Much like tribbles in Star Trek, symmetric encryption is everywhere. Well explore symmetric key algorithms and take you to places no non-IT person has gone before
Symmetric encryption algorithms are the underlying processes that make secure communications possible. If you were to put it into Star Trek-related terms, symmetric algorithms are the warp drive for your starships propulsion system. Theyre integral to information security and are what help your business move forward with data encryption securely and at faster-than-light speeds.
(Yes, I know, Im really flying my nerd flag high today. While fascinating, symmetric key algorithms arent exactly light or easy reading so Ive got to have some fun when writing. Damn it, Jim, Im a cybersecurity writer, not a cryptographer.)
Make sure to refresh your coffee (or earl grey tea, if thats more your speed). Were about to take a deep dive into exploring what symmetric encryption algorithms are, why theyre important, and what the most common symmetric encryption algorithm types are.
Make it so.
Lets hash it out.
Symmetric algorithms are the cryptographic functions that are central to symmetric key encryption. Theyre a set of instructions or steps that computers follow to perform specific tasks relating to encrypting and decrypting data.
Feel like you need a universal translator? Okay, lets break this down a bit more.
Symmetric encryption algorithms are used (combined with an encryption key) to do two main things:
Symmetric encryption algorithms use the same encryption key for both encryption and decryption. (Unlike asymmetric encryption algorithms, which use two different keys.)
Encryption algorithms, in general, are based in mathematics and can range from very simple to very complex processes depending on their design. In the case of symmetric encryption algorithms, theyre paired with a single key to convert readable (plaintext) data into unintelligible gibberish (ciphertext). They then use the same key to then decrypt the ciphertext back into plaintext. And all of this is done in a way that ensures data confidentiality and privacy. Pretty cool, huh?
Symmetric encryption algorithms are actually known by a few different names:
In general, the purpose or goal of encryption is to make it so that only someone with the key can decrypt and read the secret message. In case you need a quick reminder of how symmetric encryption works, heres a quick overview:
In this graphic above, moving from left to right, youll see that you start with the plaintext, readable data. Once the symmetric encryption algorithm and key are applied to that data, it becomes unreadable ciphertext. The way to decrypt that message to decipher its meaning is to use a decryption key. In the case of symmetric encryption, the decryption key is identical to the key that was used to encrypt the data. Basically, you use the same key twice.
In a nutshell, a symmetric algorithm is a set of instructions in cryptography that use one key to encrypt and decrypt data. These encryption algorithms and keys are lightweight in the sense that theyre designed for speed in processing large blocks or streams of data. (This is why symmetric encryption algorithms are known as bulk ciphers.)
Asymmetric key algorithms and keys, on the other hand, are resource eaters. The keys are massive and are expensive to use at scale. What I mean is that they suck up a lot of your CPU processing resources and time, battery power, and bandwidth to execute.
Remember how we described symmetric algorithms as being a key component of your warp drive? Lets continue with that analogy. So, if you were to think about what asymmetric encryption algorithms are, theyd be like the equivalent of the thrusters in the propulsion system. Sure, theyll get you there eventually, but theyre not suitable for rapid encryption at scale.
However, theyre great for encrypting smaller batches of data in public channels. And asymmetric key exchanges (which well talk more about shortly) are a great way to distribute keys in those insecure public channels.
This is why people often turn to symmetric encryption for encoding large amounts of data.
As youll soon discover, not all symmetric algorithms are created equally. They vary in terms of strength but what exactly is does strength mean in cryptography? The short answer is that cryptographic strength is all about how hard it is for a hacker to break the encryption to gain access to the data. The longer answer, of course, may vary depending on the type of algorithm you evaluate. But, in general, cryptographic strength typically boils down to a few key traits:
Symmetric encryption can be a bit of a balancing act because you need algorithms and keys that are computationally hard yet practical enough to use with acceptable performance.
While symmetric encryption algorithms might sound like the most logical tools for all types of online data encryption, its not quite that simple. Much like the ever-logical Spock and the charismatic Captain Kirk, symmetric encryption also has weaknesses especially when used on their own in public channels. These weaknesses come in the form of key distribution and key management issues:
When using symmetric encryption, ideally, you and the person youre communicating with sort out your secret key ahead of time (prior to using it for any data exchanges). This means that in order to share a symmetric key securely with someone, youd need to meet up with them in person to give it to them. But what if youre across the country from the other party? Or, worse, what if youre on the other side of the world from them?
