Comprehensive Analysis of Cryptographic Algorithms: Implementation and Security Insights ^†

Abstract

This study surveys some cryptographic algorithms in a detailed manner; it mainly focuses on symmetric key cryptography and asymmetric key cryptography with hash functions following them. Regarding the importance of cryptography for securing communications and data integrity in the digital era, we show—using practical examples with Python 3.10 and Crypto 2 tool—how a few implementations of such encryption techniques work. To clarify this further, Caesar Cipher represents a very simple varying key, and each round of stream ciphers or block ciphers exhibits highly advanced symmetric techniques. Then, we discuss asymmetric cryptography using RSA encryption with public–private key pairs for a secure communication. Furthermore, research has been conducted into the hash functions SHA-1 and SHA-2, which form unique digital fingerprints of the information provided. This approach allows us to highlight all the positive and negative aspects of the above tools and to identify the comparative characteristics of their degree of security. This fact is highly important in determining the applicability of the security tools described above, depending on the conditions of work and threats.

1. Introduction

Cryptography forms the backbone of computer science and information security as it aids in safeguarding valuable data from unauthorized access. Since the 1920s, cryptography has been the most effective tool for secret communications, as it securely transforms human-readable data—called plaintext—into an unreadable format (ciphertext). This process is necessary for confidentiality, integrity and data authenticity, considering the global proliferation of digital communication/data storage [1]. This article discusses three main kinds of cryptographic capabilities: symmetric key cryptography, public key (asymmetric) cryptography, and hash functions. These fundamental differences impact the process by which a user accesses, secures, and leverages each of their listening methods for driving insight. Symmetric key cryptography encrypts using the same key that was used to decrypt. It deals with large amounts of data quickly and can be used when there are adequate secure key distribution facilities. Some examples of this type include the Caesar Cipher, Stream Ciphers, and Block Ciphers. These types of techniques are ideal when a user needs to communicate within a network where there is some level of trust and the same key can be shared between users in that environment [2]. Asymmetric (public key) cryptography, as the name suggests, contrasts with symmetric key cryptography by using a pair of keys instead of just one. More formally, this technique eliminates the requirement for secure key distribution because, along with public keys, it is feasible to share them openly and save security in private keys [3]. RSA is a popular asymmetric algorithm that provides the hash functions; additionally, hash functions produce a unique, fixed-length hash value generated as a digital fingerprint from the input data. This is particularly important for preventing tampering with the data because it verifies that any modification made in the raw file should be identifiable. SHA-1 and SHA-2 are widely used hash functions in most of the security protocols for digital signatures, along with data integrity checks [4,5].

The main purpose of this study is to illustrate the real-world significance of implemented cryptography techniques via case applications such as hashes and encrypted data, which safeguard privacy in digitalization. It is undeniable that cryptographic techniques form the backbone of secure electronic communication and financial operations, as they safeguard personal data from potential threats. The study provides insights into the pros and cons of each approach, information that is essential for selecting the appropriate cryptographic solution for specific security needs and threat environments. The growing prevalence of cyber threats underscores the necessity of robust cryptographic practices to safeguard sensitive information.

2. Methodology

Symmetric key cryptography occurs when both parties wishing to share data possess exactly the same key. This key must be kept confidential and shared amongst the communicating parties. Asymmetric algorithms are slow compared to symmetric ones and are good at encrypting small bits of data. Here, we discuss two examples of symmetric-key cryptosystem: the Caesar Cipher, and stream ciphers. The Caesar Cipher is one of the easiest and oldest encryption techniques. A substitution cipher is one of the simplest to implement; it works simply by shifting each letter in a plaintext message a set number down or up the alphabet. For instance, when a shift of 3 is given, using the key (shift) 3 to encrypt “Medy” shifts every letter three positions ahead in alphabetical order. The letter ‘A’ becomes ‘D’, ‘B’ becomes ‘E’, ‘C’ becomes ‘F’, and so on (Figure 1 and Figure 2), when using the Crypto 2 tool.

Hence, the plaintext “Medy”, when encrypted with right shift 3, yields ciphertext of “PHGB”. This is the basic idea of a Caesar Cipher, which applies a constant shift to every letter in some input text to produce a ciphered output. The Caesar Cipher, as defined above, is a simple substitution technique and it is easy to implement, but its major drawback is its predictability: only a limited number of shifts are possible, corresponding with a maximum shift of 25 [6]. Stream ciphers encrypt plaintext by XORing with a pseudo-random keystream generated from the secret key. In such a case, each bit or byte of plaintext is XORed with the next keystream value to produce ciphertext (Figure 3). Stream ciphers are designed to allow encryption and decryption in real-time, which is critical for secure communications [7]. For example, encrypting the phrase “Hello, Blagoevgrad” with a stream cipher with key 0102030405060708, where this key stream is generated by the key, is achieved by XORing the plaintext to obtain the ciphertext. When the keystream is truly random and non-repeating, many stream ciphers can be very efficient as well as secure. They rely on the careful manipulation of the key stream to prevent weaknesses such as its reuse, as such a weakness could give attackers a way to decrypt the text without much effort (Figure 4).

