Which is the simplest cryptographic algorithm which is close to commercial-level security?

Question

An algorithm is simpler than another if

It is easier to explain to a noob with basic high-school math knowledge.
It is easier to securely self-implement by an intermediate programmer (Yes I know one should never 'roll their own' but this is just a metric of comparing simplicity)
Can be done by hand & paper more easily (not necessarily that it can practically be done on paper, but that it is easier to do on paper if one were to take the pains to do so)
Involves lesser steps.
Any other factors that don't immediately come to mind.

To give an example with popular ciphers, by these criteria RSA is simpler than AES.
The point of this question is maybe find out about some very clever albeit less popular/unheard of cryptographic algorithms that are at or quite close to real commercial-level security while still being incredibly simple.
To use simpler words, the requirements are much above Caesar cipher but much below AES, in terms of complexity.
A question on the most secure hand ciphers inspired this question, except there are no such limitations of not having computational/calculational power here, but similar/stricter restriction on complexity. The idea is to test the limits of simplicity that cryptography can reach while still being done right.
Perhaps symmetric ciphers would be ideal for the criteria of simplicity. However, obviously, any cipher is to-the-mark if it is simple and secure enough.
Edit 1 : The criteria listed above are in order of importance, i.e, the 1st is more important than the second and so on.

Meir Maor · Accepted Answer

I will throw tiny encryption algorithm into the mix:
https://en.m.wikipedia.org/wiki/Tiny_Encryption_Algorithm
It's a very respectable block cipher. It really works as a block cipher with convenient block size of 64 bits and key size of 128 bits. So it behaves much like a DES or AES as in how you use it securely.
It's a Feistel network which anyone starting studying crypto should learn anyway. It's easy to follow why it's reversible and how the shuffling happens. So I think the level of understanding achievable to a novice is high if you want not only to memorize the code but also have a minimal understanding of why this is a good idea.

ShnierOnSecurity · Answer

You question is quite broad

cryptographic algorithm

What kind of task shall this algorithm solving?

symmetric encryption, like AES
asymmetric, like RSA
key-exchange, like Diffie–Hellman
hash function, like sha256
quantum-theoretical-encryption-algorithm, like something new from the IACR
quantum-key-exchange algorithms, like one used across EU already...
steganography, like spies used
signing algorithms, like used in PGP/GPG schemes
pseudo-random numbers algorithm, like used mostly everywhere in crypto as sub-algo

And probably 10+ fields in crypto, little bit minor...
When you are comparing RSA - easier than AES - you are comparing "Hammer" and "Saw", it is used for different things, this gives different environment for algorithm and of-course - stream encryption little bit harder than just generate private & public keys...
What is better "Blue-Color" or "Cold-Ice-Cream"?
You could say, sha256 easy than ECC - Elliptic-curve cryptography, but this is two completely different targets. It is like to say "ZIP file format" ( an archive ), and all algorithm inside it, easier than Bitcoin's block-chain algorithm... is it easier? or they are equal? Or perhaps, block-chain is so popular - because it is one of the easiest algorithm on the Earth?
One-time pad - will be easiest one to understand than anything you could met, methinks. But would it be easy to handling two big secret books containing one big secret key??? I'm not sure... Are you ready to physically meet with your counter-part to give em copy of your one-time pad. And thereafter - like you said, on the paper, encrypt e-mails - symbol-by-symbol...
So, we could separate categories

easiest in handling
easiest in understanding
easiest in coding

.... and somehow connected to cryptography, hash, key-exchange, stream,  no-matter..
I think the answer on this question will not satisfy your researching.

Daniel Lubarov · Answer

I would say MiMC is the simplest block cipher with plausible security. The idea is to cube the state, add a random constant, and repeat. This is typically done in a large prime field, but it is trivial to implement field arithmetic in any language with big integer support. Here's a Python implementation:
def mimc(x, p, k, constants):
    x = (x + k) % p
    for c in constants:
        x = (x**3 + k + c) % p
    return x

Notes:

x is the input.
p is the (prime) order of the field.
k is the block cipher key.
constants is a list of r random field elements, where r is the number of rounds. (The paper uses r - 1 constants, since adding one in the final step does nothing for security, but it doesn't hurt either.)
The authors recommend r = ceil(log(p)/log(3)).
The field must be one in which cubing is a permutation, which holds if gcd(3, p - 1) = 1.

user82867 · Answer

The one time pad technically meets all your criteria and I think it's the simplest. It gets used all the time within encryption schemes where it's usually called blinding.
Otherwise I would look into small block ciphers. For example, RC5 and skip32. These are probably the simplest beside the OTP.

Steve A · Answer

Those are good answers if you need a cypher or public key cryptosystem, but they are not the most secure nor the most simple of cryptographic algorithms. Even Playfair is more complicated than codebook encryption. The more simple and most secure cryptographic algorithm by far is the one-time pad. It is proven secure, and exists of an exclusive-or. The painful parts are generating true randomness, and the requirement of "one-time" use per pad.

Answered by Steve A on January 18, 2021

Maarten Bodewes · Answer

I think the most simple ciphers that are available are stream ciphers. Of course there are secure and non-secure stream ciphers. But e.g. LFSR's based ciphers are pretty easy to understand, and generally you just have to deal with bitops and basic possibly (modulo) addition. Those operations are generally easy to perform "by hand". Of course, to achieve security, the algorithms do generally have a pretty large state, so updates to the state will also take a lot of time for a human.
You could look at RC4 as used in the TLS protocols (up to 1.2 anyway) and A5/1 as used for protecting GSM communications. Those are actively used for commercial applications. Although I should have mentioned that neither of these are still secure (or as secure as they should be in the case of RC4).
The disadvantage of using a stream cipher is that the use is limited compared to e.g. a block cipher. Block ciphers are used as constructs in e.g. MAC algorithms, sometimes even hash algorithms and many other projects.

RSA is also known as a relatively easy algorithm indeed. It's source code can and was printed in PERL on T-shirts during the crypto wars. Note that you'd need at least PKCS#1 padding for it to be secure, which adds to the complexity. Key pair generation is also much harder for RSA.
If you'd use anything, then Diffie-Hellman might be a good choice. The key pair generation is easier and DH-operations themselves are simply the calculations and some conversions to bits. You should however stick to a well known named set of domain parameters; generating a new set adds unneeded complexity.
In general I'd think that a stream cipher is vastly less complex than most asymmetric primitives though.

A P Jo · Answer

Perhaps RSA serves both your criteria very, very well , and is also a valid candidate ?

Which is the simplest cryptographic algorithm which is close to commercial-level security?

7 Answers

Add your own answers!

Ask a Question