A cipher is an algorithm for encrypting data.


A cipher uses a value called the encryption key to transform a value called plain text into a second value called ciphertext, such that a third value called the decryption key is needed to derive the plain text from the ciphertext. Without the key, even knowledge of the cipher is of no use in deciphering (decrypting) the ciphertext.

A symmetric cipher uses the same key for both encryption and decryption. An asymmetric cipher uses a pair of related keys: A value encrypted using one key may be decrypted using the other key. If one key is kept secret, and the other made public, they can be used for various purposes:

A value encrypted using the secret key can be decrypted using the public key, proving that the message originated from the possessor of the secret key.
A value encrypted using the public key can be decrypted using the secret key, making it possible to transmit a message that only the possessor of the secret key can read.
A value encrypted using the secret key of party A and then encrypted again using the public key of Party B makes it possible to transmit a message that only party B can read, and that party B knows originated from party A. Furthermore, party A can encrypt only the cryptographic hash of the message, rather than the complete message, in order to prove its the origin. This is called a digital signature: Party B can decrypt the message which includes the encrypted hash of the message, decrypt that hash, take the hash of the message, and compare the two hashes.

For most asymmetric encryption systems, encrypting your data with key A and then encrypting the result with key B is effectively equivalent to encrypting your data with key C, where key C has the property of being much less secure than either key A or key B.

Governments have historically attempted to limit the use of encryption because the authorities like to be able to inspect information and monitor communications. They have however been less averse to the wide deloymnet of assymetric encryption which has proven essential to everyday individual communication over the Internet.

Secure Ciphers

AES (Rijndael)
Widely used.
One of the competitors for AES. Superceded by Twofish.
The successor to blowfish.

Insecure Ciphers

Simple substitution algorithms, such as Caesar and rot13
These are trivial to break, and there is a page devoted to solving cryptograms.
Other (insecure) algorithms of historical interest, such as vignere (a misspelling of Vigenere) and Matrix multiplication and encryption
The page entitled Encryption and decryption has another implementation of Vigenere.

Comparison of pure-Tcl cipher implementations

The following table shows a comparison of the pure-Tcl cipher implementations from tcllib Each was used to encipher and decipher 16 bytes for a timing test. The first table gives aggregated times. In the second table we ignore the key scheduling phase and only time core data encryption.

 DES(0.8)  DES  3DES AES-128  AES-192 AES-256 Blowfish   RC4
  2967     505  1039      874    1004    1184    38783   584
  2769     409   865     2389    2856    3379    38735   572

   -       275   609      703       -       -      143    56
   -       190   423     2246       -       -      139    53

From this we can see that the blowfish cipher is the fastest block cipher but is crippled by the cost of generating the sub-keys. AES and DES both have cheap key scheduling. For AES decryption is significantly slower than encryption while for DES the reverse is true. RC4 is currently fastest.

Tests were done using a tclkit 8.4 executable. DES 0.8 is the one in tcllib 1.7 while the columns listed as DES and 3DES are using a sightly modified version of TclDES.

Tests look something like:

time {rc4::rc4 -key $key $plaintext} 500


time {aes::aes -mode ecb -dir encrypt -key $key $plaintext} 500