Symmetric Key Cryptography

Symmetric key cryptographic algorithms are simple to understand and have been around far longer than asymmetric key algorithms. They are conceptually similar to physical keys. You use the same key to lock your house when you leave it and unlock it when you return. In terms of the mathematical representation of encryption and decryption above, the encryptionkey and decryptionkey are the same sequence of bits:

ciphertext = AES(plaintext, key)

plaintext = AES-1(ciphertext, key)

These diagrams are another way to envision this:

Introducing Alice and Bob

Allow me to introduce you to the two parties involved in a simple secured message transmission, Alice and Bob. Alice encrypts some plaintext message (M) using a symmetric key algorithm (AES) and key (K1) and sends the resulting ciphertext (EM) to Bob. Bob receives the ciphertext (EM) from Alice and decrypts it using the same algorithm in decrypt mode (AES-1) and key (K1) to recover the plaintext message (M’). Sometimes the messages may go from Bob to Alice.

To describe some scenarios, we also will use Alice and Bob’s other friends, Charlie and Donna. There is a passive adversary named Eve who tries to eavesdrop on their messaging. In some scenarios there is a very evil adversary named Mallet who launches active attacks.

Key Management with Symmetric Key Cryptography

With symmetric key algorithms, Alice must somehow securely provide the key she used to Bob, without anyone else (e.g. Eve) discovering the key, and hence the secret message. In general, with only symmetric key algorithms this is a very difficult thing to do. One solution is an ANSI X9.17 Key Management Facility (KMF), where Alice and Bob each have a keying relationship with the KMF. Alice can send the key for communicating with Bob to the KMF using the key she shares with the KMF, and Bob can retrieve it from the KMF using the key he shares with the KMF. While an exchanged key is on the KMF, it is not protected. This means the KMF must be very well secured, and operated by trusted personnel, as anyone who has access to the KMF can obtain any key used.

Without a KMF, there is a combinatorial explosion in terms of the number of keys needed, since Alice and Bob need one key, while Alice and Charlie need another key and Bob and Charlie yet another. With 50 people, 2,450 keys are needed (in general n x (n-1) keys for n people).

When I created the secure messaging system for the IRS (Whisper), only symmetric key algorithms (DES) were available. I implemented an X9.17 compliant KMF (Whisper Central). The IRS was aware of the risks and were content that they could provide a secure KMF for its agents.

Common Symmetric Key Algorithms

There are many well-known symmetric key cryptographic algorithms, some of which are now deprecated (considered weak and should not be used).

DES – Data Encryption Standard (1975), used by the US government for many years. DES encrypts or decrypts a 64-bit block at a time. Key length was 64 bits, but every 8th bit was a checksum bit, resulting in an effective key length of 56 bits, for 72 quadrillion (7.2 E+16) possible keys. While this sounds like a lot, the Deep Crack DES cracker could try every possible DES key in about 9 days, at 90 billion keys a second.

Paul Kocker, principal designer of Deep Crack (at the EFF)

IDEA (International Data Encryption Algorithm, 1991) used a 128-bit key and encrypts or decrypts a 64-bit block at a time. This was mostly used in Europe.

3DES (Triple DES, 1998) – kludge to improve strength of DES by applying it 3 times in a row (with same key or three different keys). Still used in PKCS12 key containers.

Camellia (Japan, 2000) Block size of 128 bits, key size of 128, 192 or 256 bits. Comparable to AES.

AES – Advanced Encryption Standard (2001), which replaced DES in 2001 as the official US symmetric cipher, after an international competition. It can use key lengths of either 128, 192 or 256 bits. AES encrypts or decrypts a 128-bit block at a time. AES is the most common symmetric cipher in use today.

Strength of Symmetric Key Algorithms Based on Key Length

Table showing number of possible keys and time to try all of them at 90 billion keys per second, for various key lengths. The larger numbers are in scientific notation, e.g. 1.2E+20 = 1.2 times 10 to the 20th. For comparison, the universe is about 13.8 billion or 1.38E+10 years old.

In general, symmetric key ciphers are very fast (can process millions of bytes of plaintext per second), hence are good for bulk encryption. They are very poor at key management, and not very effective for creating digital signatures. There is little risk of even 128-bit ciphers (let alone 256-bit) being rendered useless by increasingly fast computers. Even quantum computers will only cut the effective key length roughly in half (a good reason to use 256-bit keys).

Example of Symmetric Cryptography

This is a screen capture of a Windows app I created to demo symmetric crypto.

For comparison, see Asymmetric Key Cryptography