While this wouldnt be an issue in the Star Trek universe, where you could simply transport from one place to another within seconds, this isnt feasible in our 21st century transporterless world. Here, people are exchanging information with web servers worldwide every moment of every day. This means that people cant meet up ahead of time to hand out or receive keys. So, we have to rely on other means to securely exchange keys with other parties.
This is where asymmetric algorithms or, more specifically, key exchange protocols come into play. Asymmetric key exchanges make it possible to exchange symmetric keys in otherwise insecure public channels. What you may or may not realize is that youre actually using this combination of symmetric and asymmetric encryption techniques right now.
Lets consider your connection to our website as an example. See that padlock icon in your browser? It means youre connected to a secure website.
So, when you initially connected to TheSSLstore.com, your browser had to perform a process with our server thats known as a TLS handshake. This handshake is a way for the server to prove to your browser that its legitimate and isnt an imposter. (You know, cause cybercriminals love to pretend to be other people to trick people in connecting with them. Theyre kind of like Romulans in that way always engaging in subterfuge.) The handshake process uses asymmetric encryption and asymmetric key exchange processes to do this.
Of course, there are a few versions of the handshake TLS 1.0, TLS 1.2, TLS 1.3 and there specific differences in how they work. (For example, the Internet Engineering Task Force [IETF] pushes for the strict use of forward-secrecy-only ciphers in TLS 1.3 but thats a topic for another time.) Just know that only the TLS 1.2 handshake should be the minimum used. As of October 2020, Qualys SSL Labs reports that 99% of sites support the TLS 1.2 protocol and 39.8% support the TLS 1.3 protocol.
We wont get into the specifics of how the TLS handshake works here, but know that it involves the use of cipher suites. These groups of ciphers are what help to make it possible to establish a secure, HTTPS connection by determining which of each of the following to use:
You can read more about the process in this explainer blog on how the TLS handshake works. But for now, lets stay with the topic at hand of symmetric encryption algorithms.
During the symmetric encryption that takes place when you connect securely to a website, youre using a bulk cipher to make that happen. There are two subcategories of bulk ciphers: block ciphers and stream ciphers.
In this type of cipher, plaintext data breaks down into fixed-length groups of bits known as blocks (which are typically connected via a process known as chaining). Each block then gets encrypted as a unit, which makes this process a bit slow. And if theres not enough data to completely fill a block, padding (typically an agreed upon number of 0s) is then used to ensure that the blocks meet the fixed-length requirements.
The ideal block cipher has a massive key length that isnt practical, so many modern ciphers have to scale back key sizes to make them usable. But just as a quick note: Unlike with asymmetric encryption, symmetric encryption key sizes dont determine the size of the data blocks.
The majority of modern symmetric encryption algorithms fall within the block cipher camp, and these types of ciphers have broader usage and application opportunities. So, were mainly going to focus on them here. But if youre wondering what the most popular or common stream ciphers are, dont worry, weve got you covered.
With this type of cipher, it encrypts plaintext data one bit at a time. As such, data gets processed in a stream rather than in chunks like in block ciphers. This makes the process less resource-intensive and faster to achieve.
Now, were not going to get into all of the specifics of block ciphers and stream ciphers thats a whole other topic for another time. Just be sure to keep an eye out in the coming weeks for a separate article that breaks down block ciphers and stream ciphers.
Okay, now this is where things start to get exciting (or more complicated, depending on your perspective). With shared key encryption, there are several well-known symmetric key algorithms to know. Lets break them all down to understand what they are and how they work.
For this section, weve put together a symmetric algorithm list that will help us navigate the most common symmetric ciphers. Well start with one of the oldest and work our way up to the latest and greatest meaning, the algorithm that we typically use today for modern symmetric encryption.
First up on our list is the data encryption standard. DES, also known as DEA (short for data encryption algorithm), is one of the earliest symmetric encryption algorithms thats since been deprecated. Its based on the Feistel Cipher (much like many other varieties of block ciphers) and was actually deemed one of the first symmetric algorithms to be adopted as a Federal Information Processing Standard (FIPS) in 1976.
