Fast, simple to use symmetric cipher for integer encryption in Java

Question

What is in Java a cipher function for integer encryption having these properties?:

• Fast
• Symmetric-key algorithm
• Simple to use (i.e. a couple of lines of code to use it and no external library to include)
• It is possible to specify the output length (e.g. 20 characters)

I need to use it only to encrypt/decrypt integers.

Answer 1

The requirement for no external library reduces the list to DES, 3DES and AES. DES and 3DES have a block size of 64 bits whereas AES has a block size of 128 bits. There are different aspects, one can examine this for.

Ciphertext size

DES and 3DES are best used for integers that are at most 56-bit wide (non-full long), because the result will be a single block of 8 byte, because of padding. If you encrypt a full long value, then an additional padding block will be added.

AES will always produce a 16 byte ciphertext for any int of long value.

Speed

According to this analysis AES (Rijndael-128) is more than twice as fast as DES/3DES with a bigger key size (more secure). AES can be even much faster than DES or 3DES when the CPU supports AES-NI. All current CPUs support this. This is my current result for taken from the openssl speed command.

AES achieves 127MB/s for 16 byte payloads whereas 3DES only achieves 27MB/s. Here's the data to poke around.

Security

Don't use DES for anything serious, because it only has a 56-bit key (64-bit with parity). Brute forcing cost is 2⁵⁶. 3DES is also not that good, because Brute forcing cost is 2¹¹². Brute forcing cost for AES is 2¹²⁸, 2¹⁹², 2²⁵⁶ depending on the used key size.

Code

Probably use AES:

private final String CIPHER_NAME = "AES/ECB/PKCS5Padding";
private final String ALGORITHM_NAME = "AES"; // keySizes 128, 192, 256
// private final String CIPHER_NAME = "DES/ECB/PKCS5Padding";
// private final String ALGORITHM_NAME = "DES"; // keySize 56
// private final String CIPHER_NAME = "DESede/ECB/PKCS5Padding";
// private final String ALGORITHM_NAME = "DESede"; // keySize 168

byte[] encrypt(SecretKey key, long num) {
    BigInteger bignum = BigInteger.valueOf(num);
    Cipher cipher = Cipher.getInstance(CIPHER_NAME);
    cipher.init(Cipher.ENCRYPT_MODE, key);
    return cipher.doFinal(bignum.toByteArray());
}

long decrypt(SecretKey key, byte[] ct) {
    Cipher cipher = Cipher.getInstance(CIPHER_NAME);
    cipher.init(Cipher.DECRYPT_MODE, key);
    byte[] pt = cipher.doFinal(ct);
    BigInteger bignum = new BigInteger(pt);
    return bignum.longValue();
}

SecretKey keyGen(String algorithm, int keySize) {
    KeyGenerator keygen = KeyGenerator.getInstance(algorithm);
    keygen.init(keySize);
    return keygen.generateKey();
}

Mode of operation

Here I use ECB mode. It is generally not a good idea to use it. It has a problem that encrypting the same plaintext with the same key results in the same ciphertext. This may not be a property that is acceptable. If it is not acceptable, then you need to use for example CBC mode with a new random IV. With will blow up the ciphertext by an additional block.

Answer 2

If you don't need a secure solution, but just fast one, consider the XOR cipher:

int key = ...
....
int b = a ^ key;
int c = b ^ key;
assert (c == a);