Symmetric Cryptography

What is Symmetric Cryptography and How Does It Work?

When talking about symmetric cryptography we have in mind cryptographic algorithms enabling communication between a sender and a receiver. Both of them use the same cryptographic key for encryption and decryption.

The sender writes the message they would like to send. We call this the plaintext. Then it is encrypted with the cryptographic key into a ciphertext and sent to the receiver. The receiver is in possession of the same key the sender used to encrypt the message. They use it to decrypt the ciphertext and read the original message.

The beginnings of what we know today as symmetric cryptography have existed already in the time of Julius Cezar, who used the well-known Cezar cipher. Cezar and his generals agreed on a specific number, let us say 3. They then substituted every letter of the plaintext with a letter that is by alphabetical order 3 places in front of it. Since both Cesar and the general had to share a key (in our case the number 3) in order to successfully exchange encrypted messages, we can consider this as beginnings of symmetric cryptography.

Of course, cryptography as we now it today does not have much in common with Cesar and other similar ciphers. Our keys are randomly generated strings of zeroes and ones, usually of length 256 bits. Symmetric algorithms are divided into two main families – block ciphers and stream ciphers. Their main difference is the mechanism of combining the plaintext and key into ciphertext. Block ciphers process the plaintext block by block. Stream ciphers transform the key into an endless stream of zeroes and ones and it is then combined with the plaintext bit by bit.

Advantages and disadvantages

Compared to asymmetric cryptography, symmetric cryptography uses keys of shorter length to achieve the same levels of security, and is faster. Thus, it is suitable for encrypting large amounts of data or encrypting data-at-rest.

Its main disadvantage is that in order to exchange messages, the sender and receiver first need to exchange a cryptographic key. Additionally, a sender needs to keep safe they keys corresponding to all the senders they want to communicate with – key management for such a scheme can become immensely complex. In many cases key exchange algorithms are based on asymmetric cryptography, such as the Diffie-Hellman algorithm.

Let us also mention that attacks using quantum algorithms just lower the security of symmetric algorithms but do not completely break them. For example, let us encrypt some data using AES with a 256bit key. An attack using a quantum computer will be equally effective, as if we used a traditional computer to attack data encrypted with AES 128bit key. The number of security bits is halved, yet not reduced to 0.

Most widely used symmetric algorithms are DES (and its derivatives, 2DES and 3DES), and AES. DES (Data Encryption Standard) was an encryption standard from 1977 to 2001, when it was replaced by AES (Advanced Encryption Standard). Both are block ciphers. Some examples of symmetric ciphers are IDEA (International Data Encryption Algorithm), Kuznyechik, encryption standard in Russia, SEED, that was developed and is widely used in South Korea, and many others.


The DES algorithm, based on the Lucifer cipher, was developed in the 70s by the IBM researchers. In 1977 it was chosen by National Institute of Standards and Technology (NIST) as the new encryption standard. Through the years, the original length of the key, 56bits, became too short to guarantee a high enough level of security, and so 2DES and 3DES came into use, where the length of the key is doubled and tripled. 3DES is still in use, especially in the financial sector, although NIST has in its publication (March, 2019) announced it as “deprecated”. In 2023 it will become “disallowed”.

Selection process for the new encryption was started in 1997, and in 2000 NIST has announced the winner – the Rijndael cipher. In 2001 Rijndael became the new encryption standard, AEA, with the possible key length 128, 192, or 256 bits. Soon after that NSA has confirmed it for use in encrypting top secret level information. Today AES is an open source, publicly available algorithm and is widely used in both private and public sector.

Source: Nastja Cepak, PhD Cryptography, and CREAplus Cybersecurity Team.


Blog: NIST’s Standardisation of PQC

graph data breachesBlog post: The World of Quantum Computing - NIST’s Standardisation of PQCCybersecurity 

Blog: Zerologon Vulnerability

graph data breachesBlog post: Cybersecurity - Zerologon Vulnerability 

Technical Training for Utimaco HSM

shutterstock 298735595CREAplus, authorized Utimaco training partner, is going to deliver an online hands-on technical training for Utimaco HSM, on 5-6 November 2020.

Read more ...