## Reid Barton

- 6 minutes

Some practical context for encryption, starting with symmetric encryption

- 6 minutes

Share:

This post is the first in our series discussing the basics of encryption and its applications, for those who have some awareness about encryption and encryption keys but want to learn more about some of the practical topics needed for implementation. In this post, we will discuss the basics of symmetric-key encryption, block ciphers, AES, GCM, initialization vectors, and more.

Symmetric-key encryption is a great way to protect data.
The concepts behind symmetric encryption date back thousands of years^{1}, with modern algorithms being flexible for many use cases, easy to implement, computationally fast, and incredibly secure.

The use of the word “symmetric” refers to the fact that the same key used to encrypt a plaintext message is used to decrypt the resulting ciphertext back to the original message. Care should be taken to keep the key completely private, as anyone who has it can decrypt your messages and data or encrypt messages to masquerade as you.

Some commonly referenced algorithms include AES, DES (now considered insecure), Blowfish, Camellia, and ChaCha, and their many use cases include data storage, disk encryption, and securing communication using HTTPS while you browse the internet.

- There is another category of algorithms called asymmetric encryption that relies on a pair of keys - one used to encrypt messages and the other to decrypt the messages encrypted with the first one. These algorithms are popular for public key cryptography and use cases such as cryptocurrency wallets, but we’ll discuss this type of encryption in the next article.

With such widespread use of symmetric-key encryption, there are clear industry preferences that make it easy for developers who are new to the topic to pick what to use. Let’s look at the algorithm most commonly called the gold standard, the Advanced Encryption Standard (AES).

AES is a type of algorithm known as a block cipher, meaning that it operates on fixed-width chunks of plaintext data (the message to be protected) to produce fixed-width blocks of ciphertext (the encrypted output from the cipher). For AES, the data is always chunked into blocks of 128-bit length before encryption. Extra bytes of padding can be added to the data to make it divisible into complete blocks.

Despite the constant block size, AES comes in three flavors based on the size of the key used to encrypt the blocks; AES-128, AES-192, and AES-256 corresponding to 128-bit, 192-bit, and 256-bit keys.

In general, a larger key length for the same algorithm means higher security, and AES-256 is even used to encrypt information classified as top secret^{2}.
After it was released as a Federal Information Processing Standard in 2001^{3}, AES replaced the Data Encryption Standard (DES) and is currently a NIST-endorsed encryption algorithm^{4} for protecting the federal government’s sensitive information.

As an aside, another class of ciphers called stream ciphers operate on data bit-by-bit and do not rely on blocks.

It is important to be aware when using a block cipher like AES that different modes of operation have evolved to help protect against attacks and to be more performant. We’ll review some of the common modes that a developer might come across in an AES library.

ECB is the “vanilla” mode of operation where plaintext data is simply divided into blocks and encrypted with the encryption key, without any data (other than the key) shared between blocks of plaintext or ciphertext. This might be a great starting place while learning, but is unlikely to be useful in practice. The problem is that encrypting the same plaintext with the same key will produce a duplicate ciphertext, making it easy to find patterns in the encrypted data and even opening the door to some cyberattacks.

An immediate upgrade to ECB is the CBC mode of operation. As the name implies, CBC chains blocks together by including information from the previously encrypted block in the next. However, since the first block will not have a preceding one, an initialization vector (IV) is required to seed the encryption chain.

- An IV is just pre-generated random data injected during encryption to add entropy (randomness) into the ciphertext. It must be kept alongside the ciphertext as it is needed to successfully decrypt ciphertext back into plaintext.

Together, block chaining and the IV help to randomize ciphertexts and hide patterns that would otherwise be present with ECB.

A further upgrade beyond CBC and popular choice for AES’s mode of operation is GCM. Like CBC, GCM requires an IV and provides the same level of confidentiality, but falls under a more complicated category of modes called authenticated encryption.

With authenticated encryption, an additional authentication tag is produced during encryption that acts like a secure cryptographic hash. The tag is used to validate that the ciphertext has not been tampered with before attempting to decrypt it, and is extremely difficult to be spoofed or modified by an attacker. These security advancements along with some performance improvements over CBC have earned GCM the spot for today’s go-to mode of operation.

Symmetric encryption is a great way to protect data from prying eyes, especially for protecting sensitive data when it’s being stored. Using AES-256 with GCM as the block cipher mode of operation is a great way to secure data with a widely trusted methodology.

This post has hopefully helped when starting to dive into encryption and gives enough context to start using some encryption libraries, and to explore more advanced topics of encryption.

A quick summary of key terms is provided below:

**Symmetric encryption**: Family of algorithms that use a single key for encryption and decryption**Asymmetric encryption**: Family of algorithms that use a pair of keys used for encryption and decryption**Plaintext**: The data or message to be protected**Ciphertext**: The encrypted output from a cipher**Block cipher**: Algorithms that perform encryption on fixed-width blocks of data**Advanced Encryption Standard (AES)**: Most popular symmetric-key block cipher**Data Encryption Standard (DES)**: The algorithm that preceded AES and is no longer recommended for use**Electronic Codebook (ECB)**: A simple but insecure mode of operation for block ciphers**Cipher Block Chaining (CBC)**: A decent mode of operation for block ciphers that lacks authentication**Galois/Counter Mode (GCM)**: A secure mode of operation for authenticated encryption**Initialization Vector (IV)**: Random data injected during encryption to add entropy into the ciphertext**Authentication Tag**: An output of authenticated encryption that protects against ciphertext tampering