Skip to content

Symmetric Encryption

The earliest forms of encryption were Symmetric.

Symmetric, encryption uses the same "Key" for both enciphering, and deciphering the message. Therefore the secrecy of your messages depends on the secrecy of the key.

In this article we will look at the principles behind symmetric encryption, and examine some of the problems with it.

What is Symmetric Encryption

In symmetric encryption we use the same secret key to encrypt and decrypt files. You can think of this key as the password for the file.

Symmetric Key

As long as both the sender and recipient of the message have the same secret key, then they are able to read messages sent between them.

Sometimes, several cryptographic algorithms are combined into one symmetric encryption scheme. This can include

  • Password to Key derivation schemes
  • symmetric cipher algorithm (the encryption itself)
  • Message authentication (MAC) algorithm

Secret keys

While older cryptographic systems (usually manual) relied on a simple key, in modern systems the Secret key used to encipher and decipher messages is typically 128, 192, or 256 bits.

As long strings of bits are hard to remember, most applications will use an password to key derivation algorithm to convert a password into the appropriate secret key.

This means that we can use a (more human readable) password as the key, but extend it to meet the key requirements of the cryptographic system.

We already know of a set of crypto functions that do this, having looked at hash functions last week. The Password to key derivation functions are related to these hashing approaches.

Common functions include:

  • PBKDF24
  • HKDF
  • Argon 2

Types of Symmetric Encryption

There are two forms of symmetric encryption:

  • Stream encryption. Where the encryption process happens to each symbol (for example letter) in a stream of data. This means that we can take data of an any size size, for example documents and encrypt it.
  • Block Ciphers: Where the encryption process happens over blocks of Bytes. Here we break the input into blocks of a given size, and encrypt each of them. Depending on the algorithm, padding may be used to increase the size of the last "block" of data.

Important

This doenst mean that we have to use Stream ciphers for "streams" of data. Instead, it refers to the way the text is encoded.

Where might symmetric encryption be used

So while its an older method of encryption that asymmetric. This doesn't mean that its not still used. There are still lots of advantages including:

  • Less computation required. We don't need to do hardcore computation to calculate keys. Which makes this system useful for embedded systems, or where performance is required.
  • Faster at encoding and decoding data.
  • (In some instances) its easier to manage. If we are dealing only with local data, then it becomes much easier to manage than Public Key infrastructure. For example, with disc encryption, the key is your password (Something you know), rather than anything else.

The kind of applications include:

  • Encrypting "data at rest", this is any data that is not being transferred between systems. Disk encryption tools like bit locker, make use of symmetric encryption.
  • Banking, such as card payments where PII needs to be unlocked before it can be used.
  • HTTPS. The TLS protocol used for HTTP is Symmetric encryption, with the keys generated at the start of each session.
  • End to End Encryption. Like HTTP the end-to-end encryption used on services like WhatsApp makes use of a symmetric key for transmitting the messages. The keys are generated between people at the start of the conversation.

However, There are a few issues with using Symmetric encryption that include:

Common Symmetric Algorithms

There are several common symmetric algorithms used in software

AES (Rijndael)

AES (Advanced Encryption Standard) is the most widely used. The algorithm is highly secure, and is the official recommendation by the US government.

AES is a block cipher, and uses 128, 192 or 256 bit keys. In most block modes, AES also requires a random 128-bit initial Vector (IV or nonce)

Salsa / ChaCha

Another common algorithm. Salsa is a stream cipher that takes uses a 128 / 256 bit key.

The ChaCha algorithm has been shown to be a lot faster than AES, so it is particularly suited for mobile devices.

Note

Unlike our hash functions, high speed of encryption / decryption is good. We are not trying to brute force the encryption itself, but rather the keys used to encipher / decipher the text.

Insecure Symmetric Algorithms

  • DES
  • 3DES
  • RE2/4
  • Blowfish

A Generic problem With Ciphers: The Insecure Key

As the key is used to decode the message, the security of the key becomes important. If the key is easy (for a given value of easy) to guess, then it becomes simple to break the code. This applies to all forms of cryptography, including the asymmetric methods.

As an example, lets look at one of the Classic examples of a symmetric algorithm

The Caesar cipher1 shifts the alphabet by a certain number of places. To encode a message, the Sender and Receiver would agree on a key (lets use Caesars favourite value of 3).

When encoding the message the sender uses the key to shift the letters of the plaintext using the key as the value

With a key of 3 This means that our alphabet looks something like this

Plain:    ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher:   XYZABCDEFGHIJKLMNOPQRSTUVW

When decoding the Message the recipient uses the same key value to lookup the plaintext.

Simple Caesar

Lets imagine we know the key is 3 decode the following message

“Wkh vnb deryh wkh sruw zdv wkh froru ri whohylvlrq, wxqhg wr d ghdg fkdqqho.”

(Bonus points for telling me where it comes from)

Breaking Cesar Cipher

Now the Caesar cipher is pretty easy to break, when we know the Algorithm

Algorithm

Shift the letters of the Text, by the value of the Key.

or in maths...

\[\begin{align} x & = \text{character} \\ n & = \text{key}\\ \text{Encode}(x) & = (x+n) \mod 26 \\ \text{Decode}(x) & = (x-n) \mod 26 \end{align}\]

Now we know that the key-space (the number of possible keys) is also small, with only 25 possible keys.

So this gives us a simple approach for breaking any message.

Simply perform the decoding process multiple times using all possible keys. If the answer is not gibberish, then we have found the key for that message.

For key in range (26):
    output = decode(key)
    if output == English:
       return "Key found"

Now the weakness in Caesar is that the key is only 26 possible examples. We can check that by hand in about 5 minutes, or on a computer in milliseconds

Note

Personally, if I was doing it by hand I would reduce my workload. Only do the first few characters, or look for single characters and turn them into A and I. If something sensible comes out, we win.

What's the Key?

THe following is Caesar Encyphered.

“Tpsvijgrtv. R tfejvejlrc yrccltzerkzfe vogvizvetvu urzcp sp szcczfej fw cvxzkzdrkv fgvirkfij, ze vmvip erkzfe.”

Solution: Stronger Keys

The key strength then determines how good the algorithm is. Lets look at another classic example.

The Vigenere cypher2 like the Caesar cipher it made use of a simple shift. But this shift pattern changed based upon the key phrase. This provided sufficient complexity that the cipher was not broken for about 300 years. (we can now break messages in a few seconds).

Again, some awesome cryptanalysis (hats off to Babbage and Kasiski), and the power of modern computing make what was once unbreakable, breakable in a few seconds.

What's the Key (part 2)

Following message is encoded using the Vigenere.

A couple of hundred years ago, you would have needed to get the key to decrypt it. Now Its breakable using online tools.

“Llg Grbkgp lcm zbl pgsvm zv ipaqknzdx yjgcxv otkww,' uuzl mfw zqctm-htwv, 'kh vikjq ktugpbak ttixztkk epx dqeglets vficjmoyebtrasp qzba ajepcrt cyuou.' Ie bac Ksps, r bpm-vmoyeabmfen mgivc oet zrlxb tijcel t dgvgmk wy ksxjydimguenfp oxlwvcnvl ycjru, xvuhlkxtukqge llg mgimgsp rijabzapknzml mx pqarzbrzqkw jxbpspu; wftw zdyg gztbrsva zfwmyyi doivxb lltiloa, jsf chzutjk aklvl blls vyjb lwkxggj, pxjeivm wmxbari cebh davg wfvmpgp eciknglw qz kigik epx nik ndepyj. 'Krzwvujrkx. Y uspmvvlssp juctnaarcnzwg cptglzmgawh fuztr zq fkfcqhlk sh fvobraqcnv wicjeviia, bl wzglp vtrasp, vp kagdhtye jxgfk vuloar eevbvutragcf twgawtvm... R okyhlkw imipwwghkimggr qz uimy sfuniivrwh hlfu mfw fchba hd wzglp khkhyvyi qg rzi jodig qqwvyd. Cgrzmperjec usojcmqglc. Nceml mx pkayb kyfkgx zv mfw rqhjxtaw sh nym fgfh, eflamcjw chu khlkxgfcimggru iw ltrs. Pkev kbrq pkaybl, pwggxzvz...”

Summary

Although we have been looking at classic ciphers, modern encryption still suffers from the same problem. If the key used to generate the code is easily breakable, then the cipher itself is weak.

Important

This doesnt mean that symetric ciphers are bad. We sill use them a lot, the keys are just very difficult to break. The key problem also applies to asymetric encryption too.

  1. Caesar Cipher 

  2. Vigenere Cipher 

  3. AES 

  4. IET on PBDKF 

Back to top