We hope that after our first contribution on of cryptography you have found your way back to your office safely and eagerly awaited this continuation. During our first exploration, we got to know different encryption methods, that have poven to be formative for the further development of cryptography: Methods of steganography in antiquity as a predecessor of cryptography, the Caesar cipher from the Roman Empire, the Vigenére cipher after the French diplomat and cryptographer Blaise de Vigenére and the first machine cryptography of the National Socialists in World War II. Some of them were long considered uncrackable, but even the Enigma of the National Socialists was successfully deciphered during the Second World War after much fiddling. In this article, we will focus on digital encryption systems and take a closer look at so-called symmetrical encryption methods.

A few things first

For the encryption of plaintext, either substitution ciphers or transposition ciphers are used. In the first variant, substitution, the letters or characters of the information to be encrypted are replaced by other characters. We already learned about this kind of encryption in our first article: encryption methods such as the Caesar cipher or Enigma used this cipher to make information unrecognizable. Another possibility is transposition. Here, all the plaintext characters and letters remain unchanged, but their position is different. An example of this would be:

Example Transposition

In plain language: HELLO

Transposition: OLLEH

Encoding and decoding of information: Symmetry of encryption

There are endless possibilities to encrypt messages or data. Which brings us to our first stop. All the stations we visited in the first article have one thing in common: They are all based on the same encryption method: symmetric encryption.

The principle of symmetric encryption describes the encryption and decryption between sender and recipient using a single key. However, the key must first be transferred to the recipient together with the encrypted message so that the recipient can read the message in plain text. This is similar to the envoy who once traveled from the sender with the message to the recipient to deliver it. Until the 1970s, only symmetrical encryption methods were used. A well-known and widespread encryption method is the Data Encryption Standard (DES),which we will take a closer look at at our next station.

From IBM and the NSA to the DES data encryption standard

DES was developed in the 1970s, following a call by the NSA to develop a common standard for the encryption of confidential data across agencies.

An IBM development team led by Walter Tuchman, Don Coppersmith and Alan Konheim then submitted a promising proposal for an appropriate encryption method, and it was promptly commissioned. On 17th March 1975, the algorithm designed by IBM was published in the Federal Register and approved as an encryption standard just one year later.


DES uses a 56-bit key and a combination of diffusion and confusion elements. The information to be encrypted is divided into many blocks of equal size. Each block is individually encrypted using a round key and “scrambled” in 16 rounds, also called iterations. In order to decrypt the message again, the blocks must be put back into the correct order.

Many questions were raised about the role of the NSA in this project. The NSA is said to have deliberately installed a back door so that they can read the encrypted information. The main reason for these suspicions was the discussion about the key length: IBM preferred a key length of 64 bits, while the NSA considered a key length of 48 bits to be sufficient. It was then agreed to 56 bits.

DES was widely used in ATMs and was therefore considered a very secure encryption system. In 1998, however, “Deep Crack” succeeded in cracking the 56-bit key for the first time. The device was able to decrypt the DES algorithm within a few days using the brute force method.Today, this would be possible in a very short time. DES was therefore attested to be highly vulnerable to brute force attacks.

In 2001, the Advanced Encryption Standard replaced DES as its successor. This brings us to our next station.

More security through Advanced Encryption Standard (AES)

Since DES with its 56-bit key had not been sufficiently protected against brute force attacks since the 1990s, the American Department of Commerce issued a request for proposals for a successor algorithm on January 2, 1997. To ensure a certain level of security of the Advanced Encryption Standard, the algorithm had to meet certain criteria.

Selection criteria AES:

• Symmetric algorithm, block cipher

• Use of 128-bit-long blocks

• Insertion of 128-, 192- and 256-bit-long keys possible

• Above-average performance in hardware and software

• Resistance to cryptanalysis

Fifteen proposals were submitted by the deadline of 15th June 1998. Among the five best candidates were the algorithms MARS, RC6, Rijndael, Serpent and Twofish. Since all candidates met the required criteria, additional requirements were set up to select a winner. Since Rijndael appeared superior mainly because of its simple software implementation, security and speed, the Belgian algorithm was announced as winner on 2nd of October in 2000.

But the choice of the winner was not undisputed. Critics also saw weaknesses in the advantages of the structure and efficiency of the Rijndael algorithm. They argued that the simpler the structure of an algorithm is, the easier it is for hackers to understand and hack it. Practically relevant attacks, however, do not exist even today, so AES is still considered very secure. The use of AES encryption is widespread, for example in wireless LAN, VPNs, VoIP telephony and the encryption of files.

From symmetry to asymmetry

As already mentioned, DES and its successor AES are based on symmetric encryption. Another encryption method is asymmetric encryption. Unlike symmetric encryption, asymmetric encryption relies on two key pairs: the so-called private key and the public key. The sender encrypts his message with the public key of the recipient. The recipient, in turn, can only decrypt the message with his private key. The private key is, as the name suggests, private and remains stored on the recipient’s own devices as far as possible. This process ensures that only the legitimate recipient can decipher the message. Prominent encryption techniques that use asymmetric encryption are PGP and S/MIME.

We will also take a closer look at these two encryption techniques, but we will not do so until the next article: To be continued …