DES dates back to the early 1970s when its original form (Lucifer) was developed by IBM cryptographer Horst Feistel. IBM reports that the encryption method was originally created at the behest of Lloyds Bank of the United Kingdom. The National Bureau of Standards (now known as the National Institute of Standards, or NIST for short) ended up seeking proposals for a commercial application for encryption, and IBM submitted a variation of it. It was even desired for use by the National Security Agency (NSA) to protect their data.
This type of symmetric encryption maps inputs of a specific length to outputs of a specific length. As such, it operates on 64-bit blocks meaning that it could encrypt data in groups of up to 64 blocks simultaneously and has a key size of 56 bits. There are also 8 additional parity bits to the key, which serve as a way to check for data transmission errors. However, its important to note that parity bits arent something youd ever use for encryption.
This size key is actually very small by todays standards, which makes it highly susceptible to brute force attacks. Also, the key and block lengths differ from the original Lucifer key and block lengths, both of which were reduced from 128 bits.
To learn more about how DES encryption and Feistel Networks work, check out this great video from Coursera and Stanford University.
The Data Encryption Standard (DES) document (FIPS PUB 46-3) was officially withdrawn on May 19, 2005, along with the documents FIPS 74 and FIPS 81. The National institute of Standards and Technologys Secretary of Commerce published the following in the Federal Register:
These FIPS are withdrawn because FIPS 46-3, DES, no longer provides the security that is needed to protect Federal government information. FIPS 74 and 81 are associated standards that provide for the implementation and operation of the DES.
DES encryption was succeeded by triple data encryption algorithm (TDEA) for some applications, although not all. However, DES was primarily superseded as a recommendation by the advanced encryption standard, or whats known as AES encryption, in 2000. This is what we most commonly use today for symmetric encryption.
Now, lets explore those two other types of symmetric encryption algorithms.
The triple data encryption algorithm, which was created in the late 1990s, is a bit tricky as it actually goes by several abbreviations: TDEA, TDES, and 3DES. But as you can probably guess from its name, 3DES is based on the concept of DES but with a twist.
Unlike its predecessor, TDEA uses multiple separate keys to encrypt data one variation of TDEA uses two keys and the other variation uses three keys (hence the triple in its name). The stronger of the two is the one that uses three keys.
Heres an illustration of how the three-key TDEA process works:
The use of multiple keys makes processing data slow and increases the computational overhead, which is why organizations often skipped over 3DES and moved straight on to using AES.
TDEA operates using a decent 168-bit key size. However, like DES, 3DES also operates on small 64-bit blocks. Its small block size made it susceptible to the sweet32 vulnerability (CVE-2016-2183 and CVE-2016-6329), or whats known as the sweet32 birthday attack. This exploit takes advantage of a vulnerability that enables unintended parties to access portions of DES/TDEA-encrypted data.
The TDEA symmetric key encryption algorithm is set to deprecate in terms of being useful for cryptographic protection in 2023. However, in the meantime, NIST SP 800-76 Rev. 2 specifies that 3DES can be used by federal government organizations to protect sensitive unclassified data so long as its used within the context of a total security program. Such a program would include:
AES is the most common type of symmetric encryption algorithm that we use today. In fact, even the NSA uses AES encryption to help secure its sensitive data.
AES is a variant of the Rijndael family of symmetric encryption algorithms. Unlike its DES or TDEA counterparts, its based on a substitution-permutation network. So, it uses this as its foundation in lieu of the Feistel cipher. Youll find the advanced encryption standard in use for everything from SSL/TLS encryption to wireless and processor security. Its fast, secure, and doesnt noticeably increase your processing overhead (at least, when you use the right key).
AES operates on block sizes of 128 bits, regardless of the key size used, and performs encryption operations in multiple rounds.
Theres a total of four AES encryption sub-processes:
The rounds, which are performed on the plaintext data, uses substitutions from a lookup table. So, one of the rounds looks akin to this:
AES, which became the new FIPS-approved encryption standard after replacing DES and superseding 3DES, has a maximum key size of up to 256 bits. This is about 4.5 times larger than a DES key. Any larger, and it wouldnt be practical for at-scale applications. Now, the size of the key determines how many rounds of operations will execute for example, a 128-bit key will have 10 rounds, whereas a 256-bit key will have 14.
Of course, AES encryption is incredibly strong. So, any attempts to crack AES via brute force using modern computer technology is futile, as a certain collective of cybernetic individuals love to say. Even Lt. Commander Data would likely struggle with such a computational effort. I say that because even quantum computers arent expected to have as big of an effect on symmetric encryption algorithm as it will on, say, modern asymmetric encryption methods. (Symmetric encryption methods would require larger keys to be quantum resistant, whereas public key methods will no longer be secure period.)
For a more in depth look at the advanced encryption standard, be sure to check out our other article on the topic. There, youll get a highly technical look at how AES works.
There are plenty of other types of symmetric encryption algorithms that are useful for different purposes and cryptographic functions. Just to give you a quick taste, the list of some of these algorithms include:
Of course, there are other ciphers, too but were not going to include them all here. But this at least gives you some examples of whats out there as far as AES algorithms are concerned.
Symmetric encryption algorithms, when used on their own, are best suited for encrypting data at rest or in non-public channels. I say that because theyre often found protecting at-rest data in various situations, including databases, online services, and banking-related transactions. (The latter is because the Payment Card Industry Data Security Standards, or PCI DSS for short, requires it.)
However, those arent the only places theyre useful. Oh, no youll also find symmetric algorithms in use across the internet. When you use them in conjunction with asymmetric encryption for key exchange such as when you connect to a secure website then symmetric encryption comes into play with services such as:
Didnt feel like diving into all of the technical mumbo-jumbo? (Or didnt feel like reading through my nerdy Star Trek comparisons of symmetric encryption algorithms?) No worries. Here are a few of the main takeaways from this article on symmetric key algorithms:
Be sure to stay tuned for our next chapter in this blog series on symmetric encryption in the coming weeks. And until next time live long and proper.
- Ring adds end-to-end video encryption to its doorbells and security cameras at CES 2021 - CNET - January 14th, 2021
- Encrypted Phones iPhone and Android Encryption - Reader's Digest - January 14th, 2021
- Millions Flock to Telegram and Signal as Fears Grow Over Big Tech - The New York Times - January 14th, 2021
- Signal, the encrypted messaging app and WhatsApp alternative, explained - Vox.com - January 14th, 2021
- Heres why Telegram does not offer end-to-end encryption by default - The Indian Express - January 14th, 2021
- Mobile Encryption Market Structure, Industry Inspection, and Forecast 2025 - Business-newsupdate.com - January 14th, 2021
- Comprehensive Report on Email Encryption Market 2020 | Size, Growth, Demand, Opportunities & Forecast To 2030 - KSU | The Sentinel Newspaper - January 14th, 2021
- The World's Only Processor Family with Full Memory Encryption* - PCWorld - January 14th, 2021
- What is Signal? The basics of the most secure messaging app. - Mashable - January 14th, 2021
- WhatsApp chats are encrypted so how will Facebook use chat data for ads? This is how - India Today - January 14th, 2021
- Encryption Software Market Current and Future Industry Trends, 2020-2025 - AlgosOnline - January 14th, 2021
- What Is Signal, and Why Is Everyone Using It? - How-To Geek - January 14th, 2021
- Data Encryption Market Analysis and In-depth Research on Size, Trends, Emerging Growth Factors and Forecasts 2026 - Murphy's Hockey Law - January 14th, 2021
- Elon Musk says to use Signal instead of Facebook. What to know about the messaging app - CNET - January 10th, 2021
- Global Document Encryption Software Market 2020 Industry Analysis, Key Drivers, Business Strategy, Opportunities and Forecast to 2025 The Sentinel... - January 10th, 2021
- Encryption Software Market Segmentation and Analysis by Recent Trends, Development and Growth by Regions to 2026 - Farming Sector - January 10th, 2021
