Detailed Explanation of Symmetric Cryptographic Algorithms: The Evolution of Encryption from DES to AES

In the two main branches of cryptography, symmetric cryptographic algorithms have become the core tool for data encryption due to their efficiency. From the early DES to the current AES, symmetric cryptography has played an irreplaceable role in fields such as financial transactions, data storage, and network communication. This article will systematically analyze the core characteristics of symmetric cryptography, delve into the algorithmic principles, advantages, disadvantages, and application scenarios of DES and AES, and provide practical cases and code implementations to help readers master the practical applications of symmetric cryptography.

1. Core Characteristics and Classification of Symmetric Cryptographic Algorithms

Symmetric cryptographic algorithms, also known as single-key cryptographic algorithms, are characterized by the fact that the same key is used for both encryption and decryption. This “key sharing” feature allows for much greater efficiency compared to asymmetric cryptography, but it also brings challenges in key distribution and management.

1.1 Core Advantages of Symmetric Cryptography

  • High computational efficiency: The encryption and decryption processes mainly rely on simple operations such as substitution, permutation, and XOR, making it suitable for handling large amounts of data (e.g., file encryption, real-time communication). For example, the encryption speed of AES-128 can exceed that of RSA-2048 by more than 1000 times.

  • Simple implementation: The algorithm logic is relatively straightforward, making it easy to implement efficiently in hardware (such as dedicated chips) and software.

  • Wide applicability: Symmetric cryptographic algorithms can be deployed in a range of devices from embedded systems (such as IoT sensors) to large servers.

1.2 Classification of Symmetric Cryptography

Symmetric cryptography can be divided into two categories based on the encryption method:

1. Block Ciphers:

  • Plaintext is divided into fixed-length blocks (e.g., 64 bits, 128 bits) for encryption.

  • Representative algorithms: DES, AES, IDEA, Blowfish.

  • Requires working modes (e.g., ECB, CBC, GCM) to handle data longer than the block size.

2. Stream Ciphers:

  • Treats plaintext as a byte stream or bit stream, performing XOR operations bit by bit (or byte by byte) with the key stream.

  • Representative algorithms: RC4, Salsa20, ChaCha20.

  • Good real-time performance, suitable for streaming media, satellite communication, etc.

This article focuses on the two benchmark algorithms in block ciphers: DES and AES.

2. Data Encryption Standard (DES): The Pioneer of Block Ciphers

DES (Data Encryption Standard) is a classic block cipher developed by IBM, adopted as a federal standard by the U.S. National Bureau of Standards (NBS) in 1977, and dominated global cryptographic applications for nearly 30 years. Although it has been phased out due to insufficient security, its design principles (such as the Feistel structure) have profoundly influenced subsequent algorithms.

2.1 Core Principles of DES

2.1.1 Basic Parameters

  • Block length: 64 bits (both plaintext and ciphertext are 64 bits).

  • Key length: 64 bits (including 8 parity bits, the actual effective key is 56 bits).

  • Number of rounds: 16 rounds of iteration (each round uses a different subkey).

  • Structure: Feistel network (symmetric structure for encryption and decryption).

2.1.2 Encryption Process (64-bit Plaintext → 64-bit Ciphertext)

The encryption process of DES can be divided into 8 steps, with the core being 16 rounds of Feistel iteration:

Initial Permutation (IP):

The 64-bit plaintext is rearranged according to a fixed permutation table (e.g., the 58th bit → the 1st bit, the 50th bit → the 2nd bit, etc.), breaking the original structure of the plaintext.

Splitting the Block:

The permuted data is divided into two parts: L0 (left 32 bits) and R0 (right 32 bits).

16 Rounds of Iteration:

Each round of iteration follows the Feistel rule:

  • Input for the i-th round: Li-1 (left 32 bits), Ri-1 (right 32 bits).

  • Round function F: Combines Ri-1 with the i-th round subkey Ki to output a 32-bit result.

  • Iteration formula:

 Li = Ri-1 Ri = Li-1 ⊕ F(Ri-1, Ki)

Here, the round function F consists of 4 steps: expansion permutation (32 bits → 48 bits), XOR with the subkey, S-box substitution (48 bits → 32 bits, core nonlinear operation), and P-box permutation (rearrangement of 32 bits).

