Symmetric Cryptography: DES, AES & 3DES
Symmetric-key cryptography is an encryption method where the same key is used for both encryption and decryption. The key must be shared between the communicating parties through a secure channel before communication can begin. This is the "key distribution problem" — the fundamental challenge of symmetric systems.
---
Data Encryption Standard (DES)
DES was published by NIST in 1977 and became the global encryption standard for over 20 years. It was a block cipher — it divides plaintext into fixed-size blocks and encrypts each block.
DES Technical Specifications:
| Property | Value | Significance | Modern Status |
|---|---|---|---|
| Block Size | 64 bits | Processes 8 bytes at a time | Too small by modern standards |
| Key Length | 56 bits | NSA-mandated reduction from 64 (8 parity bits) | Broken — brute-forceable |
| Number of Rounds | 16 | Feistel network structure | Provides confusion and diffusion |
| Algorithm Type | Feistel Network (block cipher) | Symmetric, efficient hardware implementation | Foundation for DES variants |
| Published | 1977 (FIPS PUB 46) | First standardized encryption | Historical significance |
| Cracked | 1998 (EFF Deep Crack, 22 hours) | 56-bit key too short | Deprecated since 2001 |
DES Feistel Network (16-round Encryption Process):
- Initial Permutation (IP): Input 64-bit plaintext block is permuted according to a fixed table
- 16 Rounds: Block split into L (left 32 bits) and R (right 32 bits). Each round: L_new = R_old; R_new = L_old XOR F(R_old, subkey)
- F-Function: Expands R from 32 to 48 bits, XORs with 48-bit subkey, passes through 8 S-boxes (substitution), then permutes output
- Final Permutation (FP): Inverse of IP; produces 64-bit ciphertext block
---
Triple DES (3DES / TDEA)
3DES was a stopgap measure to extend DES security without replacing it entirely, created by running DES three times with different keys.
3DES Configuration Options:
| Configuration | Keys Used | Effective Key Length | Security Level | Performance |
|---|---|---|---|---|
| EDE with 3 keys (K1≠K2≠K3) | 3 independent 56-bit keys | 112-bit effective | Strong | 3x slower than DES |
| EDE with 2 keys (K1=K3≠K2) | 2 distinct keys | 80-bit effective | Medium (meet-in-middle attack) | 3x slower |
| EDE with 1 key (K1=K2=K3) | 1 key (backward compatible) | 56-bit | Same as DES (insecure) | No benefit |
EDE Process: Encrypt with K1 → Decrypt with K2 → Encrypt with K3
Exam Tip: 3DES uses the pattern E-D-E (Encrypt-Decrypt-Encrypt) with three separate keys. When all three keys are the same, it becomes equivalent to single DES. NIST deprecated 3DES in 2017 for new applications (disallowed for new systems after 2023) due to SWEET32 birthday attack vulnerability.
---
Advanced Encryption Standard (AES)
AES (Rijndael algorithm, by Belgian cryptographers Joan Daemen and Vincent Rijmen) replaced DES as the global standard in 2001 following an open competition by NIST. It is the most widely deployed encryption algorithm in the world.
AES Technical Specifications:
| Property | AES-128 | AES-192 | AES-256 | Significance |
|---|---|---|---|---|
| Key Length | 128 bits | 192 bits | 256 bits | 128-bit has 3.4 × 10³⁸ possible keys |
| Block Size | 128 bits | 128 bits | 128 bits | Fixed, unlike variable in Rijndael |
| Number of Rounds | 10 | 12 | 14 | More rounds = more security |
| Algorithm Type | Substitution-Permutation Network | Same | Same | Faster than Feistel on modern CPUs |
| FIPS Standard | FIPS 197 | FIPS 197 | FIPS 197 | NSA approved for TOP SECRET (AES-256) |
| Status | Current standard | Current standard | Gold standard | No practical attacks known |
AES Round Operations (each of 10-14 rounds):
- SubBytes: Each byte replaced by corresponding value in AES S-box (non-linear substitution)
- ShiftRows: Rows of the 4×4 state matrix are cyclically shifted by 0, 1, 2, 3 positions
- MixColumns: Each column multiplied by a fixed matrix in GF(2⁸) — provides diffusion
- AddRoundKey: XOR state with round-specific key (128-bit derived from main key via key schedule)
AES Modes of Operation:
| Mode | Full Name | How It Works | Use Case | IV Required |
|---|---|---|---|---|
| ECB | Electronic Codebook | Each block encrypted independently | Simple, rarely recommended | No |
| CBC | Cipher Block Chaining | Each block XOR'd with previous ciphertext before encryption | File encryption, TLS (legacy) | Yes |
| CTR | Counter Mode | Encrypts incrementing counter, XOR with plaintext | Streaming data, parallel processing | Yes (nonce) |
| GCM | Galois/Counter Mode | CTR + authentication tag (AEAD) | TLS 1.3, HTTPS | Yes (96-bit) |
| CCM | Counter with CBC-MAC | CTR + CBC-MAC authentication | IoT, IEEE 802.11i (WPA2) | Yes |
---
The Key Distribution Problem
The fundamental weakness of symmetric cryptography is that both parties need the same key, but sharing that key securely requires a secure channel — which is exactly what encryption is meant to provide. This circular dependency is the key distribution problem.
Solutions to the Key Distribution Problem:
| Solution | How It Works | Limitation | Example |
|---|---|---|---|
| Physical Key Exchange | Exchange key in person or via courier | Impractical for internet-scale | Diplomatic pouches, nuclear launch codes |
| Key Distribution Center (KDC) | Trusted third party distributes keys | KDC is single point of failure | Kerberos protocol |
| Diffie-Hellman Key Exchange | Mathematical protocol to derive shared secret over insecure channel | Vulnerable to man-in-the-middle (without authentication) | TLS handshake, SSH |
| Asymmetric Key Wrapping | Use RSA to encrypt and transmit the symmetric session key | Requires PKI infrastructure | TLS, S/MIME |
---
Study Deep: Symmetric Cryptography
- AES is hardware-accelerated: Intel and AMD CPUs include AES-NI (AES New Instructions) — dedicated CPU instructions that perform AES rounds in hardware, making AES encryption 3-10x faster than software implementation. On modern CPUs, AES encryption achieves multi-GB/s throughput. This is why AES is used for full-disk encryption (BitLocker, FileVault) without noticeable performance impact.
- ECB mode reveals patterns: In ECB mode, identical plaintext blocks produce identical ciphertext blocks. This is the famous "ECB penguin" — encrypting a bitmap image with ECB reveals the image's outlines in the ciphertext. This is why ECB should NEVER be used. Always use CBC, CTR, or GCM mode.
- Stream ciphers vs block ciphers: AES and DES are block ciphers (encrypt fixed-size blocks). Stream ciphers (RC4, ChaCha20) encrypt one bit/byte at a time, making them suited for streaming applications. RC4 is cryptographically broken (used in WEP — WiFi encryption before WPA2). ChaCha20 (used in TLS 1.3 and HTTPS on mobile) is the modern stream cipher.
- Padding oracle attacks exploit CBC mode: CBC mode requires plaintext to be padded to block size (PKCS#7 padding). If an attacker can observe decryption error messages (whether padding is valid), they can decrypt any CBC ciphertext without the key — the padding oracle attack. This is why authenticated encryption (GCM/AEAD) is preferred — it detects tampering before decryption.
- WhatsApp, Signal, iMessage use AES for data: End-to-end encrypted messaging apps use AES-256 (in CTR or GCM mode) for message encryption and RSA/ECDH for key exchange. WhatsApp alone encrypts approximately 100 billion messages per day using this approach.