upgrade
Fiveable

๐Ÿ”’Cybersecurity and Cryptography Unit 8 Review

QR code for Cybersecurity and Cryptography practice questions

8.1 Symmetric Key Algorithms (DES, AES)

๐Ÿ”’Cybersecurity and Cryptography
Unit 8 Review

8.1 Symmetric Key Algorithms (DES, AES)

Written by the Fiveable Content Team โ€ข Last updated September 2025
Written by the Fiveable Content Team โ€ข Last updated September 2025
๐Ÿ”’Cybersecurity and Cryptography
Unit & Topic Study Guides
8.1 Symmetric Key Algorithms (DES, AES)
8.2 Block Cipher Modes of Operation
8.3 Stream Ciphers

Symmetric key algorithms are the backbone of modern cryptography. DES and AES, two pivotal ciphers, use shared secret keys for both encryption and decryption. These algorithms form the foundation of secure communication in our digital world.

DES, though outdated, paved the way for stronger ciphers like AES. These algorithms use complex structures like Feistel networks and substitution-permutation networks to scramble data. Understanding their inner workings is key to grasping modern encryption techniques.

Symmetric Key Algorithms

DES and Triple DES

  • Data Encryption Standard (DES) developed by IBM in the 1970s uses a 56-bit key and operates on 64-bit blocks
  • DES employs 16 rounds of encryption involving substitution and permutation operations
  • Triple DES (3DES) enhances security by applying DES algorithm three times with different keys
  • 3DES uses a total key length of 168 bits (56 3) providing stronger protection against brute-force attacks
  • DES vulnerability to attacks led to its replacement by more secure algorithms

Advanced Encryption Standard (AES)

  • Advanced Encryption Standard (AES) selected by NIST in 2001 as the successor to DES
  • AES supports key sizes of 128, 192, and 256 bits operating on 128-bit blocks
  • Rijndael algorithm forms the basis of AES with modifications to fit NIST specifications
  • AES employs a series of substitution and permutation operations in multiple rounds (10, 12, or 14 depending on key size)
  • AES offers improved security, efficiency, and flexibility compared to DES
  • Widely adopted for secure communications, file encryption, and various cryptographic applications

Algorithm Structure

Feistel Network Architecture

  • Feistel Network divides input block into two halves processed separately in each round
  • Round function applies a cryptographic operation to one half using a subkey
  • Result of round function XORed with the other half, then halves swapped
  • Feistel structure allows for use of the same algorithm for both encryption and decryption
  • DES utilizes Feistel Network architecture in its design

Substitution-Permutation Network (SPN)

  • Substitution-Permutation Network alternates between substitution and permutation operations
  • Substitution layer replaces input bits with different values using S-boxes
  • Permutation layer rearranges the bits to diffuse the substitution effects
  • SPN structure provides confusion and diffusion properties essential for strong encryption
  • AES implements a variant of SPN called SubBytes-ShiftRows-MixColumns-AddRoundKey

Rounds and S-boxes

  • Rounds refer to the repeated application of a set of operations in the encryption process
  • Multiple rounds increase security by compounding the effects of each operation
  • DES uses 16 rounds while AES uses 10, 12, or 14 rounds depending on key size
  • S-boxes (Substitution boxes) perform non-linear substitutions on input bits
  • S-boxes introduce confusion by creating complex relationships between key and ciphertext
  • DES employs eight different 6x4-bit S-boxes while AES uses a single 8x8-bit S-box

Key Management

Key Size and Security

  • Key size directly impacts the algorithm's resistance to brute-force attacks
  • Larger key sizes exponentially increase the number of possible keys
  • DES 56-bit key considered inadequate for modern security standards
  • AES key sizes (128, 192, 256 bits) provide significantly stronger protection
  • Key size selection balances security requirements with computational efficiency

Key Schedule and Subkeys

  • Key schedule algorithm derives round keys (subkeys) from the main encryption key
  • Each round of encryption uses a different subkey to enhance security
  • DES key schedule generates sixteen 48-bit subkeys from the original 56-bit key
  • AES key schedule expands the original key into a larger key schedule
  • AES subkey generation varies based on the chosen key size (128, 192, or 256 bits)

Block Size and Modes of Operation

  • Block size determines the amount of data processed in each encryption operation
  • DES operates on 64-bit blocks while AES uses 128-bit blocks
  • Larger block sizes reduce vulnerability to certain cryptanalytic attacks
  • Block ciphers can operate in various modes to handle data larger than the block size
  • Common modes include Electronic Codebook (ECB), Cipher Block Chaining (CBC), and Counter (CTR)
  • Mode selection impacts security, performance, and ability to parallelize encryption operations