So we already discussed the basics of cryptography. Now let’s take a look at the first family of major cryptographic algorithms, symmetric encryption algorithms.

First, we’ll take a look at what the term “symmetric encryption” actually means.

## What is Symmetric Encryption?

The term symmetric means “made up of exactly similar parts”. This hints at the meaning symmetric encryption. The “exactly similar” part in this case is the key.

As the above diagram shows, symmetric encryption uses the same key to encrypt and decrypt the plaintext.

The definition is just that simple. Now let’s move on to what developers ultimately need to know: what are the options for symmetric encryption algorithms?

## The Classic: Data Encryption Standard

Data Encryption Standard (DES) has been around since the 70’s. It is a block cipher that uses 56-bit keys and 64-bit block sizes.

The small key and block size makes DES not suitable for use for current cryptographic systems. However, it useful for study as it is a good example of a basic block cipher.

The above diagram^{[1]} shows what a single round of DES looks like. A round is a permutation of the data. DES consists of 16 rounds in total.

First, the plaintext is split into a left and right side (L and R in the diagram). Each side is 32-bits (half of the 64-bit block size).

After that, R is passed into an expand function that adds data to bring the plaintext amount to 48 bits. It is then XORed with the round key (a key taken from the 56-bit key provided).

That result is used in the S-box (short for substitution box) which is essentially a lookup table that maps input to an output. The bits are shuffled after that and then XORed with the left side L.

Finally, the L and R sides are switched and the process repeats 15 more times to complete the 16 rounds. At the end is the ciphertext.

The combination of the expand, S-box, and bit shuffle functions provide diffusion, which protects against some attacks on the cipher.

DES introduces some key concepts that all block ciphers follow.

- XOR – The XOR function is a key function in cryptography. It mixes the key with the plaintext data. A random bit XORed with a non-random bit results in a random bit. XOR is extremely powerful due to this preservation of randomness.
- Diffusion – A possible attack on a cryptographic algorithm is to change one bit and see what bit changes in the output. Diffusion ensures that changing one bit in the input changes multiple bits in the output. This ensures that a small change in the input causes a large change in the output.
- Rounds – Usually one set of operations is not enough “mixing” to really withstand attack. So cryptographic algorithms always consist of multiple rounds of mixing in order to produce the randomness needed to ensure secrecy.

You may still see DES in practice in the form of 3DES (pronounced “Triple-DES”). 3DES is built from three DES encryptions in sequence. Some legacy systems may use this but it shouldn’t be used in new systems.

## Advanced Encryption Standard

The Advanced Encryption Standard (AES) is the U.S. government standard to replace DES. It was created when NIST asked for proposals from the cryptographic community for the next standard encryption algorithm. In 2001, Rijndael was the winning algorithm chosen to become AES.

Rijndael is a block cipher like DES but with a much larger key size. It supports 128, 192, and 256-bit keys.

A key difference between DES and AES is in the number of rounds. DES always uses 16 rounds. AES uses a different number of rounds based on the key size. It uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys.

Let’s take a look at what a round of AES looks like:

This certainly looks a bit more complex but the steps are simple at a high level. The plaintext comes in as 16 bytes (128 bits). The next step is to XOR these bytes with 16 bytes of round key.

The output is then used as an index into an S-box table. The bytes are rearranged in a specific order and sent into a linear mixing function. Linear simply means that the output bits of the function are XORs of several input bits. This introduces the necessary diffusion.

At a high-level, AES has only a few steps per round. After the rounds have completed, you have a suitably random output as ciphertext.

AES has many components that can be completed in parallel, which make is easier to build very fast implementations of it. AES is also more easily implemented in hardware. That is why the Rijndael algorithm was chosen as the winner.

## Twofish – Another AES Finalist

Twofish is another block cipher that was a finalist for AES. Even though it did not win the distinction of becoming AES, it is still a solid cipher that developers should know.

Twofish is nearly as fast as AES. The biggest disadvantage is the difficultly in changing encryption keys due to the amount of precomputation done on the keys (we’ll see why in a minute).

Let’s take a look at what a Twofish looks like from an algorithmic perspective:

This diagram looks pretty intense. So let’s take it slow and walk through what is happening step-by-step.

First, the plaintext is split into four 32-bit values, following a similar style as DES. Whitening, a process where extra key material is added to the data, is done as the first and last operations on these 32-bit values. Whitening is done to make attacks much more difficult at very little cost.

The dotted line boxes represent functions that the data moves through during each round. The two left 32-bit values are passed through the F function. The F function consists of two g functions followed by a PHT function.

The g functions use S-boxes that are generated based on the key used, a feature unique to Twofish and the reason why changing keys is more difficult. The output is then sent into mixing functions similar to AES.

Afterwards, the PHT function adds the result of the two g functions using 32-bit addition.

The final piece of the F function is adding the key material. The output of the F function is then XORed with the right two 32-bit values from the plaintext.

The left and right pieces are swapped, then the round is repeated 15 times.

The >>> symbols in the diagram denote bit shifts of the number shown next to them. There is a bit more going on inside of Twofish, but it ultimately consists of the same basic pieces you’ve seen before used in different ways.

## How You Should Use This Knowledge

So now comes the big question on a developer’s mind. Knowing these algorithms is great, but which algorithm should I choose? What key size?

DES is considered broken. Don’t ever use DES. Some legacy systems may still use 3DES, but this should not be used in any new development.

AES is the NIST standard, so it is always a safe bet. You will find a solid AES implementation in any language, so it is easily accessible.

If possible, use 256-bit keys with AES for the most practical security today. 256-bit AES should stand up well against attack using today’s computers.

Even though Twofish did not make the cut to become AES, it is still a solid, well-designed algorithm. You will likely see AES in many applications, but a well-written Twofish implementation would still be a fine choice for an application.

In the end, a developer designing a system should always design with cryptographic agility in mind. **Cryptographic agility** means designing a system such that the cryptographic algorithm used can be easily changed if needed. If next week a major issue is found with AES, you should be able to switch to Twofish or another algorithm easily.

Theory is nice, but practical examples are even better. The next post in this series will demonstrate how to use AES and Twofish in three popular languages: Java, C#, and Javascript (specifically NodeJS).

Happy ‘crypting!

^{[1]}All diagrams in this post can be found in the book Cryptography Engineering: Design Principles and Practical Applications. This is a must read book for any developer interested in cryptography.

## 3 thoughts on “The Developer’s Guide to Cryptography: Symmetric Encryption”