Blog/Infosec 101/

What is symmetric encryption and how does it work?

Jan 10, 2020

How much is your privacy worth?

No matter if you're the highest-ranking general in the Pentagon or a couple of gossiping colleagues, you understand how precious privacy is. Or how detrimental losing it would be.

A need for secure communication did not just pop up. We've had it for thousands of years.

Can you believe that most of the principles have remained the same since the dawn of the Roman Empire?

Some things have evolved. We introduced complex mathematical algorithms and switched to digital. But the core elements, like symmetric-key encryption, have remained the same.

This is not a true symmetric encryption definition, but it does the job:

Symmetric encryption means that there is only one key able to encrypt or decrypt that message.

Next, we'll explain how symmetric cryptography works and show you how it differs from its 'baby brother,' asymmetric cryptography.

What is symmetric-key encryption?

How does symmetric encryption work? The principles are the same for every message. To encrypt any message, you need three elements:

  1. Data to be encrypted (or, as it's called, plaintext)
  2. A pseudo-random algorithm to turn readable data into a scrambled mess
  3. A key to descramble the data into its original form

Let's take any phrase. For example, 'bananas are yummy.'

A mathematical cryptographic algorithm would turn this phrase into an unreadable sequence of symbols like '[email protected][p6#!zv.'

To turn it back into its original form, you would need a key or a passphrase. In the case of symmetric encryption, a single key (or a passphrase) is generated to decrypt the message.

One-key cryptography has its positives. Due to built-in authentication, you can't create another symmetric key that would fit that digital lock. Safe. But you also must consider that, if the original key is lost, the data would be lost as well.

Sharing raises an additional question. How do you securely share the key to your message with another person? And what if there are multiple people?

But problems don't end here. Let's say you managed to securely share the key with five family members (friends, coworkers). It means now there are five copies of the original encryption key. New keys, new security threats. Can you be sure that Bob from accounting will be as protective of your encryption key as you are?

As the example above illustrates, the most significant risk in symmetric-key encryption is key sharing. Luckily, another type of encryption is perfect for sharing keys. We’ll cover it a bit later. In order to finish with symmetric encryption, we must look at different algorithms used for this purpose.

Symmetric key algorithms

There are numerous symmetric encryption algorithms but only two ways they work. Stream ciphers encrypt messages bit by bit (letter by letter, number by number), and block ciphers that encrypt messages in blocks of data.

The most popular stream cipher today is ChaCha20, which even Google uses for internal security. We use it too. With code authenticator Poly1305, we use ChaCha20 to secure your secret key.

Block ciphers are more common. There may be even some you already know. Here are the most popular block ciphers:

  1. AES (Advanced Encryption Standard) is the most widely used symmetric encryption cipher. Governments, hardware, and software producers use AES to encrypt and transfer data. At NordLocker, we use it to encrypt the contents of your files.
  2. DES is a block cipher that generates a 56-bit key. It encrypts the data in 64-bit blocks, 16 times (rounds).
  3. 3DES - is an elevated DES cipher, with the same process of encryption running three times.
  4. IDEA (International Data Encryption Algorithm) was developed in 1991 and is the basis for several popular stream ciphers like MMB, MESH, and Akelarre.

A quick look at asymmetric cryptography

Asymmetric encryption creates a pair of keys (one public, one secret). The message is encrypted using the owner's secret key and the recipient’s public key. Similarly, for decryption, you would use the sender's public key and the recipient's secret key.

These keys cannot be derived from one another, so anyone can see your public key. In fact, you could even put your public key on a billboard without compromising your security.

Symmetric and asymmetric encryption: what's the difference?

If you like Ancient Greece, you can think of symmetric encryption like Achilles. Both are extremely tough but have one specific weakness. For Achilles, it’s his heel. For symmetric-key encryption, it’s key sharing. On the other hand, asymmetric-key encryption is much safer for key sharing. That’s the main difference between symmetric and asymmetric cryptography, but it’s not the only one.

  1. Asymmetric cryptography began around 50 years ago. Symmetric cryptography is at least as old as the pyramids.
  2. Symmetric-key cryptography is generally faster and harder to break; asymmetric is slower but better for sharing.

Due to the strengths and weaknesses, the keys are used in different ways. Mostly, symmetric encryption protects the message, while an asymmetric algorithm is used to send the symmetric key securely. NordLocker does this too. We combine symmetric-key encryption (AES) with asymmetric-key encryption (ECC) to make your experience as fast and as safe as possible.

We hope the article helped you understand the topic much better. If not, feel free to ask us any questions.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.