 # Symmetric Encryption

Cryptography

We learned earlier that Symmetric encryption is an encryption scheme that encrypts and decrypts using the same secret key. Now we will explore a bit further into what that involves. Let’s start with a simple example: As pictured, if we start with the plain text `hello`, and use a Symmetric encryption algorithm of simply rotating the letters forward, along with a Secret Key of 3, we end up with a Cipher text of `khoor`.

To decrypt, you would simply need to know the encryption algorithm (rotating the letters forward), and the secret key that was used (`3`). This would allow you to apply the algorithm in reverse and you would end up with the original plain text: This can also be shown with some simple math as well. For example, let’s start with the plain text of 66. We will use a Symmetric encryption algorithm of multiplication, along with a secret key of 7:

66 × 7 = 462

To decrypt our cipher text, we would simply reverse the algorithm (by using division), and apply the same secret key to the cipher text:

462 ÷ 7 = 66

### Symmetric Encryption and Key Sizes

Recall that with Symmetric encryption, the algorithm is publicly known. The only variable between each encrypted conversation is the Secret Key.

As such, the strength of the encryption lies solely on the strength and size of your secret key. Much like passwords, a key which is longer and more random is more secure than a smaller key generated with predictable characters.

Below is a table of common Symmetric encryption algorithms:

Algorithm Key size
DES 56 bits
3DES 168 bits
AES 128 bits
AES192 192 bits
AES256 256 bits

A quick note about displaying a key size in bits:  A bit is a single binary digit that can only ever be a `1` or a `0`. When a key is described as being 56 bits in length, it indicates 56 binary digits. Which is to say, the key can be any combination of 56 different `1`‘s and `0`‘s.

You can determine the maximum combination of numbers in 56 bits by calculating 2^56, which gets 72,057,594,037,927,936, or 72 quadrillion different combinations.

In comparison, a 128 bit key gets you 340,282,366,920,938,463,463,374,607,431,768,211,456 different possible values (340 undecillion). If someone had a way to guess your key at one trillion trillion guesses per second, it would still take them over 10,000 millennium.

### Comparison with Asymmetric Encryption

One of the benefits of Symmetric encryption over its Asymmetric counterpart, is that when plain text is symmetrically encrypted, the resulting cipher text is the same size as the original data.

Which is to say, the process of Symmetric encryption does not amplify or increase the size of the data. When you are intending to encrypt potential gigabytes and terabytes of information, this is a much needed attribute.

Additionally, the math involved with Symmetric encryption is relatively simpler and less CPU resource intensive. This means more data can be encrypted, in less time, with less CPU cycles.

These two attributes make Symmetric encryption an ideal choice for bulk data encryption.

However, one of the major drawbacks of Symmetric encryption is the Secret Key used to encrypt and decrypt must exist in two different locations. Which begs the question, how do we get the key securely from one party to the other?  This is commonly referred to as the Key Exchange problem, and is a subject for a later article in this series.

Moreover, the security of your key is at the mercy of your weakest link. If the party you are in communication with lacks basic security best practices, that puts your key (and therefore your data) at risk. As a result, Symmetric encryption is sometimes considered slightly less secure than its Asymmetric counterpart.