Symmetric ciphers use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. They are faster than asymmetric ciphers and allow encrypting large sets of data. However, they require sophisticated mechanisms to securely distribute the secret keys to both parties.
- K - a set of all possible keys,
- M - a set of all possible messages,
- C - a set of all possible ciphertexts
- E: K × M -> C
- D: K × C -> M
- D(k, E(k, m)) = m (the consistency rule)
- Function E is often randomized
- Function D is always deterministic
There are two kinds of symmetric ciphers: stream ciphers and block ciphers.
Stream ciphers are based on generating a possible infinite cryptographic keystream of random data. They take one output bit (or byte) at a time, and use it to encrypt the corresponding bit (or byte) of input data.
Stream ciphers work on continuous stream of plaintext data and they do not divide it into smaller blocks.
Block ciphers work on larger fragments of data (called blocks) at a time, by encrypting data blocks one by one. During encryption input data are divided into blocks of fixed-length and each of them is processed by several functions with the secret key. Both lengths of data block and key, and the functions using in the process are determined by the algorithm. The inverse functions are used for decryption.
Block cipher algorithms are often able to combine data from different blocks in order to provide additional security (e.g. AES in CBC mode).
Block ciphers may be described as efficient and deterministic functions, which permute contents of all data blocks. They simply mix all the bits in each block. Permutation functions must be pseudorandom and the output should be indistinguishable from pure random data. To allow decryption, the inverse permutations must be used. The inverse permutations need also to be quite efficient.