Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Symmetric Cryptography: DES, AES & 3DES

Lesson 10 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Symmetric Cryptography: DES, AES & 3DES

Symmetric-key cryptography is an encryption method where the same key is used for both encryption and decryption. The key must be shared between the communicating parties through a secure channel before communication can begin. This is the "key distribution problem" — the fundamental challenge of symmetric systems.

---

Data Encryption Standard (DES)

DES was published by NIST in 1977 and became the global encryption standard for over 20 years. It was a block cipher — it divides plaintext into fixed-size blocks and encrypts each block.

DES Technical Specifications:

PropertyValueSignificanceModern Status
Block Size64 bitsProcesses 8 bytes at a timeToo small by modern standards
Key Length56 bitsNSA-mandated reduction from 64 (8 parity bits)Broken — brute-forceable
Number of Rounds16Feistel network structureProvides confusion and diffusion
Algorithm TypeFeistel Network (block cipher)Symmetric, efficient hardware implementationFoundation for DES variants
Published1977 (FIPS PUB 46)First standardized encryptionHistorical significance
Cracked1998 (EFF Deep Crack, 22 hours)56-bit key too shortDeprecated since 2001

DES Feistel Network (16-round Encryption Process):

  1. Initial Permutation (IP): Input 64-bit plaintext block is permuted according to a fixed table
  2. 16 Rounds: Block split into L (left 32 bits) and R (right 32 bits). Each round: L_new = R_old; R_new = L_old XOR F(R_old, subkey)
  3. F-Function: Expands R from 32 to 48 bits, XORs with 48-bit subkey, passes through 8 S-boxes (substitution), then permutes output
  4. Final Permutation (FP): Inverse of IP; produces 64-bit ciphertext block

---

Triple DES (3DES / TDEA)

3DES was a stopgap measure to extend DES security without replacing it entirely, created by running DES three times with different keys.

3DES Configuration Options:

ConfigurationKeys UsedEffective Key LengthSecurity LevelPerformance
EDE with 3 keys (K1≠K2≠K3)3 independent 56-bit keys112-bit effectiveStrong3x slower than DES
EDE with 2 keys (K1=K3≠K2)2 distinct keys80-bit effectiveMedium (meet-in-middle attack)3x slower
EDE with 1 key (K1=K2=K3)1 key (backward compatible)56-bitSame as DES (insecure)No benefit

EDE Process: Encrypt with K1 → Decrypt with K2 → Encrypt with K3

Exam Tip: 3DES uses the pattern E-D-E (Encrypt-Decrypt-Encrypt) with three separate keys. When all three keys are the same, it becomes equivalent to single DES. NIST deprecated 3DES in 2017 for new applications (disallowed for new systems after 2023) due to SWEET32 birthday attack vulnerability.

---

Advanced Encryption Standard (AES)

AES (Rijndael algorithm, by Belgian cryptographers Joan Daemen and Vincent Rijmen) replaced DES as the global standard in 2001 following an open competition by NIST. It is the most widely deployed encryption algorithm in the world.

AES Technical Specifications:

PropertyAES-128AES-192AES-256Significance
Key Length128 bits192 bits256 bits128-bit has 3.4 × 10³⁸ possible keys
Block Size128 bits128 bits128 bitsFixed, unlike variable in Rijndael
Number of Rounds101214More rounds = more security
Algorithm TypeSubstitution-Permutation NetworkSameSameFaster than Feistel on modern CPUs
FIPS StandardFIPS 197FIPS 197FIPS 197NSA approved for TOP SECRET (AES-256)
StatusCurrent standardCurrent standardGold standardNo practical attacks known

AES Round Operations (each of 10-14 rounds):

  1. SubBytes: Each byte replaced by corresponding value in AES S-box (non-linear substitution)
  2. ShiftRows: Rows of the 4×4 state matrix are cyclically shifted by 0, 1, 2, 3 positions
  3. MixColumns: Each column multiplied by a fixed matrix in GF(2⁸) — provides diffusion
  4. AddRoundKey: XOR state with round-specific key (128-bit derived from main key via key schedule)

AES Modes of Operation:

ModeFull NameHow It WorksUse CaseIV Required
ECBElectronic CodebookEach block encrypted independentlySimple, rarely recommendedNo
CBCCipher Block ChainingEach block XOR'd with previous ciphertext before encryptionFile encryption, TLS (legacy)Yes
CTRCounter ModeEncrypts incrementing counter, XOR with plaintextStreaming data, parallel processingYes (nonce)
GCMGalois/Counter ModeCTR + authentication tag (AEAD)TLS 1.3, HTTPSYes (96-bit)
CCMCounter with CBC-MACCTR + CBC-MAC authenticationIoT, IEEE 802.11i (WPA2)Yes

---

The Key Distribution Problem

The fundamental weakness of symmetric cryptography is that both parties need the same key, but sharing that key securely requires a secure channel — which is exactly what encryption is meant to provide. This circular dependency is the key distribution problem.

Solutions to the Key Distribution Problem:

SolutionHow It WorksLimitationExample
Physical Key ExchangeExchange key in person or via courierImpractical for internet-scaleDiplomatic pouches, nuclear launch codes
Key Distribution Center (KDC)Trusted third party distributes keysKDC is single point of failureKerberos protocol
Diffie-Hellman Key ExchangeMathematical protocol to derive shared secret over insecure channelVulnerable to man-in-the-middle (without authentication)TLS handshake, SSH
Asymmetric Key WrappingUse RSA to encrypt and transmit the symmetric session keyRequires PKI infrastructureTLS, S/MIME

---

Study Deep: Symmetric Cryptography

  1. AES is hardware-accelerated: Intel and AMD CPUs include AES-NI (AES New Instructions) — dedicated CPU instructions that perform AES rounds in hardware, making AES encryption 3-10x faster than software implementation. On modern CPUs, AES encryption achieves multi-GB/s throughput. This is why AES is used for full-disk encryption (BitLocker, FileVault) without noticeable performance impact.
  1. ECB mode reveals patterns: In ECB mode, identical plaintext blocks produce identical ciphertext blocks. This is the famous "ECB penguin" — encrypting a bitmap image with ECB reveals the image's outlines in the ciphertext. This is why ECB should NEVER be used. Always use CBC, CTR, or GCM mode.
  1. Stream ciphers vs block ciphers: AES and DES are block ciphers (encrypt fixed-size blocks). Stream ciphers (RC4, ChaCha20) encrypt one bit/byte at a time, making them suited for streaming applications. RC4 is cryptographically broken (used in WEP — WiFi encryption before WPA2). ChaCha20 (used in TLS 1.3 and HTTPS on mobile) is the modern stream cipher.
  1. Padding oracle attacks exploit CBC mode: CBC mode requires plaintext to be padded to block size (PKCS#7 padding). If an attacker can observe decryption error messages (whether padding is valid), they can decrypt any CBC ciphertext without the key — the padding oracle attack. This is why authenticated encryption (GCM/AEAD) is preferred — it detects tampering before decryption.
  1. WhatsApp, Signal, iMessage use AES for data: End-to-end encrypted messaging apps use AES-256 (in CTR or GCM mode) for message encryption and RSA/ECDH for key exchange. WhatsApp alone encrypts approximately 100 billion messages per day using this approach.