4. Final Permutation (IP⁻¹):

After 16 rounds of iteration, the left and right parts (R16, L16) are concatenated to form 64 bits, which are then subjected to the inverse of the initial permutation to obtain the 64-bit ciphertext.

2.1.3 Subkey Generation (56-bit Key → 16 48-bit Subkeys)

The 56-bit effective key generates 16 48-bit subkeys (one for each round) through “key scheduling”:

Key Compression: The 56-bit key is divided into two parts (C0=28 bits, D0=28 bits).

Left Circular Shift: Each round performs a 1 or 2 bit left circular shift on Ci-1 and Di-1 (1 bit for rounds 1, 2, 9, 16; 2 bits for others), resulting in Ci and Di.

Compression Permutation (PC-2): The 56-bit data from Ci and Di is compressed to 48 bits to generate the subkey Ki.

2.1.4 Decryption Process

The decryption process of DES uses the same algorithm as encryption, but the subkeys are input in reverse order (K16 → K1). This is an advantage of the Feistel structure: encryption and decryption can share the same hardware/software implementation, differing only in the order of the subkeys.

2.2 Analysis of DES Advantages and Disadvantages

2.2.1 Advantages

  • Simplified structure: The Feistel network design allows for highly symmetric encryption and decryption, resulting in low implementation costs.

  • High standardization: Widely used globally, with mature software and hardware support (e.g., early ATMs, credit card systems).

  • Resistance to differential analysis: The design of 16 rounds was effective against simple differential attacks at the time.

2.2.2 Fatal Disadvantages (Leading to Phasing Out)

Short key length: The 56-bit key was brute-forced by the EFF (Electronic Frontier Foundation) using a dedicated chip “Deep Crack” in just 56 hours in 1998; by 2008, a regular computer cluster could crack it in one day.

Insufficient block length: The 64-bit block size can lead to repeated patterns during large data encryption (e.g., in ECB mode, identical plaintext blocks generate identical ciphertext).

Security relies on the number of iterations: 16 rounds are insufficient against modern attacks (differential analysis requires 247 chosen plaintexts, which is practically achievable).

2.3 Derivative Algorithms and Application Scenarios of DES

To address the shortcomings of DES, researchers have proposed various enhancement schemes:

3DES (Triple DES): By performing three rounds of DES encryption (EDE mode: encrypt → decrypt → encrypt), the effective key length is increased to 112 or 168 bits, significantly enhancing security. 3DES was widely used as a transitional solution in the financial sector (e.g., for credit card encryption), but due to its low efficiency (three times slower than AES), it has gradually been replaced by AES in recent years.

DESX: Adds pre- and post-key XOR operations to DES, increasing the key length to 128 bits, but it has not become a standard.

2.3.1 Historical Application Scenarios

  • Financial transactions: Early ATM machines, credit card magnetic stripe encryption.

  • Government communications: Encryption of non-classified data for U.S. federal agencies.

  • Operating systems: Early versions of file encryption systems (EFS) in Windows NT.

  • Current status: DES has been officially deprecated by NIST, and 3DES is also recommended to be phased out after 2023, now only seen in legacy systems.

3. Advanced Encryption Standard (AES): The Benchmark of Contemporary Symmetric Cryptography

AES (Advanced Encryption Standard) is a new generation block cipher designed to replace DES, based on the Rijndael algorithm proposed by Belgian cryptographers Joan Daemen and Vincent Rijmen, and adopted as a standard by NIST in 2001. AES has become the most widely used encryption algorithm globally due to its high security, efficiency, and flexibility.

3.1 Core Principles of AES

3.1.1 Basic Parameters

  • Block length: Fixed at 128 bits (both plaintext and ciphertext are 128 bits).

  • Key length: Supports 128, 192, and 256 bits (corresponding to different numbers of rounds).

  • Number of rounds: 10 rounds for 128-bit keys; 12 rounds for 192-bit keys; 14 rounds for 256-bit keys.

  • Structure: SP network (Substitution-Permutation Network, alternating substitution and permutation).

