Symmetric Encryption

Symmetric encryption uses a single shared key for both encryption and decryption. It is the workhorse of modern cryptography — fast, efficient, and used to protect the vast majority of data at rest and in transit.

---

How Symmetric Encryption Works

graph LR
  subgraph Sender
    P1["Plaintext"] --> E["AES Encrypt + Key"]
    E --> C1["Ciphertext"]
  end
  subgraph Receiver
    C2["Ciphertext"] --> D["AES Decrypt + Key"]
    D --> P2["Plaintext"]
  end

Both parties must possess the same secret key. The fundamental challenge is: how do you securely share the key?

---

Block Ciphers vs Stream Ciphers

Feature	Block Cipher	Stream Cipher
Processing	Encrypts fixed-size blocks (e.g., 128 bits)	Encrypts one bit or byte at a time
Speed	Slightly slower per byte	Very fast, especially in hardware
Use case	File encryption, disk encryption, TLS	Real-time communications, wireless
Examples	AES, DES, 3DES, Blowfish	ChaCha20, RC4 (deprecated)

---

DES (Data Encryption Standard)

DES was adopted as a US federal standard in 1977:

• Block size: 64 bits
• Key size: 56 bits (effectively — 8 bits used for parity)
• Structure: 16-round Feistel network
• Status: Broken — a 56-bit key can be brute-forced in hours on modern hardware

The Feistel Network

DES uses a Feistel structure where each round:

1. Splits the block into left and right halves
2. Applies a round function (using a subkey) to the right half
3. XORs the result with the left half
4. Swaps the halves

graph TD
  L0["L0"] --> XOR["XOR"]
  R0["R0"] --> F["F(R0, K1)"]
  F --> XOR
  R0 --> L1["L1 = R0"]
  XOR --> R1["R1 = L0 XOR F(R0, K1)"]

Triple DES (3DES)

To extend DES's life, 3DES applies DES three times with two or three different keys:

$$\text{Ciphertext} = \mathrm{DES\_Encrypt}(K_3, \, \mathrm{DES\_Decrypt}(K_2, \, \mathrm{DES\_Encrypt}(K_1, \, \text{Plaintext})))$$Ciphertext=DES_Encrypt(K3​,DES_Decrypt(K2​,DES_Encrypt(K1​,Plaintext)))

• Effective key strength: 112 bits (with 2 keys) or 168 bits (with 3 keys)
• Status: Deprecated — too slow and superseded by AES

---

AES (Advanced Encryption Standard)

AES is the gold standard for symmetric encryption, adopted by NIST in 2001 after a public competition won by the Rijndael algorithm (by Joan Daemen and Vincent Rijmen).

AES Specifications

Property	Value
Block size	128 bits
Key sizes	128, 192, or 256 bits
Rounds	10 (128-bit), 12 (192-bit), or 14 (256-bit)
Structure	Substitution-permutation network (SPN)

AES Round Operations

Each AES round performs four operations:

1. SubBytes — non-linear substitution using a lookup table (S-box), providing confusion
2. ShiftRows — cyclically shifts bytes in each row, providing diffusion
3. MixColumns — mixes data within each column using matrix multiplication (skipped in the final round)
4. AddRoundKey — XORs the state with the round key

graph TD
  P["Plaintext"] --> A0["AddRoundKey (initial)"]
  A0 --> R["SubBytes / ShiftRows / MixColumns / AddRoundKey  (x 9/11/13 rounds)"]
  R --> SB["SubBytes"]
  SB --> SR["ShiftRows"]
  SR --> AF["AddRoundKey (final)"]
  AF --> C["Ciphertext"]

Why AES is Secure

• Large key space: AES-256 has 2^256 possible keys — brute force is computationally infeasible
• Strong mathematical design: the S-box resists linear and differential cryptanalysis
• Extensive peer review: publicly analysed since 1997 with no practical attacks found
• Hardware acceleration: Intel AES-NI instructions enable hardware-speed encryption

---

Modes of Operation