- Homomorphic Encryption Market 2020 | COVID-19 Impact With Top Key Players, Trends, Overview, Insights And Outlook 2027 : Cosmian, CryptoExperts,... - January 10th, 2021
- Global Email Encryption Market Expected to reach highest CAGR by 2025 : Hewlett-Packard, Symantec Corporation, Cisco Systems, Mcafee (Intel), Trend... - January 10th, 2021
- Homomorhpic Encryption Market Latest Innovations, Analysis, Business Opportunities, Overview, Component, Industry Revenue and Forecast - LionLowdown - January 10th, 2021
- Homomorphic Encryption Market Forecast 2021-2027, Latest Trends and Opportunities|Microsoft (US), IBM Corporation (US), Galois Inc (US) - Farming... - January 10th, 2021
- Are We Heading Towards EU Legislation Banning End-to-End Encryption? - Lexology - December 29th, 2020
- Encryption Software Market Trending Technologies, Industry Growth, Share, Opportunities, Developments And Forecast - LionLowdown - December 29th, 2020
- Signals famous encryption may have been cracked - TechRadar - December 29th, 2020
- AES Encryption Software Market 2021: Comprehensive Analysis and Growth Forecast - NeighborWebSJ - December 29th, 2020
- Encryption, zero trust and the quantum threat security predictions for 2021 - BetaNews - December 29th, 2020
- Encryption Software Market By Business Analysis, Industry Types, Demand, Capacity, Applications, Services, Innovations and Forecast 2025 - Farming... - December 29th, 2020
- Encryption Software Market Size 2020 by Top Key Players, Global Trend, Types, Applications, Regional Demand, Forecast to 2027 - LionLowdown - December 29th, 2020
- How to Securely Send Sensitive Information over the Internet - TechBullion - December 29th, 2020
- In 2020, Congress Threatened Our Speech and Security With the EARN IT Act - EFF - December 29th, 2020
- Encryption Key Management Market Key Trends and how do they Impact the Specific Regions - NeighborWebSJ - December 29th, 2020
- The ACLU Is Suing For Info On The FBI's Encryption Breaking Capabilities - Gizmodo - December 29th, 2020
- Encrypting data is the key to a peaceful New Year (Includes interview) - Digital Journal - December 29th, 2020
- Proton's Calendar Platform With End-to-End Encryption Now Available as an Android App - News18 - December 29th, 2020
- Encryption Software Market 2020: COVID19 Impact on Industry Growth, Trends, Top Manufacturer, Regional Analysis and Forecast to 2027 - The Monitor - December 29th, 2020
- The Same U.S. Government That Wants To Weaken Our Encryption Just Got Massively Hacked - Reason - December 15th, 2020
- How to Enable End-to-End Encryption in Google Messages - Lifehacker - December 15th, 2020
- Ransomware gangs are getting faster at encrypting networks. That will make them harder to stop - ZDNet - December 15th, 2020
- UK has not ordered 'backdoor access' to WhatsApp messages - but could issue injunction against Facebook's encryption plans - Sky News - December 15th, 2020
- From the bottom of the sea rose a piece of encrypted history. What were the Nazi Enigmas? - The Indian Express - December 15th, 2020
- Global Cloud Encryption Software Market To Witness Huge Gains Over 2020-2026 - The Courier - December 15th, 2020
- Google Messages End-to-End Encryption Guide: How It Works on Android - Tech Times - December 15th, 2020
- Facebooks encryption could prevent MI5 and police from stopping terror attacks and child abuse - Telegraph.co.uk - December 15th, 2020
- S'pore seizes $5.3m in illicit funds linked to Canadian network used by crime syndicates - The Straits Times - December 15th, 2020
- Encrypted messaging could increase child abuse cases, report warns - E&T Magazine - December 9th, 2020
- A Balanced DNS Information Protection Strategy: Minimize at Root, TLD; Encrypt When Needed Elsewhere - CircleID - December 9th, 2020
- Protecting consumer data is leading driver for encryption in Middle East: report - Gulf Business - December 9th, 2020
- Insights on the Cloud Encryption Software Market 2020-2024: COVID-19 Industry Analysis, Market Trends, Market Growth, Opportunities and Forecast 2024... - December 9th, 2020
- Commercial Encryption Software Market Trends, Growth, Analysis, Opportunities and Overview by 2026 - Murphy's Hockey Law - December 9th, 2020
