Practical Networking .net

Symmetric Encryption

This article is a part of a series on Cryptography. Use the navigation boxes to view the rest of the articles.



We learned earlier that Symmetric encryption is an encryption scheme that encrypts and decrypts using the same secret key. Now we will explore a bit further into what that involves. Let’s start with a simple example:

Symmetric Encryption example

As pictured, if we start with the plain text hello, and use a Symmetric encryption algorithm of simply rotating the letters forward, along with a Secret Key of 3, we end up with a Cipher text of khoor.

To decrypt, you would simply need to know the encryption algorithm (rotating the letters forward), and the secret key that was used (3). This would allow you to apply the algorithm in reverse and you would end up with the original plain text:

Symmetric Encryption - Decryption Example

This can also be shown with some simple math as well. For example, let’s start with the plain text of 66. We will use a Symmetric encryption algorithm of multiplication, along with a secret key of 7:

66 × 7 = 462

To decrypt our cipher text, we would simply reverse the algorithm (by using division), and apply the same secret key to the cipher text:

462 ÷ 7 = 66

Symmetric Encryption and Key Sizes

Recall that with Symmetric encryption, the algorithm is publicly known. The only variable between each encrypted conversation is the Secret Key.

As such, the strength of the encryption lies solely on the strength and size of your secret key. Much like passwords, a key which is longer and more random is more secure than a smaller key generated with predictable characters.

Below is a table of common Symmetric encryption algorithms:

Algorithm Key size
DES 56 bits
3DES 168 bits
AES 128 bits
AES192 192 bits
AES256 256 bits

A quick note about displaying a key size in bits:  A bit is a single binary digit that can only ever be a 1 or a 0. When a key is described as being 56 bits in length, it indicates 56 binary digits. Which is to say, the key can be any combination of 56 different 1‘s and 0‘s.

You can determine the maximum combination of numbers in 56 bits by calculating 2^56, which gets 72,057,594,037,927,936, or 72 quadrillion different combinations.

In comparison, a 128 bit key gets you 340,282,366,920,938,463,463,374,607,431,768,211,456 different possible values (340 undecillion). If someone had a way to guess your key at one trillion trillion guesses per second, it would still take them over 10,000 millennium.

Comparison with Asymmetric Encryption

One of the benefits of Symmetric encryption over its Asymmetric counterpart, is that when plain text is symmetrically encrypted, the resulting cipher text is the same size as the original data.

Which is to say, the process of Symmetric encryption does not amplify or increase the size of the data. When you are intending to encrypt potential gigabytes and terabytes of information, this is a much needed attribute.

Additionally, the math involved with Symmetric encryption is relatively simpler and less CPU resource intensive. This means more data can be encrypted, in less time, with less CPU cycles.

These two attributes make Symmetric encryption an ideal choice for bulk data encryption.

However, one of the major drawbacks of Symmetric encryption is the Secret Key used to encrypt and decrypt must exist in two different locations. Which begs the question, how do we get the key securely from one party to the other?  This is commonly referred to as the Key Exchange problem, and is a subject for a later article in this series.

Moreover, the security of your key is at the mercy of your weakest link. If the party you are in communication with lacks basic security best practices, that puts your key (and therefore your data) at risk. As a result, Symmetric encryption is sometimes considered slightly less secure than its Asymmetric counterpart.

Series Navigation<< ConfidentialityAsymmetric Encryption >>
  • 4


  1. Hamza Saeed says:

    what if we only decrypt the data & we don’t have any secret key ….Is that possible ?Please reply

    • Then it isn’t “Cryptographic Encryption” which requires the usage of a key. It is merely an obfuscation of the original message.

      The problem with doing encryption with a Key is that it is difficult to come up with a secure method of transforming Plain text into Cipher text. If you DO come up with a way, you have to come up with a new way for every person you speak with (otherwise, each person will be able to decrypt the messages you send to the other).

      A modern encryption algorithm involves math that has been vetted by professional mathematicians and cryptographers in combination with some sort of secret key. People like us (non-cryptographers) can simply use a commonly approved algorithm, and then generate a new key for each session we wish to secure.

Speak Your Mind