Skip to content

Symmetric Encryption

Same key encrypts and decrypts
Fast and efficient for bulk data encryption but key distribution is the fundamental problem -- how do you securely share the key with the recipient?

The Key Distribution Problem

If two parties need to communicate securely they both need the same key but if they have a secure channel to exchange the key why do they need encryption? This chicken-and-egg problem is solved by asymmetric encryption for key exchange

Block Ciphers

Encrypt fixed-size blocks of data (typically 128 or 256 bits)

AES (Advanced Encryption Standard) - Current gold standard * Block size: 128 bits * Key sizes: 128, 192, 256 bits * Operations: SubBytes, ShiftRows, MixColumns, AddRoundKey * Modes: ECB (insecure), CBC, CTR, GCM (authenticated)

DES/3DES - Deprecated * DES: 56-bit key (bruteforced in hours) * 3DES: Effectively 112-bit (still weak , deprecated by NIST 2023)

Blowfish/Twofish - Legacy * Blowfish: 64-bit block (small , vulnerable to birthday attacks) * Twofish: AES finalist , still considered secure but less adopted

Block Cipher Modes

ECB (Electronic Codebook) - NEVER USE Identical plaintext blocks produce identical ciphertext blocks Leaks patterns in the plaintext (famous Linux penguin image problem)

CBC (Cipher Block Chaining) Each plaintext block XORed with previous ciphertext block Requires IV for first block. Vulnerable to padding oracle attacks

CTR (Counter) Turns block cipher into stream cipher Encrypts incrementing counter values and XORs with plaintext Parallelizable , fast , but no authentication

GCM (Galois/Counter Mode) CTR mode + authentication tag Provides both encryption and integrity verification Recommended default for modern applications

Stream Ciphers

Encrypt data one bit or byte at a time

  • ChaCha20 - Modern stream cipher (used in TLS, SSH, WireGuard)
  • RC4 - Deprecated (biased output, multiple vulnerabilities)

ChaCha20-Poly1305 is the recommended modern authenticated encryption. Used by TLS 1.3 , SSH , WireGuard. Faster than AES on devices without hardware AES acceleration

IV/Nonce Requirements

  • Never reuse an IV with the same key (catastrophic failure)
  • AES-GCM: 96-bit nonce (2^32 messages before birthday bound)
  • ChaCha20: 96-bit nonce (also 2^32)
  • Random IVs are generally safe but counters work too

Common Attacks on Symmetric Crypto

  • Brute Force - Try all possible keys (256-bit AES is infeasible)
  • Known Plaintext - If you know part of the plaintext, can you derive key? (AES resists this)
  • Chosen Plaintext - Attacker can encrypt arbitrary data (AES-CPA secure)
  • Side-Channel - Timing , power consumption , electromagnetic leakage
  • Related-Key - Exploit relationships between different keys