How Symmetric Encryption Works — One Key, Two Operations

Symmetric encryption uses the same key to encrypt and decrypt. You and I share a secret key. I encrypt a message with the key, send you the ciphertext, and you decrypt it with the same key. Anyone without the key sees gibberish.

This is the oldest form of cryptography — Caesar ciphers, Enigma machines, and the one-time pad are all symmetric. Modern symmetric encryption (AES) is fast, well-studied, and the workhorse of internet security. Every TLS connection, every encrypted disk, every VPN tunnel uses symmetric encryption for the bulk data transfer.

How Does AES Work?

AES (Advanced Encryption Standard) is the dominant symmetric cipher. Selected by NIST in 2001 from a public competition, it's used by virtually every encryption system today.

AES is a block cipher — it encrypts data in fixed-size blocks of 128 bits (16 bytes). The key is 128, 192, or 256 bits. AES-256 means a 256-bit key — 2^256 possible keys, a number so large that brute-forcing it would outlast the heat death of the universe.

For each 128-bit block, AES performs multiple rounds of:

1. SubBytes — replace each byte using a substitution table (the S-box). This adds non-linearity.
2. ShiftRows — shift rows of the block by different offsets. This spreads data across columns.
3. MixColumns — mix data within each column using matrix multiplication. This spreads data further.
4. AddRoundKey — XOR the block with a round key derived from the main key.

AES-128 does 10 rounds. AES-256 does 14 rounds. Each round mixes the data more thoroughly. After all rounds, the output has no statistical relationship to the input — perfect diffusion.

What Are Modes of Operation?

AES encrypts 16 bytes at a time. Real data is larger than 16 bytes. A mode of operation defines how to encrypt multiple blocks.

ECB (Electronic Codebook) — encrypt each block independently. This is broken: identical plaintext blocks produce identical ciphertext blocks. An image encrypted with ECB still shows the outline because repeated patterns in the image produce repeated patterns in the ciphertext. Never use ECB.

CBC (Cipher Block Chaining) — XOR each plaintext block with the previous ciphertext block before encryption. Identical plaintext blocks produce different ciphertext because the chaining makes each block depend on all previous blocks. Requires an initialization vector (IV) — a random value for the first block.

CTR (Counter) — turns the block cipher into a stream cipher. Encrypt a counter (0, 1, 2, 3...) and XOR the result with the plaintext. Parallelizable — blocks are independent. Used widely in practice.

GCM (Galois/Counter Mode) — CTR mode plus authentication. This is the mode you should use. It encrypts the data AND produces an authentication tag that detects tampering. If anyone modifies the ciphertext, decryption fails. This is authenticated encryption.

Why Does Authenticated Encryption Matter?

Encryption without authentication is dangerous. An attacker can't read the data, but they can modify the ciphertext and you won't know. They might flip bits to change a transfer amount, corrupt a command, or cause a decryption error that leaks information.

AES-GCM and ChaCha20-Poly1305 are the two standard authenticated encryption algorithms. They provide:

• Confidentiality — the data is unreadable without the key.
• Integrity — any modification to the ciphertext is detected.
• Authenticity — the tag proves the ciphertext was created by someone with the key.

TLS 1.3 only allows authenticated encryption. The older, unauthenticated modes (CBC without HMAC) have been the source of numerous attacks (BEAST, Lucky 13, POODLE).

What Is the Key Distribution Problem?

Symmetric encryption has one fundamental challenge: both parties need the same key. If you're encrypting a file on your own disk, this is easy — you know the key. But if you're communicating with a remote server, how do you share the key without someone intercepting it?

You can't encrypt the key and send it — that requires another key. You can't send it in plaintext — anyone watching can copy it. This is the key distribution problem, and it's what asymmetric encryption solves.

In practice, TLS uses asymmetric encryption (or key exchange) to establish a shared symmetric key, then uses that symmetric key for the actual data transfer. Asymmetric is slow but solves key distribution. Symmetric is fast but requires a shared key. TLS uses both.

Where Is Symmetric Encryption Used?

TLS data transfer — after the handshake establishes a shared key, all data is encrypted with AES-GCM or ChaCha20-Poly1305. Every HTTPS page load, every API call, every database connection uses symmetric encryption.

Disk encryption — macOS FileVault, Linux LUKS, Windows BitLocker, and Android encryption all use AES to encrypt the entire disk. Your disk encryption key is derived from your password (using a key derivation function like PBKDF2 or Argon2).

File encryption — tools like age, gpg, and cloud storage encryption use AES for the file data.

VPNs — WireGuard uses ChaCha20-Poly1305. IPsec uses AES-GCM.

Database encryption at rest — PostgreSQL, MySQL, and MongoDB encrypt stored data with AES.

Symmetric vs Asymmetric

	Symmetric	Asymmetric
Keys	One shared key	Public + private key pair
Speed	Fast (hardware-accelerated)	100-1000x slower
Key distribution	Must share secretly	Public key can be shared openly
Use case	Bulk data encryption	Key exchange, signatures
Examples	AES, ChaCha20	RSA, ECDH, Ed25519

Most real systems use both: asymmetric to establish the key, symmetric for the data. This is called hybrid encryption.

Next Steps

• How Asymmetric Encryption Works — public/private keys and how they solve key distribution.
• How TLS Works — how the handshake combines asymmetric and symmetric encryption.