Symmetric key cryptography

From Citizendium
Jump to navigation Jump to search
This article is developing and not approved.
Main Article
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
This editable Main Article is under development and subject to a disclaimer.
For more information, see: Cryptography.

Symmetric key cryptography uses the same key for both encryption and decryption. Since compromise of a single key completely defeats the security of symmetric key techniques, it is also called secret key cryptography. "Secret key" is slightly misleading, as the private key in asymmetric key cryptography also must be protected.

The first symmetric ciphers were monoalphabetic, operating on individual letters. They included substitutions such as the Caesar cipher, as well as simple transposition cipher. All used symmetric keying, as, indeed, did every known system until the advent of asymmetric key (public key) methods in the mid-1970s. The next level of complexity moved to polyalphabetic substitution, still one character at a time.

The study of symmetric-key ciphers involves the study of block ciphers and stream ciphers and their applications.

Block ciphers

A block cipher is the modern embodiment of Alberti's polyalphabetic cipher: block ciphers take as input a block of plaintext and a key, and output a block of ciphertext of the same size. Block ciphers are used in a mode of operation to implement a cryptosystem.

DES and AES are block ciphers which have been designated cryptography standards by the US government (though DES's designation was eventually withdrawn after the AES was adopted)[1]. Despite its delisting as an official standard, DES (especially its still-approved and much more secure Triple DES variant) remains quite popular; it is used across a wide range of applications, from ATM encryption[2] to e-mail privacy[3] and secure remote access[4]. Many other block ciphers have been designed and released, with considerable variation in quality. [5]

Stream ciphers

Stream ciphers, in contrast to the 'block' type, create an arbitrarily long stream of key material, which is combined with the plaintext bit by bit or character by character, somewhat like the one-time pad. In a stream cipher, the output stream is created based on an internal state which changes as the cipher operates. That state's change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known stream cipher [5]

Hybrid cryptosystems

In general, symmetric ciphers are much faster than asymmetric ones, but key management for symmetric ciphers can be difficult. For people to communicate, keys are needed and all of them must be securely communicated before they can be used. This problem is often managed by using a hybrid cryptosystem in which public key techniques handle key management and symmetric ciphers do the encryption of actual messages.


  1. FIPS PUB 197: The official Advanced Encryption Standard.
  2. NCUA letter to credit unions, July 2004
  3. Open PGP Message Format RFC at the IETF
  4. SSH at by Pawel Golen, July 2004
  5. 5.0 5.1 Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9