3.1.2 Encryption Process (128-bit Plaintext → 128-bit Ciphertext)

AES treats the 128-bit plaintext as a 4×4 byte matrix (state matrix), and the encryption process involves multiple rounds of transformations, each consisting of 4 steps (the last round does not include column mixing):

Byte Substitution (SubBytes):

  • Core nonlinear operation: Each byte in the matrix is replaced by another byte through an S-box (8×8 substitution table).

  • The S-box is based on the inverse element operation in the finite field GF(28), ensuring that small changes in input lead to significant differences in output (avalanche effect).

  • Example: Byte 0x12 becomes 0xc9 after S-box substitution (fixed value in the AES standard S-box).

Row Shifting (ShiftRows):

  • Perform cyclic left shifts on the rows of the matrix:

  • Row 0: No shift;

  • Row 1: Shift left by 1;

  • Row 2: Shift left by 2;

  • Row 3: Shift left by 3.

  • Purpose: To diffuse data and break column-wise correlations.

Column Mixing (MixColumns):

  • Treat each column as a polynomial over GF(28) and multiply it by a fixed polynomial (0x03x³ + 0x01x² + 0x01x + 0x02).

  • Example: A column [0x8e, 0x4d, 0x1c, 0xa0] becomes [0x41, 0xa8, 0x53, 0x0c] after mixing.

  • Function: To diffuse data between columns, enhancing resistance to differential analysis.

Add Round Key (AddRoundKey):

  • XOR the matrix with the current round subkey (128 bits).

  • The subkey is generated from the original key through “key expansion”, with each round subkey being nonlinearly related to the original key.

3.1.3 Key Expansion

AES’s key expansion transforms the original 128/192/256-bit key into round keys (10+1=11 128-bit subkeys corresponding to 10 rounds):

  • Expansion rules: The first four words are taken directly from the original key, while subsequent words are generated by XORing the previous word with a “round constant”, applying S-box substitution, and performing cyclic shifts.

  • Purpose: To ensure the randomness and independence of each round’s subkey.

3.1.4 Decryption Process

The decryption process of AES is the reverse of encryption, consisting of: inverse Add Round Key → inverse MixColumns → inverse ShiftRows → inverse SubBytes. Unlike DES, the decryption steps of AES are not simply the reverse of the encryption steps, but use inverse operations (such as inverse S-box and inverse column mixing polynomials), yet can still be implemented efficiently.

3.2 Analysis of AES Advantages and Disadvantages

3.2.1 Significant Advantages

High security:

  • Key lengths of 128/192/256 bits are supported, with 256-bit keys being virtually impossible to brute-force in the foreseeable future (including the early stages of quantum computing).

  • Strong resistance to differential and linear analysis: The design of AES’s S-box and column mixing results in a differential probability as low as 2−128, with negligible linear bias.

  • No fatal flaws have been found in nearly 20 years of scrutiny by the global cryptographic community.

High efficiency:

  • The algorithm steps (byte substitution, shifting, XOR) are suitable for hardware implementation (dedicated chips can achieve speeds of GB/s).

  • Software implementation is flexible: Efficient execution can be achieved on CPUs using table lookup methods (pre-stored S-box), and scripting languages like Python can easily implement it.

Flexibility:

  • Supports various key lengths, allowing selection based on security needs (e.g., 128 bits for embedded devices, 256 bits for military-grade security).

  • Adaptable to various scenarios: From IoT sensors (low power) to supercomputers (high throughput).

3.2.2 Potential Drawbacks

  • Fixed block length: The 128-bit block size may require more complex working modes (e.g., GCM) in specific scenarios (such as encrypting very large data).

  • Higher implementation threshold than DES: The nonlinear operations of the SP network (such as polynomial multiplication in column mixing) are more complex than the Feistel structure, making it easier to introduce vulnerabilities (such as side-channel leaks) due to implementation errors.

3.3 Working Modes of AES

As a block cipher, AES requires working modes to handle plaintext longer than 128 bits. NIST-recommended secure modes include:

GCM (Galois/Counter Mode):

  • Supports encryption + authentication (ensuring both confidentiality and integrity), widely used in TLS 1.2/1.3, IPsec, and storage encryption.

  • Features: Strong parallel computing capability, suitable for high-throughput scenarios.