- Does opening a 'back door' to encrypted communications create a whole new raft of problems? How can firms promise privacy if there is official access?... - December 9th, 2020
- Enigma encryption machine used by Nazis in World War II found on bottom of ocean - ABC News - December 9th, 2020
- Encryption Software Market 2020 | Latest Trend, Swot Analysis, Covid-19 Impact And Forecast - The Haitian-Caribbean News Network - December 9th, 2020
- Data Encryption Market Size with Business Opportunity, Challenges, Standardization, Competitive Intelligence and Regional Analysis - The... - December 9th, 2020
- COVID-19 Update: Global Encryption Software Market is Expected to Grow at a Healthy CAGR with Top players: Dell , Eset , Gemalto , IBM , Mcafee , etc.... - December 9th, 2020
- SSL-based threats remain prevalent and are becoming increasingly sophisticated. - The CyberWire - December 9th, 2020
- What Is the Signal Encryption Protocol? - WIRED - November 30th, 2020
- Data Protection | The Pros and Cons of End-to-End Encryption - DIGIT.FYI - November 30th, 2020
- Encryption Software Market Overview, Growth, Types, Applications, Dynamics, Companies, Regions, & Forecast to 2026 - The Haitian-Caribbean News... - November 30th, 2020
- Encryption Software Market to Witness Astonishing Growth by 2027 | Dell , Eset , Gemalto and more - Cheshire Media - November 30th, 2020
- EU targets end-to-end encryption tools after rise in terror attacks - DIGIT.FYI - November 30th, 2020
- European Legislators Move to Eliminate End-to-End Encryption in Messaging Services Following Terror Attacks - Digital Information World - November 30th, 2020
- Facebook urged to end encryption to help cops stop paedophiles using app - The Sun - November 30th, 2020
- Inside the French governments mission to develop an encrypted messaging platform - NS Tech - November 30th, 2020
- Hardware-based Full Disk Encryption Market Size, Key Manufacturers, Demand, Application And Opportunities By 2027 - The Haitian-Caribbean News Network - November 30th, 2020
- The tech and security backends that keep your data safe - Business MattersBusiness Matters - November 30th, 2020
- Encryption Software Market Expected to Boost the Global Industry Growth in the Near Future - Cheshire Media - November 30th, 2020
- Commercial Encryption Software Market Will Generate Record Revenue by 2025 - The Haitian-Caribbean News Network - November 30th, 2020
- Google plans to test end-to-end encryption in Android messages - TechCrunch - November 24th, 2020
- Google Messages Set to Roll Out End-to-End Encryption - Infosecurity Magazine - November 24th, 2020
- Did they crack the code? The importance of encryption for protest movements - OpenGlobalRights - November 24th, 2020
- The EU's muddled approach to encryption - The Spectator US - November 24th, 2020
- AES Encryption Software Market 2020 Global Industry Size, Demand, Growth Analysis, Share, Revenue and Forecast 2022 - The Think Curiouser - November 24th, 2020
- How to recover data from a Mac with T2 or FileVault encryption and without a password - Macworld - November 24th, 2020
- Security flaws in smart doorbells may open the door to hackers - We Live Security - November 24th, 2020
- Document Encryption Software Market 2020 - Impact of COVID-19 Pandemic, Future Development, Top Manufacturers Analysis, Trends and Demand discussed in... - November 24th, 2020
- U.S. Hardware Encryption Market is expected to reach $259.12 billion by 2026 | CAGR 32.4% - WhaTech - November 24th, 2020
- Data Encryption Market: Global Industry Analysis, Size, Share, Trends, Growth and Forecast 2020 2026 - The Think Curiouser - November 24th, 2020
- Arrests and raids in Essex as police crackdown on encrypted criminal networks - Gazette - November 24th, 2020
- 2020 and Beyond: Homomorphic Encryption Market Trends and Outlook Study to 2027 - The Haitian-Caribbean News Network - November 24th, 2020
- US Department of Justice reignites the Battle to Break Encryption - Naked Security - October 17th, 2020
- Five Eyes Call for Tech World to Weaken Encryption - ClearanceJobs - ClearanceJobs - October 17th, 2020