Symmetric cryptography

With symmetric cryptography (or symmetric-key encryption), the same key is used for both encryption and decryption as shown in Figure 1.
Figure 1. Symmetric key encryption
Symmetric key ciphers are valuable because:
  • It is relatively inexpensive to produce a strong key for these ciphers.
  • The keys tend to be much smaller for the level of protection they afford.
  • The algorithms are relatively inexpensive to process.

Therefore, implementing symmetric cryptography (particularly with hardware) can be highly effective because you do not experience any significant time delay as a result of the encryption and decryption. Symmetric cryptography also provides a degree of authentication because data encrypted with one symmetric key cannot be decrypted with any other symmetric key. Therefore, as long as the symmetric key is kept secret by the two parties using it to encrypt communications, each party can be sure that it is communicating with the other as long as the decrypted messages continue to make sense.

Typically, with a symmetric key, you can exchange the key with another trusted participant; usually you produce a unique key for each pair of participants. You can be assured that any messages that you exchange, which are encrypted in a specific key, between the participants can only be deciphered by the other participant that has that key. In this way, the key must be kept secret to each participant. Consequently, these keys are also referred to as secret-key ciphers. If anyone else finds the key, it affects both confidentiality and authentication. A person with an unauthorized symmetric key not only can decrypt messages sent with that key, but can encrypt new messages and send them as if they came from one of the two parties who were originally using the key.

The major drawback to secret-key ciphers is in exchanging the secret key because any exchange must retain the privacy of the key. This usually means that the secret key must be encrypted in a different key, and the recipient must already have the key that will be needed to decrypt the encrypted secret-key. This can lead to a never-ending dependency on another key.

Related information: