Symmetric-Key Cryptography
Cryptography Fundamentals
Chapter 5 · Symmetric-Key Cryptography — Block & Stream Ciphers, AES
Chapters 2 through 4 covered ciphers no one would trust with real data today — but the underlying ideas (substitution, permutation, and the danger of a repeating key) turn out to be exactly the ideas modern symmetric cryptography is built from, just executed with vastly more rigor and mathematical scrutiny. This chapter leaves history behind and covers the ciphers actually protecting real systems right now — including the ones briefly introduced in https1-2, covered here in real depth.
Block Ciphers vs. Stream Ciphers — Two Different Approaches
Modern symmetric cryptography splits into two families, based on how they handle data:
| Block ciphers | Stream ciphers | |
|---|---|---|
| Unit of operation | Fixed-size chunks ("blocks," e.g. 128 bits) | One bit or byte at a time |
| Partial data | Needs padding to fill out the last block | No padding needed at all |
| How it works | Complex, keyed transformation applied to each block | Generates a pseudorandom keystream, XORed with plaintext |
| Examples | DES, 3DES, AES | RC4, ChaCha20 |
Block ciphers also need a mode of operation to handle messages longer than one block — that's genuinely its own topic, covered fully in Chapter 6.
The Data Encryption Standard (DES) — A Brief History
Developed by IBM and adopted as the US federal encryption standard in 1977, DES was the first widely-used, publicly-specified block cipher — a real-world application of Chapter 1's Kerckhoffs's Principle, published openly rather than kept secret. It operates on 64-bit blocks using a 56-bit key and a structure called a Feistel network, which splits each block in half and repeatedly mixes the halves together across 16 rounds.
56 bits gives roughly 7.2 × 10¹⁶ possible keys — enormous by 1970s standards, but computing power caught up. By 1998, the Electronic Frontier Foundation's purpose-built "Deep Crack" machine brute-forced a DES key in under a day, publicly and decisively demonstrating that 56 bits was no longer remotely adequate.
Triple DES (3DES) — The Stopgap
Rather than design a wholly new cipher immediately, the industry's first response was to apply DES three times in a row, typically with two or three different keys, extending the effective key length without changing the underlying algorithm at all.
The AES Competition & Rijndael
Rather than have a single government agency design DES's replacement behind closed doors, the US National Institute of Standards and Technology (NIST) ran a genuinely open, public competition from 1997 to 2000 — every candidate algorithm was published in full and attacked publicly by cryptographers worldwide, the largest real-world demonstration of Kerckhoffs's Principle this course covers.
The winner, submitted by Belgian cryptographers Joan Daemen and Vincent Rijmen under the name Rijndael, became the Advanced Encryption Standard (AES) in 2001 — and remains, over two decades later, the world's dominant symmetric cipher, with no practical attack against the full algorithm ever found.
AES Internals — A Conceptual Overview
AES operates on 128-bit blocks, with a choice of 128-, 192-, or 256-bit keys (correspondingly using 10, 12, or 14 rounds). Each round applies four distinct transformations in sequence:
- SubBytes — a byte-for-byte substitution through a fixed, cryptographically-designed lookup table (the S-box) — conceptually Chapter 2's substitution ciphers, but nonlinear and specifically engineered to resist frequency-style analysis.
- ShiftRows — cyclically shifts bytes within each row of the block's internal grid — conceptually Chapter 2's transposition ciphers, rearranging position without changing values.
- MixColumns — a matrix operation that spreads each byte's influence across an entire column, ensuring a single-bit change in the input cascades into a large, unpredictable change in the output (the "avalanche effect," revisited properly in Chapter 7).
- AddRoundKey — XORs the block with a subkey, freshly derived from the main key for that specific round via a key schedule.
AES Security Today
AES-128's keyspace is roughly 3.4 × 10³⁸ — utterly infeasible to brute-force with any foreseeable computing power, classical or otherwise. AES-256 is sometimes preferred for long-term data or particularly high-value secrets, partly as a margin against future cryptanalytic advances, and partly because of quantum computing: Grover's algorithm can theoretically halve a symmetric cipher's effective key strength, meaning AES-256 still offers roughly AES-128-equivalent (128-bit) security even against a quantum attacker — a topic Chapter 12's post-quantum preview returns to.
Stream Ciphers
A stream cipher takes a key (plus, critically, a nonce — a number used once) and generates a long pseudorandom keystream, then simply XORs that keystream with the plaintext, one bit or byte at a time. Decryption is identical: XOR the same keystream against the ciphertext.
RC4, designed in 1987, was for years the most widely deployed stream cipher — used in early WEP Wi-Fi security and early TLS. Statistical biases discovered in its keystream output, combined with real misuse in WEP's key-scheduling, eventually made it thoroughly broken and deprecated. ChaCha20 is its modern successor — fast, carefully designed, and one of the two cipher families (alongside AES) used throughout TLS 1.3 today.
Hands-On Exercises
DES's 56-bit key (≈7.2 × 10¹⁶ possibilities) was brute-forced in under a day by 1998. AES-128's key is 128 bits (≈3.4 × 10³⁸ possibilities). Roughly how many times larger is the AES-128 keyspace than DES's, and what does that imply about brute-forcing AES-128 with similar-generation hardware?
📄 View solutionExplain, in your own words, the structural difference between a block cipher and a stream cipher, and describe one practical scenario where a stream cipher's lack of padding requirement would make it the more natural choice.
📄 View solutionA developer accidentally reuses the exact same key and nonce to stream-encrypt two different messages. Using Chapter 2's Vigenère weakness as a guide, explain what an attacker who intercepts both ciphertexts could do, and why this happens.
📄 View solutionChapter 5 Quick Reference
- Block ciphers process fixed-size chunks and need a mode of operation (Ch.6); stream ciphers generate a keystream and XOR it with data, byte by byte
- DES (1977, 56-bit key) — brute-forced in under a day by 1998; 3DES — a stopgap, only ~80-bit effective security despite 3x the computation
- AES (2001, Rijndael) — won an open, public NIST competition; 128/192/256-bit keys, 10/12/14 rounds of SubBytes/ShiftRows/MixColumns/AddRoundKey
- AES combines Chapter 2's substitution (SubBytes) and transposition (ShiftRows) ideas, engineered to resist the exact weaknesses that broke classical ciphers
- RC4 — broken, deprecated; ChaCha20 — its modern replacement, used throughout TLS 1.3
- A stream cipher is structurally Vigenère (Ch.2) with a cryptographically strong, effectively non-repeating keystream — reusing a keystream reintroduces Vigenère's exact weakness
- Next chapter: Modes of Operation — how block ciphers handle messages longer than one block, and why the choice of mode matters enormously