CBC (Cipher Block Chaining):

  • Requires an initialization vector (IV), with each plaintext block XORed with the previous ciphertext block before encryption to avoid repeated patterns.

  • Applications: Early HTTPS, file encryption (e.g., TrueCrypt), but due to lack of authentication, it must be used with HMAC.

CTR (Counter Mode):

  • Encrypts the counter and XORs it with the plaintext, supporting parallel encryption, suitable for streaming media.

  • Applications: Scenarios optimized with the AES-NI instruction set, such as database encryption.

  • Note: ECB mode (Electronic Codebook) is strictly prohibited in practice due to its poor security (identical plaintext blocks generate identical ciphertext).

3.4 Application Scenarios of AES

AES is currently the most widely used encryption algorithm, covering almost all scenarios requiring confidentiality:

Network communication:

  • HTTPS/TLS: After the client and server handshake, data is encrypted using AES-GCM (e.g., communication between browsers and e-commerce websites).

  • VPN: Protocols like OpenVPN and WireGuard use AES to encrypt tunnel data.

  • Wireless communication: Wi-Fi (WPA2/WPA3) uses AES-CCMP to encrypt wireless frames.

Data storage:

  • Disk encryption: BitLocker (Windows), FileVault (macOS), and LUKS (Linux) all use AES as the core algorithm.

  • Database encryption: Transparent Data Encryption (TDE) in MySQL and PostgreSQL uses AES to encrypt sensitive fields.

  • Cloud storage: Server-side encryption in AWS S3 and Alibaba Cloud OSS is based on AES-256.

Embedded and IoT:

  • Smart cards: SIM cards and bank cards use AES to encrypt user data.

  • Sensors: Industrial IoT devices use AES to encrypt collected data (low-power implementation).

Blockchain and digital currencies:

  • Private key encryption: Bitcoin and Ethereum wallets use AES-256 to encrypt private keys (combined with user passwords).

  • Transaction encryption: Some privacy coins (e.g., Zcash) use AES to hide transaction details.

Python Implementation of AES Encryption and Decryption (Using PyCryptodome Library):

from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes
import base64
def aes_encrypt(plaintext, key, mode=AES.MODE_GCM):    """AES encryption (supports GCM mode with authentication)"""    # Generate random IV (initialization vector) and nonce (specific to GCM mode)    iv = get_random_bytes(AES.block_size)    nonce = get_random_bytes(12)  # GCM recommends a 12-byte nonce    # Create the encryptor    cipher = AES.new(key, mode, iv=iv, nonce=nonce)    # Encrypt + pad (GCM mode automatically handles padding, this is compatible with other modes)    if mode in (AES.MODE_CBC, AES.MODE_ECB):  # ECB is not recommended, shown for example only        ciphertext = cipher.encrypt(pad(plaintext.encode(), AES.block_size))    else:        ciphertext = cipher.encrypt(plaintext.encode())    # GCM mode generates an authentication tag (ensuring integrity)    tag = cipher.digest() if mode == AES.MODE_GCM else b''    # Concatenate IV, nonce, tag, and ciphertext, base64 encode for transmission    return base64.b64encode(iv + nonce + tag + ciphertext).decode()
def aes_decrypt(ciphertext_b64, key, mode=AES.MODE_GCM):    """AES decryption (corresponding to encryption mode)"""    # Decode and split each part    data = base64.b64decode(ciphertext_b64)    iv_len = AES.block_size    nonce_len = 12    tag_len = 16 if mode == AES.MODE_GCM else 0    iv = data[:iv_len]    nonce = data[iv_len:iv_len+nonce_len]    tag = data[iv_len+nonce_len:iv_len+nonce_len+tag_len]    ciphertext = data[iv_len+nonce_len+tag_len:]    # Create the decryptor    cipher = AES.new(key, mode, iv=iv, nonce=nonce)    # Decrypt (GCM mode requires tag verification)    if mode == AES.MODE_GCM:        plaintext = cipher.decrypt_and_verify(ciphertext, tag)    else:        plaintext = unpad(cipher.decrypt(ciphertext), AES.block_size)    return plaintext.decode()# Test AES-256-GCM encryption and decryptionif __name__ == "__main__":    key = get_random_bytes(32)  # 256-bit key    plaintext = "This is a piece of sensitive data that needs to be encrypted: AES encryption test 123"    print(f"Plaintext: {plaintext}")    ciphertext = aes_encrypt(plaintext, key)    print(f"Ciphertext: {ciphertext}")    decrypted = aes_decrypt(ciphertext, key)    print(f"Decrypted: {decrypted}")  # Should match the plaintext

