02
17 min read · 5 briefings

Symmetric Encryption

One shared key, both directions — fast, but only if you can share the key.

01 The symmetric model: one key, two directions

Symmetric encryption uses a single shared secret key for both encryption and decryption. Think of a padlock where the same key locks and unlocks. It is the workhorse of cryptography: extraordinarily fast, hardware-accelerated on modern CPUs, and used to protect the overwhelming majority of data in motion and at rest.

Its power comes with one non-negotiable requirement: both parties must already possess the same key, and no one else may have it. That constraint — the key distribution problem — is the reason asymmetric crypto had to be invented, and we return to it later in this module.

Symmetric ciphers come in two families. Block ciphers encrypt fixed-size chunks of data — AES works on 128-bit blocks. Stream ciphers generate a pseudorandom keystream and XOR it with the plaintext one bit or byte at a time, like a mechanized one-time pad. Modern practice leans heavily on block ciphers used in stream-like modes, plus a small number of trusted dedicated stream ciphers such as ChaCha20.

Insight Symmetric crypto answers "how do we scramble data cheaply and at scale." It does not answer "how did we both get the key." Keep those two problems separate in your head.

02 From DES to AES

The first public standard was DES (Data Encryption Standard), adopted by the US government in 1977 and derived from IBM's Lucifer cipher with input from the NSA. Its fatal weakness was baked in from the start: a 56-bit key. As computers grew, that key space became brute-forceable. In 1998 the Electronic Frontier Foundation built a purpose-made machine, Deep Crack, that recovered a DES key in about 56 hours for roughly a quarter-million dollars. As a stopgap the industry ran Triple DES (3DES) — encrypting three times with multiple keys — but it was slow and is now deprecated.

The replacement came through an open competition. NIST solicited candidates, and in 2001 selected Rijndael, designed by Belgian cryptographers Joan Daemen and Vincent Rijmen, as the Advanced Encryption Standard (AES). AES uses 128-bit blocks and keys of 128, 192, or 256 bits, running 10, 12, or 14 rounds of substitution and permutation respectively. Two decades of intense public cryptanalysis have found no practical break. AES is now baked into CPU instruction sets (Intel/AMD AES-NI), making it blisteringly fast.

Pro tip Choosing a cipher today is easy: use AES-256 in an authenticated mode, or ChaCha20-Poly1305 on platforms without AES hardware. Everything older is a liability.

03 Modes of operation, and why ECB is a crime scene

A block cipher only knows how to encrypt one block. To encrypt a whole message you chain blocks together using a mode of operation — and this choice matters as much as the cipher itself.

The naive mode, ECB (Electronic Codebook), simply encrypts each block independently. The catastrophe: identical plaintext blocks produce identical ciphertext blocks. Encrypt a bitmap image in ECB and the outline of the picture remains clearly visible in the ciphertext — the infamous "ECB penguin." ECB leaks structure exactly the way a substitution cipher did, just at the block level. Never use it.

ModeHow it worksVerdict
ECBEach block encrypted independentlyBroken — leaks patterns
CBCEach block XORed with the previous ciphertext, plus a random IVOK but needs a separate MAC; padding-oracle risk
CTREncrypts a counter to make a keystream; turns AES into a stream cipherGood, but no built-in integrity
GCMCTR mode plus an authentication tag (AEAD)Preferred — confidentiality and integrity together
Watch out Encryption without authentication is a trap. Modes like CBC hide the data but let an attacker tamper with it undetected, enabling padding-oracle attacks. Prefer AEAD modes like GCM that verify integrity as they decrypt.

04 The key distribution problem

Here is the wall symmetric crypto slams into. To send an encrypted message to someone, you both need the same key. But how do you deliver that key? You cannot send it over the same untrusted channel — anyone eavesdropping would grab it and read everything. You could meet in person, but that does not scale to a planet of strangers buying things online.

The math makes this vivid. If n people all want to talk privately in pairs, and each pair needs its own shared key, you need n(n-1)/2 keys. Ten people need 45 keys; a thousand people need almost half a million. Distributing and safeguarding that many secrets is unmanageable.

For decades this was solved by trusted couriers and physical key material — think of diplomatic pouches and the NSA's guarded key shipments. It worked for governments and militaries but was hopeless for open commerce.

Insight This single problem is why asymmetric cryptography exists. Public-key systems do not replace symmetric ciphers — they bootstrap them, securely establishing a shared symmetric key that then does the heavy lifting. The next module is the answer to this one.

05 Where symmetric crypto actually lives

Symmetric encryption is everywhere the data volume is high and speed matters:

  • Full-disk encryptionBitLocker, FileVault, and LUKS use AES to protect the contents of your drive, so a stolen laptop is a brick rather than a breach.
  • VPNsWireGuard uses ChaCha20-Poly1305; IPsec and OpenVPN use AES-GCM to encrypt tunneled traffic.
  • TLS bulk data — once a browser and server finish their handshake, the actual web pages, videos, and API calls are encrypted with a symmetric cipher (AES-GCM or ChaCha20-Poly1305). Asymmetric crypto only set up the key.
  • Messaging — Signal, WhatsApp, and iMessage encrypt message bodies symmetrically after establishing keys.
  • Databases and backups — encryption at rest for cloud storage and backups is overwhelmingly AES.

The pattern is consistent: asymmetric crypto negotiates a key; symmetric crypto moves the bytes. Understanding this division of labor is the single most useful mental model in applied cryptography.

Field Glossary

Symmetric encryption
Encryption where the same secret key both encrypts and decrypts. Fast and scalable, but requires a secure way to share the key first.
Block cipher
A cipher that transforms fixed-size blocks of data (AES uses 128-bit blocks). Combined with a mode of operation to handle messages of arbitrary length.
AES
The Advanced Encryption Standard, the Rijndael cipher selected by NIST in 2001. Uses 128/192/256-bit keys and is the default symmetric cipher of the modern internet.
Mode of operation
The scheme for applying a block cipher across a whole message (ECB, CBC, CTR, GCM). The choice determines whether patterns leak and whether tampering is detected.
ECB
Electronic Codebook mode, which encrypts each block independently. Broken in practice because identical plaintext blocks yield identical ciphertext, leaking structure.
AEAD
Authenticated Encryption with Associated Data — a mode such as AES-GCM that provides confidentiality and integrity at once, detecting any tampering on decryption.
Key distribution problem
The challenge of securely delivering a shared symmetric key to another party over an untrusted channel. The reason public-key cryptography was invented.

Knowledge Check

Field Assessment

0 / 3

01 Why must you never use ECB mode for encrypting real data?

02 What does an AEAD mode such as AES-GCM provide that CBC alone does not?

03 The key distribution problem refers to:

ESC
↑↓ navigate jack in