The ciphertext in Figure 3 is: DF CE E6 77 9F 8F FB 0D 53 95 99 17 2E BD 67 C9 E6 43. Decryption of ciphertext: DF CE E6 77 9F 8F FB 0D 53 95 99 17 2E BD 67 C9 E6 43. Decryption, plaintext = ciphertext XOR keystream using the same key: 0102030405060708.

Studying these examples elucidates the principles of symmetric key cryptography, some example applications of it, and its pros and cons.

Block Ciphers. A block cipher is a type of symmetric key encryption, which encrypts data in blocks and operates on fixed-size blocks. Block ciphers, as opposed to stream ciphers, encrypt data in blocks commonly 64 or 128 bits in size at a time [8]. Mode of operation: each block is encrypted separately. Common methods of operation include the electronic code book (ECB) and cipher block chaining (CBC). We consider an encryption algorithm that takes a fixed-size input of b bits and produces a ciphertext of the same size, b bits. If the input is greater than b bits, then it may be further split. Block ciphers can operate in different modes for various applications and uses. Electronic code book (ECB) mode encrypts each plaintext block with the same key. This simple method can make it predictable that the same plaintext block will be converted into identical ciphertext blocks [9]. As an example, consider the plaintext message: “Welcome to Bulgaria”. When this message is split into fixed-size blocks and encrypted with a key under ECB mode, the plaintext becomes encrypted block by block separately for each call, in turn leading to unique binary/hexadecimal outputs, specifically on a per-block basis. For instance, when breaking the message “Welcome to Bulgaria” into 128-bit blocks and encrypting them using some key value, we might generate ciphertexts in a hexadecimal format, as shown in Figure 5.

ECB is the easiest and fastest operation (the simple splitting of a message into blocks), but it has one main drawback: plaintext patterns are directly visible in the ciphertext. This predictability can be leveraged by attackers, especially when data controlled by reoccurring structures are being encrypted. ECB encryption is not typically used for sensitive data due to its vulnerability to cryptanalytic attacks [10] (Figure 6).

Cipher block chaining (CBC) is a mode that addresses the weaknesses of ECB by incorporating an initialization vector (IV) to increase security. In the more widely used CBC mode, every plaintext block is first XORed with the preceding ciphertext block before being encrypted. The difference in the ciphertext is encrypted using plaintext and the previous value of the written block, which adds an additional layer of complexity [11]. CBC mode adds a twist to the process by XORing another term with that first block before encryption begins: the IV. This is encrypted with the key to produce the first block of cipher text. For the remaining blocks, each plaintext block is XORed with the previous ciphertext before it is encrypted.

Figure 7 shows an example of how the encrypted message “Welcome to Bulgaria” might look in CBC mode with an IV and a key.

• Initialization Vector (IV): 1234567890ABCDEF
• Block 1: Plaintext XOR IV → Encrypted to produce Ciphertext Block 1
• Block 2: Plaintext XOR Ciphertext Block 1 → Encrypted to produce Ciphertext Block 2
• Block 3: Plaintext XOR Ciphertext Block 2 → Encrypted to produce Ciphertext Block 3.

Essentially, CBC mode allows for the use of an IV and is made stronger by chaining the blocks so that two exactly identical plaintext block will result in two different ciphertext blocks only through their position inside of message. This is one of the many ways in which it subtly improves security by making plaintext less patterned. CBC mode, however, is much more fragile when it comes to managing the IV and can be vulnerable—if implemented incorrectly—to some attacks (e.g., padding oracle attacks [12]) (Figure 8).

Figure 9, Figure 10, Figure 11, Figure 12 and Figure 13 show the differences in the output when encrypting.

Overall, block ciphers in ECB and CBC modes show a balance between simplicity, performance, and security in symmetric key cryptography. ECB mode is fast and easy to use, but less secure. CBC mode provides better security but is more complex. This section analyzes the different modes to help determine which is best suited to our requirements and the specific security threats we may encounter. The differences between ciphertexts in ECB and CBC are as follows: CBC mode is considered to be more secure than ECB mode, but it is very important to note that the security of encryption mainly depends on the strength of the encryption key.

3. Asymmetric Cryptography

Symmetrical key cryptography involves a key—one single, secret key shared among the parties in some communication system—whereas asymmetric keys (also known as public-key cryptosystems) employ two separate keys. The first is called a public key, and this can be distributed openly to encrypt messages, while the second should not be revealed to the owner of the security service itself. The two-key system dispels the problem of key distribution that plagues symmetric key cryptography and allows for safe exchanges even over hostile networks. RSA (Rivest Shamir Adleman) is one of the most useful asymmetrical cryptographic algorithms [13].

3.1. RSA Encryption

The RSA algorithm is based on the mathematical properties of large prime numbers and modular arithmetic. Here is an in-depth description of the RSA encryption process:

• Key Generation:

• Choose two prime numbers: first, we select two large prime numbers called $p$ and $q$ (which must be different from any previous ones selected).
• Multiply them together: then, calculate $n = pq$ (where $p$ and $q$ are just the two primes), which is used in both the public and private keys.
• Compute the totient: find the totient $\psi \left(n\right) = (p - 1) \times (q - 1)(p - 1)$, where all positive integers lower than n are counted and relatively prime to it.
• Select the public key exponent: choose an integer e such that $1 < e < \psi \left(n\right)$ and e is coprime with $\psi \left(n\right)$. The pair $(e, n)$ forms the public key.
• Calculate the private key exponent: determine $d$ as the modular multiplicative inverse of e modulo $\psi \left(n\right)$. This means that $d$ satisfies the equation $e \times d \equiv 1\left(mod\psi \right(n\left)\right).$ The pair $(d, n)$ constitutes the private key.

• Encryption:

• To encrypt a message $m$, the sender must convert the message into an integer $m$ such that $0 \le m < n$. This is typically achieved using a reversible encoding scheme.
• The ciphertext $C$ is then computed using the recipient’s public key $(e, n)$ as follows: $C = m^e mod n$.

• Decryption:

• The recipient now decrypts the ciphertext $C$ using their private key $(d, n)$ in order to retrieve the original message $m$. This decryption process involves the computation: $m = e^{d}mod n$.

For example, suppose we have chosen the prime numbers p = 7 and q = 11:

• Compute $n = 7 \times 11 = 77$.
• Calculate the totient: $\psi \left(n\right)=(7-1)\times (11-1)=60$
• Choose $e=7$, which is coprime with $60.$
• Compute $d$ such that $7\times d\equiv 1\left(mod60\right)$, resulting in $d=43.$ The public key is $(7, 77)$ and the private key is $(43, 77)$.

To encrypt a message $m$, suppose we are given $m = 8$:

Compute the ciphertext using the public key: $C = 8^{7}mod 77 = 11$.

To decrypt the ciphertext $C= 57$:

Compute the original message: $m={57}^{43} mod 77 = 8$

Thus, the original message has been successfully retrieved.

This example shows how RSA encryption can guarantee secure communications, because anyone is allowed to encrypt the message using the public key but only the intended recipient is able to decrypt the same message using their private key. The security of RSA is based on the fact that it is hard to factorize big composites numbers, making it unfeasible for a computational attacker to derive the private key from the public one without substantial computational resources.

Hash functions also are used to create a standardized output, called a hash, in a cryptographic system. The generated hash becomes a sort of identifier for the original message, which prevents changes in the data or substitution with another string. Hash functions are used to create a digital signature, verifiable data, password hashing systems, etc. [14].

3.2. SHA-1 and SHA-2

The Secure Hash Algorithm (SHA) is another type of cryptographic hash function developed by the National Security Agency (NSA). These are most commonly SHA-1 and SHA-2. Hash length (SHA-1): SHA-1 produces a 160-bit (20-byte) hash value. For example, SHA-1 was used broadly in the past to ensure data integrity and to secure communications, but now it is vulnerable to collision attacks. When two different inputs end up producing the same hash value, a collision occurs, making the hash function inconsistent and unreliable. Due to these vulnerabilities, the SHA-1 algorithm is considered obsolete and unsuitable for future security requirements. More secure hash functions, such as those in the SHA-2 family, should be used instead [15].

3.3. SHA-2

SHA-2 variants include SHA-224 (32 bytes)—the 224-bit version of the algorithm. These are mainly used in with digital signatures and certificates. SHA-256 and SHA-512 are the two most widely used variants [16]. SHA-2 is used to secure private information and confirm conception integrity, such as for digital signatures. It has applications for security protocols including TLS/SSL certificates, digital signatures, and block chain technology.

Applications:

Data Integrity Verification: Hash functions are essential for ensuring that data have not been altered during transmission. For instance, when downloading a file, the provider may offer a SHA-256 hash value. After downloading, users can compute the hash of the downloaded file and compare it to the original provided hash to confirm the file’s integrity.

Digital Signatures: Digital signature schemes use a hash of the message and encrypt this with a user’s private key. The receiver can decrypt the signature using the public key of the sender and compare the resultant hash with the hash of received message. If the message passes the check, this means that the integrity of the contents and authenticity of the sender are verified [17,18,19,20,21,22,23].

Plaintext Passwords: It is not at all safe to store passwords in plaintext. This is why systems have a hash of the password rather than the plaintext. When someone tries to log in, the entered password is hashed by the system and compared against that stored hash. Even if the hash database is leaked to a hacker, the original passwords will be safe.

In hashing the message “Welcome to Bulgaria”, we use SHA-1 and SHA-256:

• SHA-1: the hash value of “Welcome to Bulgaria” might be:
• SHA-1: a6d96eae3c4a4ed8b6d05b7b2e16e2ddcd5e6bc8
• SHA-256: the hash value of the same message using SHA-256 might be:
• SHA-256:
• 7a1a3c3de4564c56713b8c5d2e3db0e77ae8d66c2c3b97c7a5f0b99e4b3f49ed

SHA-256 has a larger hash size, making it much more secure against collision and pre-image attacks; thus, SHA-256 represents the better choice for common cryptographic applications.

The SHA-1 and SHA-2 algorithms are perfect examples of hash functions that are required in cryptographic systems. They have the ability to secure communication, validate data, and protect critical information, ensuring the integrity and authenticity of the data. Their implementation and usage are crucial to ensuring the safe and secure development of different digital ecosystems.

4. Discussions

These examples highlight the varying levels of security provided by different cryptographic algorithms and their respective use cases. Symmetric key schemes, such as the Caesar Cipher and modern stream ciphers, rely on the same key for both encryption and decryption. While these methods are computationally efficient and straightforward to implement, they generally provide weaker security guarantees, particularly if the key is compromised or reused. The Caesar Cipher, for instance, is historically significant but easily breakable through brute-force attacks due to its limited key space. Similarly, Goyal and Kinger [6] proposed a modified Caesar Cipher with complete security, but they identified it as having a significant disadvantage: namely, the insufficient number of possible keys, making it easy to break via an exhaustive search.

The stream cipher analyzed by Zhang [7] performs better, but it is a vulnerable target for multiple cryptanalytic attacks when used with predictable keys. These findings are in agreement with observations made in this study regarding the importance of careful key configuration and management. In contrast, asymmetric cryptographic systems—such as RSA—utilize a pair of mathematically linked keys: a public key for encryption and a private key for decryption. These methods significantly enhance security by mitigating the risks of key distribution inherent in symmetric schemes. As Kuljanski [13] points out, RSA requires high computational complexity, especially when dealing with long keys, which are necessary for resistance to quantum attacks.

On the other hand, hash functions such as SHA-1 and SHA-2 do not encrypt information but generate unique hash values. This study highlights their effectiveness in ensuring data integrity but also the vulnerabilities of outdated hash functions. This is discussed in the study conducted by Windarta et al. [4] and Kundu [5], who systematize known attacks on SHA-1 and recommend switching to SHA-2 and SHA-3. Krawczyk et al. [17] present similar conclusions, pointing out that new hashing standards are crucial to modern applications of cryptography.

Compared to digital signatures, which use asymmetric encryption to provide both data integrity and non-repudiation, hash functions alone are less complex but also less secure in isolation. Digital signatures, often combined with secure hash functions, ensure that a message was sent by a legitimate party and has not been tampered with, making them essential in secure communications and transactions such as email signing, software distribution, and blockchain technologies.

In summary, the selection of a cryptographic algorithm should be guided by the specific needs of the application—balancing performance, ease of implementation, and the required security level. Asymmetric encryption offers stronger guarantees for secure communication, symmetric encryption provides speed and efficiency, and hash functions ensure data integrity in a lightweight and effective manner.

5. Conclusions

This study shows the importance of selecting the cryptographic technique based on the level of security required. While symmetric key cryptography is useful for fast and secure communications between trusted parties, it cannot resolve the key distribution problem without relying heavily on some form of public or private key infrastructure; this makes it necessary to use asymmetric public key algorithms in all untrusted situations. Hashing is still central to any notion of data integrity. Further studies should focus on how effectively these algorithms can be implemented in real-world applications, as well as their robustness against future threats.