more secure than DES,

194
00:10:57.960 --> 00:11:02.250
Triple DES's repeated encryption steps make it slower

195
00:11:02.250 --> 00:11:05.820
and less efficient for modern applications.

196
00:11:05.820 --> 00:11:09.810
Third, we have Blowfish and Twofish.

197
00:11:09.810 --> 00:11:13.890
Blowfish is known for its speed and flexibility,

198
00:11:13.890 --> 00:11:18.890
with key lengths ranging from 32 to 448 bits.

199
00:11:19.470 --> 00:11:22.830
This adaptability made Blowfish popular

200
00:11:22.830 --> 00:11:27.060
in earlier software applications and encryption tools.

201
00:11:27.060 --> 00:11:30.960
However, it used a 64-bit block size,

202
00:11:30.960 --> 00:11:33.270
which can pose security risks

203
00:11:33.270 --> 00:11:36.300
when encrypting large volumes of data.

204
00:11:36.300 --> 00:11:38.520
Block sizes of 64 bits

205
00:11:38.520 --> 00:11:41.850
and below are no longer considered secure

206
00:11:41.850 --> 00:11:44.820
as they are vulnerable to collision attacks

207
00:11:44.820 --> 00:11:46.530
where identical blocks

208
00:11:46.530 --> 00:11:49.800
of data may produce the same ciphertext,

209
00:11:49.800 --> 00:11:53.250
especially when used within large data sets.

210
00:11:53.250 --> 00:11:56.370
This weakness makes Blowfish less suitable

211
00:11:56.370 --> 00:11:58.410
for securing extensive

212
00:11:58.410 --> 00:12:02.670
or high-security data compared to newer algorithms

213
00:12:02.670 --> 00:12:04.920
with larger block sizes.

214
00:12:04.920 --> 00:12:07.950
Twofish, a successor to Blowfish,

215
00:12:07.950 --> 00:12:11.430
was designed to address these limitations.

216
00:12:11.430 --> 00:12:15.750
Twofish encrypts data in 128-bit blocks

217
00:12:15.750 --> 00:12:19.890
using key sizes of up to 256 bits,

218
00:12:19.890 --> 00:12:24.570
providing enhanced security and faster performance.

219
00:12:24.570 --> 00:12:29.570
Fourth and finally, we have Rivest Cipher 4, or RC4,

220
00:12:30.180 --> 00:12:32.370
and ChaCha20.

221
00:12:32.370 --> 00:12:37.370
RC4 is a pure stream cipher that processes data one bit

222
00:12:38.220 --> 00:12:40.050
or byte at a time,

223
00:12:40.050 --> 00:12:42.150
making it extremely fast

224
00:12:42.150 --> 00:12:44.970
and efficient for real-time applications

225
00:12:44.970 --> 00:12:49.440
such as secure communications and streaming data.

226
00:12:49.440 --> 00:12:52.680
RC4 was once widely used

227
00:12:52.680 --> 00:12:56.700
in protocols like secure sockets layer, or SSL,

228
00:12:56.700 --> 00:13:01.590
and wired equivalent privacy, or WEP, for Wi-Fi.

229
00:13:01.590 --> 00:13:04.500
However, vulnerabilities were discovered

230
00:13:04.500 --> 00:13:07.530
that allowed attackers to exploit weaknesses

231
00:13:07.530 --> 00:13:11.580
in the initial key stream state of the algorithm.

232
00:13:11.580 --> 00:13:15.540
This is why we should no longer be using WEP

233
00:13:15.540 --> 00:13:17.640
in our Wi-Fi networks.

234
00:13:17.640 --> 00:13:22.640
So ChaCha20 was developed as a secure replacement for RC4.

235
00:13:24.000 --> 00:13:29.000
It uses a more robust design that avoids the pitfalls of RC4

236
00:13:29.550 --> 00:13:33.450
while maintaining high speed and efficiency.

237
00:13:33.450 --> 00:13:36.690
ChaCha20 is particularly popular

238
00:13:36.690 --> 00:13:39.150
in scenarios where low latency

239
00:13:39.150 --> 00:13:41.610
and strong security are required,

240
00:13:41.610 --> 00:13:43.890
such as internet protocols

241
00:13:43.890 --> 00:13:47.130
like transport layer security, or TLS,

242
00:13:47.130 --> 00:13:49.080
for secure web browsing.

243
00:13:49.080 --> 00:13:53.100
ChaCha20's resilience against cryptographic attacks

244
00:13:53.100 --> 00:13:56.820
and efficient performance on both high-end servers

245
00:13:56.820 --> 00:14:01.410
and low-power devices make it a preferred choice.

246
00:14:01.410 --> 00:14:06.410
So remember, symmetric encryption is a type of encryption

247
00:14:07.140 --> 00:14:10.800
that uses the same key for both encrypting

248
00:14:10.800 --> 00:14:13.050
and decrypting data.

249
00:14:13.050 --> 00:14:16.320
It is known for its speed and efficiency,

250
00:14:16.320 --> 00:14:19.590
making it ideal for securing large amounts

251
00:14:19.590 --> 00:14:21.750
of data very quickly.

252
00:14:21.750 --> 00:14:26.130
Symmetric encryption is divided into two main types,

253
00:14:26.130 --> 00:14:29.370
stream ciphers, which encrypt data bit by bit

254
00:14:29.370 --> 00:14:31.080
or byte by byte,

255
00:14:31.080 --> 00:14:35.850
and block ciphers, which encrypt data in fixed block sizes.

256
00:14:35.850 --> 00:14:38.340
Common symmetric encryption algorithms

257
00:14:38.340 --> 00:14:42.690
include the Advanced Encryption Standard, or AES,

258
00:14:42.690 --> 00:14:46.533
the Data Encryption Standard, or DES, Triple DES,

259
00:14:47.400 --> 00:14:52.400
Blowfish, Twofish, Rivest Cipher 4, or RC4,

260
00:14:52.740 --> 00:14:54.960
and a ChaCha20.

261
00:14:54.960 --> 00:14:58.980
Each algorithm has unique strengths and weaknesses,

262
00:14:58.980 --> 00:15:02.190
making them suitable for different applications

263
00:15:02.190 --> 00:15:04.533
and levels of security.