Table of Contents
    Home / Definitions / Symmetric Encryption
    Security 5 min read
    A black keyboard with a golden physical key sitting on it as this article is about symmetric encryption and symmetric cryptography. Also known as secret key cryptography, this encryption method uses the same key for encrypting and decrypting messages between two or more users.

    Symmetric encryption, also known as symmetric cryptography or secret key encryption, is a cryptographic protocol where two or more users share a single secret key to encrypt and decrypt communications.

    Through a shared key cipher–often a pseudorandom string of numbers–users can exchange encrypted messages that are only accessible to other users who posses the private key.

    Whereas asymmetric encryption uses two different keys to encrypt and decrypt data, symmetric encryption uses one key, which offers more speed and is less expensive to implement and maintain. Unfortunately, this speed and simplicity also mean symmetric encryption is less secure.

    This article looks at symmetric encryption, its functionality, and how it compares to public key cryptography in speed, security, and effectiveness.

    What Is Symmetric Encryption?

    Symmetric encryption is when two or more users encrypt and decrypt communications through an identical key. Any individual with access to the private key can use the key for encryption and decryption purposes.

    In the physical world, a group of people can have access to the same mailbox or locked space with a single password or physical key for shared access. Likewise, a single symmetric encryption algorithm can be built into networks, devices, and applications to offer privileged users access to private data.

    Read more: Best Encryption Software & Tools | IT Business Edge

    How Does Symmetric Encryption Work?

    The symmetric encryption process is a simple handshake where two users communicate through a single, shared key. Two users exchange the symmetric key, ideally in-person or in a secure channel like a password manager, which allows further communication through the cryptographic key.

    As long as the symmetric key remains private, threat actors will struggle to break the ciphertext visible in public networks, like the internet.

    An infographic showing the symmetric encryption process where one user sends message encrypted by a key that travels through a public network like the internet before the message is decrypted by another user with possession of the same key. While not as secure, symmetric encryption is a fast method for encryption.

    The above graphic shows how symmetric encryption works between two users (X) and (Y):

    1. User X writes a plaintext message (Platypus) and encrypts the message using an identified key (yellow).
    2. This encrypted message appears as ciphertext (Tpexctyw) when traversing public networks, and its actual contents are only accessible to users with the symmetric key.
    3. User Y can use the same key (yellow) to decrypt the message and reveal the plaintext.

    Types of Symmetric Encryption Algorithms

    The two methods for implementing symmetric encryption are block ciphers and stream ciphers. Stream ciphers can be found in TLS and wireless networking, but block ciphers remain the more popular approach for modern cryptographic algorithms.

    • Block Cipher: A process where plaintext becomes a fixed-size block before encryption.
    • Stream Cipher: Encryption happens by breaking down plaintext bits into long, random streams.

    Block Cipher vs. Stream Cipher: Comparison Table

    Block CipherStream Cipher
    Encryption ProcessBy chunksBit-by-bit
    ComplexityLess ComplexMore Complex
    Algorithm ModesECB and CBCCFB and OFB
    Also read: The State of Blockchain Applications in Cybersecurity | eSecurity Planet

    Symmetric Encryption vs. Asymmetric Encryption

    Symmetric encryption doesn’t rely on modern computer science and is the predecessor to asymmetric encryption. With fewer bits and less complex implementation, symmetric encryption requires less overhead, making for a fast and inexpensive cryptographic system.

    By comparison, asymmetric encryption is a complex process where two or more users exchange a mix of public and private variables to establish a trusted communication channel. This handshake produces two unique keys: one for the sender to encrypt messages and another for the recipient to decrypt messages.

    The complexity of asymmetric encryption algorithms provides robust security for data in transport, but the downside is a slower speed relative to its symmetric counterpart. Conversely, symmetric encryption offers speed but lacks the same security integrity.

    Symmetric EncryptionAsymmetric Encryption
    Keys1 – Private2 – Public and Private
    Bits128 – 192 – 2562,048 – 4,096
    OverheadLess Complex and ExpensiveMore Complex and Expensive
    ExamplesAES, RC4/5/6, 3DES, IDEADiffie-Hellman, RSA, ECC, DSA

    Combining Symmetric and Asymmetric Encryption

    Cryptographers and web developers increasingly bundle symmetric and asymmetric encryption methods to offer encryption services and their users the best of both worlds, between speed and security. This combination, also known as hybrid encryption, usually starts by connecting two users through asymmetric encryption, after which the users can exchange messages with symmetric encryption protected within the asymmetric encrypted channel.

    Read more: End-to-End Encryption: Important Pros and Cons | CIO Insight

    Problems with Symmetric Encryption

    Symmetric encryption vulnerabilities related to public key encryption make the encryption method less ideal for modern networking and wide-area network (WAN) communication like web traffic.

    1. Cryptanalysis and Brute Force Attacks

    Cryptanalysis and enough brute force attempts can compromise symmetric encryption, resulting in private data exposure. Symmetric encryption pales in comparison to asymmetric encryption security standards.

    2. Preserving the Integrity of the Private Key

    Maintaining the secrecy of a private key was a matter of physical security before the internet boom. Today, sharing a key in plaintext over the internet–like a password sent over text or email–can open the door for a third-party adversary to take and use the key. 

    Beyond leaving private keys out in the open, threat actors can also use phishing and social engineering to obtain additional information about the key. As symmetric encryption authenticates any user with the private key, adversaries can retrieve the key and proceed to manipulate access.

    Recent Coverage