We said confidentiality means only the sender and receiver can read the data. The tool that delivers confidentiality is encryption. Letâs start with the simplest form.
Symmetric encryption uses one key for both encryption and decryption. The sender encrypts the data with the key, and the receiver decrypts it with the same key. Same key, both directions. Thatâs why itâs called symmetric.
Think of it like a lockbox with a single key. You put your message in the box, lock it, and send it. The recipient uses their copy of the same key to unlock it. Anyone who intercepts the box canât open it without the key.
AES (Advanced Encryption Standard) is the symmetric encryption algorithm used in virtually all modern encryption, including TLS. It was selected by NIST in 2001 after a public competition, replacing the older DES standard.
AES comes in three key sizes:
Both AES-128 and AES-256 are considered secure today. The difference is the margin of safety. AES-256 has a larger key space, which matters for the quantum computing story weâll cover later.
AES is a block cipher. It encrypts data in fixed-size blocks of 128 bits (16 bytes) at a time. But most data is longer than 16 bytes. So how do you encrypt a whole message?
You use a mode of operation. The mode defines how to apply the block cipher to data of any length. There are several modes, and the choice matters a lot for security.
ECB (Electronic Codebook): Encrypt each block independently. This is the simplest mode, and itâs insecure. Identical plaintext blocks produce identical ciphertext blocks, which leaks patterns. The famous âECB penguinâ image demonstrates this: encrypting a bitmap image with ECB preserves the outline of the image in the ciphertext.
CBC (Cipher Block Chaining): Each block is XORed with the previous ciphertext block before encryption. This hides patterns. CBC was the standard mode in TLS for years, but it has a weakness: padding oracle attacks. Weâll cover those when we discuss TLS attacks.
GCM (Galois/Counter Mode): A modern mode that provides both encryption and integrity in one operation. This is called AEAD (Authenticated Encryption with Associated Data). GCM is the preferred mode in TLS today. Itâs fast, parallelizable, and doesnât have the padding issues of CBC.
Symmetric encryption is fast because the operations are simple: XOR, bit shifts, substitutions, and permutations. Modern CPUs have dedicated hardware instructions for AES (called AES-NI). On a modern laptop, AES can encrypt data at several gigabytes per second.
This speed is why TLS uses symmetric encryption for the actual data transfer. After the handshake, every byte of data between your browser and the server is encrypted with AES (or ChaCha20, which weâll cover later).
Symmetric encryption has one massive problem: both sides need the same key.
If youâre encrypting a file on your own computer, thatâs fine. You have the key. But if youâre trying to communicate securely with a server across the internet, how do you get the key to the server? You canât send it over the internet, because thatâs the very channel youâre trying to secure. Anyone eavesdropping would see the key and could decrypt everything.
You canât call the server on the phone and read the key out loud. You canât physically walk to the serverâs data center and hand over a USB drive. These approaches donât scale. You need to establish a shared key with every server you connect to, automatically, in milliseconds.
This is the key distribution problem, and itâs the reason asymmetric encryption exists.