4. Typical Application Scenarios of Symmetric Cryptography

Due to its efficiency and ease of use, symmetric cryptography plays a core role in the following scenarios:

4.1 Local Data Encryption

Sensitive data stored locally (such as files, databases, configuration information) needs to be encrypted to prevent unauthorized access or loss of devices:

  • File encryption: User documents and backup files are encrypted using AES-256-CBC (e.g., encrypted compressed packages in 7-Zip).

  • Operating system encryption: Full disk encryption (FDE) uses AES to encrypt disk sectors in real-time, verifying the key at boot (e.g., BitLocker uses a TPM chip to store the key).

  • Application data encryption: Password managers (e.g., 1Password) use AES to encrypt user password databases, decrypting only with the master password.

  • Advantages: Symmetric encryption does not require key transmission (the key is kept by the user), making it suitable for offline scenarios.

4.2 Internal Communication Encryption

Internal LAN communications within enterprises/organizations need to prevent eavesdropping, making symmetric cryptography the preferred choice:

  • VPN tunnels: Remote work accesses internal networks through AES-encrypted VPNs (e.g., Cisco AnyConnect uses AES-256-GCM).

  • Database connections: JDBC/ODBC connections between application servers and databases use AES to encrypt SQL statements and results.

  • IoT device communication: Smart home devices (e.g., cameras, locks) use lightweight AES variants (e.g., AES-CCM) to encrypt control commands.

  • Advantages: Internal networks can manage symmetric keys through pre-shared keys (PSK), avoiding the high overhead of asymmetric encryption.

4.3 Large-Scale Data Encryption

When processing massive amounts of data (e.g., logs, videos, backups), the efficiency of symmetric encryption is crucial:

  • Cloud storage encryption: Users encrypt files with AES before uploading them to the cloud, with the cloud storing only ciphertext (e.g., client-side encryption tools like Cryptomator).

  • Big data platforms: Hadoop and Spark use AES to encrypt sensitive datasets, with keys managed by a Key Management System (KMS).

  • Video surveillance: Video streams recorded by security cameras are encrypted in real-time using AES to prevent tampering during transmission or storage.

  • Advantages: The low latency and high throughput of symmetric encryption can meet the performance requirements of big data scenarios.

4.4 Combined Applications with Asymmetric Cryptography

The key distribution problem of symmetric cryptography (how to securely share keys) is typically solved using asymmetric cryptography, with a typical pattern being “hybrid encryption”:

  • The sender generates a random symmetric key (e.g., an AES-256 key) to encrypt the plaintext.

  • The sender encrypts the symmetric key using the receiver’s public key (e.g., RSA-2048).

  • The receiver decrypts the symmetric key with their private key and then decrypts the plaintext.

Application example: HTTPS handshake process

  • The client and server negotiate the AES working mode and key length.

  • The client generates a random “pre-master key” and encrypts it with the server’s public key for transmission.

  • Both parties generate an AES session key based on the pre-master key, using AES for subsequent communication.

  • Advantages: This combines the efficiency of symmetric encryption with the key distribution advantages of asymmetric encryption, making it the standard mode for internet communication.

5. Security Practices and Considerations for Symmetric Cryptography

When using symmetric cryptography, the following principles should be followed to avoid security risks:

5.1 Key Management is Key

The security of symmetric cryptography entirely depends on the key— even if the algorithm is perfect, key leakage can lead to total failure:

  • Key generation: Use a CSPRNG (Cryptographically Secure Random Number Generator) to generate keys (e.g., Python’s secrets module), avoiding hard-coded keys.

  • Key storage: Store core keys in hardware security modules (HSM) or TPM chips, avoiding plaintext storage in files or memory.

  • Key rotation: Regularly update keys (e.g., every 90 days) and securely destroy historical keys (e.g., overwrite with random data).

  • Least privilege: Grant key access only to necessary users/processes, auditing key usage records through KMS.

5.2 Choose Appropriate Working Modes

The working mode of block ciphers directly affects security, and insecure modes should be avoided:

  • Do not use ECB: Identical plaintext blocks generate identical ciphertext, exposing data patterns (e.g., encrypting images reveals outlines).

  • Prioritize authenticated encryption modes: Modes like GCM and CCM provide both encryption and authentication, avoiding the pitfalls of using CBC+HMAC alone (which can fail due to implementation errors).

  • Correct use of IV/nonce: The IV in CBC mode must be random and unique; the nonce in GCM mode must never repeat (under the same key), or the authentication tag can be forged.

5.3 Algorithm and Key Length Selection

Select algorithms and key lengths based on security needs:

  • Eliminate DES/3DES: DES is completely insecure, and 3DES is only used for legacy system migration due to its low efficiency.

  • Recommend AES-128/256: Use AES-128 for general scenarios (balancing security and efficiency) and AES-256 for high-security needs (e.g., military, financial).

  • Beware of lightweight algorithms: Lightweight algorithms for IoT scenarios (e.g., PRESENT, SIMON) require thorough scrutiny, avoiding self-developed algorithms.

5.4 Defend Against Side-Channel Attacks

Implementations of symmetric cryptography must prevent side-channel leaks (e.g., timing, power consumption, electromagnetic radiation related to the key):

  • Constant-time implementation: The execution time of encryption and decryption should not depend on the key (e.g., avoid branch statements that depend on key bits).

  • Masking techniques: Combine the key with random masks so that the physical characteristics of intermediate results are independent of the key.

  • Hardware protection: Use AES chips resistant to side-channel attacks in critical systems (e.g., power analysis modules in smart cards).

6. The Future of Symmetric Cryptography: Quantum Resistance and Lightweight Design

With the development of quantum computing and IoT, symmetric cryptography is evolving in two directions:

6.1 Quantum-resistant Symmetric Cryptography

Quantum computers can break RSA, ECC, and other asymmetric cryptography using Shor’s algorithm, but pose limited threats to symmetric cryptography (Grover’s algorithm only halves key security). NIST recommends increasing key lengths to address this:

  • AES-128 should be upgraded to AES-256 (equivalent to quantum security level).

  • Future quantum-resistant symmetric algorithms may emerge (e.g., block ciphers based on hash functions).

6.2 Lightweight Symmetric Cryptography

IoT devices (e.g., sensors, RFID) are limited in computing power and energy consumption, necessitating lightweight algorithms:

  • International standards: ISO/IEC 29192 defines lightweight block ciphers (e.g., PRESENT, CLEFIA).

  • AES variants: Simplified versions of AES-128 (e.g., reducing the number of rounds to 6) are applied in resource-constrained devices.

  • Design trends: Smaller block lengths (64 bits), fewer logic gates, and lower power consumption.

7. Conclusion: The Irreplaceable Position of Symmetric Cryptography

From DES to AES, symmetric cryptography has always been a cornerstone of cryptographic applications. Its efficiency, security, and ease of use make it irreplaceable in local encryption, communication encryption, and large-scale data processing scenarios. Despite the key distribution problem, this issue has been effectively resolved through the combination with asymmetric cryptography (hybrid encryption).

For developers and security engineers, mastering the principles and practices of symmetric cryptography is crucial: choosing standard algorithms like AES-256, correctly using secure modes like GCM, and strengthening key management are essential to building truly secure systems.

The history of symmetric cryptography demonstrates that security is relative, and the advancement of cryptography continues to progress in the ongoing battle between attack and defense. In the future, facing the challenges of quantum computing and IoT, symmetric cryptography will continue to evolve, but its core position—efficiently protecting information confidentiality—will remain unchanged.

References:

  • NIST FIPS 46-3 “Data Encryption Standard (DES)”

  • NIST FIPS 197 “Advanced Encryption Standard (AES)”

  • “Applied Cryptography” (Bruce Schneier)

  • “Principles and Implementation of the AES Encryption Algorithm” (Rijmen, Daemen)

  • OWASP “Cryptographic Storage Cheat Sheet”

Leave a Comment