Symmetric Encryption
One shared key, both directions — fast, but only if you can share the key.
01 The symmetric model: one key, two directions
Symmetric encryption uses a single shared secret key for both encryption and decryption. Think of a padlock where the same key locks and unlocks. It is the workhorse of cryptography: extraordinarily fast, hardware-accelerated on modern CPUs, and used to protect the overwhelming majority of data in motion and at rest.
Its power comes with one non-negotiable requirement: both parties must already possess the same key, and no one else may have it. That constraint — the key distribution problem — is the reason asymmetric crypto had to be invented, and we return to it later in this module.
Symmetric ciphers come in two families. Block ciphers encrypt fixed-size chunks of data — AES works on 128-bit blocks. Stream ciphers generate a pseudorandom keystream and XOR it with the plaintext one bit or byte at a time, like a mechanized one-time pad. Modern practice leans heavily on block ciphers used in stream-like modes, plus a small number of trusted dedicated stream ciphers such as ChaCha20.
02 From DES to AES
The first public standard was DES (Data Encryption Standard), adopted by the US government in 1977 and derived from IBM's Lucifer cipher with input from the NSA. Its fatal weakness was baked in from the start: a 56-bit key. As computers grew, that key space became brute-forceable. In 1998 the Electronic Frontier Foundation built a purpose-made machine, Deep Crack, that recovered a DES key in about 56 hours for roughly a quarter-million dollars. As a stopgap the industry ran Triple DES (3DES) — encrypting three times with multiple keys — but it was slow and is now deprecated.
The replacement came through an open competition. NIST solicited candidates, and in 2001 selected Rijndael, designed by Belgian cryptographers Joan Daemen and Vincent Rijmen, as the Advanced Encryption Standard (AES). AES uses 128-bit blocks and keys of 128, 192, or 256 bits, running 10, 12, or 14 rounds of substitution and permutation respectively. Two decades of intense public cryptanalysis have found no practical break. AES is now baked into CPU instruction sets (Intel/AMD AES-NI), making it blisteringly fast.
AES-256 in an authenticated mode, or ChaCha20-Poly1305 on platforms without AES hardware. Everything older is a liability.03 Modes of operation, and why ECB is a crime scene
A block cipher only knows how to encrypt one block. To encrypt a whole message you chain blocks together using a mode of operation — and this choice matters as much as the cipher itself.
The naive mode, ECB (Electronic Codebook), simply encrypts each block independently. The catastrophe: identical plaintext blocks produce identical ciphertext blocks. Encrypt a bitmap image in ECB and the outline of the picture remains clearly visible in the ciphertext — the infamous "ECB penguin." ECB leaks structure exactly the way a substitution cipher did, just at the block level. Never use it.
| Mode | How it works | Verdict |
|---|---|---|
| ECB | Each block encrypted independently | Broken — leaks patterns |
| CBC | Each block XORed with the previous ciphertext, plus a random IV | OK but needs a separate MAC; padding-oracle risk |
| CTR | Encrypts a counter to make a keystream; turns AES into a stream cipher | Good, but no built-in integrity |
| GCM | CTR mode plus an authentication tag (AEAD) | Preferred — confidentiality and integrity together |
GCM that verify integrity as they decrypt.04 The key distribution problem
Here is the wall symmetric crypto slams into. To send an encrypted message to someone, you both need the same key. But how do you deliver that key? You cannot send it over the same untrusted channel — anyone eavesdropping would grab it and read everything. You could meet in person, but that does not scale to a planet of strangers buying things online.
The math makes this vivid. If n people all want to talk privately in pairs, and each pair needs its own shared key, you need n(n-1)/2 keys. Ten people need 45 keys; a thousand people need almost half a million. Distributing and safeguarding that many secrets is unmanageable.
For decades this was solved by trusted couriers and physical key material — think of diplomatic pouches and the NSA's guarded key shipments. It worked for governments and militaries but was hopeless for open commerce.
05 Where symmetric crypto actually lives
Symmetric encryption is everywhere the data volume is high and speed matters:
- Full-disk encryption —
BitLocker,FileVault, andLUKSuse AES to protect the contents of your drive, so a stolen laptop is a brick rather than a breach. - VPNs —
WireGuarduses ChaCha20-Poly1305;IPsecand OpenVPN use AES-GCM to encrypt tunneled traffic. - TLS bulk data — once a browser and server finish their handshake, the actual web pages, videos, and API calls are encrypted with a symmetric cipher (AES-GCM or ChaCha20-Poly1305). Asymmetric crypto only set up the key.
- Messaging — Signal, WhatsApp, and iMessage encrypt message bodies symmetrically after establishing keys.
- Databases and backups — encryption at rest for cloud storage and backups is overwhelmingly AES.
The pattern is consistent: asymmetric crypto negotiates a key; symmetric crypto moves the bytes. Understanding this division of labor is the single most useful mental model in applied cryptography.
⌘ Field Glossary
- Symmetric encryption
- Encryption where the same secret key both encrypts and decrypts. Fast and scalable, but requires a secure way to share the key first.
- Block cipher
- A cipher that transforms fixed-size blocks of data (AES uses 128-bit blocks). Combined with a mode of operation to handle messages of arbitrary length.
- AES
- The Advanced Encryption Standard, the Rijndael cipher selected by NIST in 2001. Uses 128/192/256-bit keys and is the default symmetric cipher of the modern internet.
- Mode of operation
- The scheme for applying a block cipher across a whole message (ECB, CBC, CTR, GCM). The choice determines whether patterns leak and whether tampering is detected.
- ECB
- Electronic Codebook mode, which encrypts each block independently. Broken in practice because identical plaintext blocks yield identical ciphertext, leaking structure.
- AEAD
- Authenticated Encryption with Associated Data — a mode such as AES-GCM that provides confidentiality and integrity at once, detecting any tampering on decryption.
- Key distribution problem
- The challenge of securely delivering a shared symmetric key to another party over an untrusted channel. The reason public-key cryptography was invented.
Knowledge Check
Field Assessment
01 Why must you never use ECB mode for encrypting real data?
02 What does an AEAD mode such as AES-GCM provide that CBC alone does not?
03 The key distribution problem refers to: