###### Books / Practical Cryptography for Developers (Unfinished) / Chapter 6a

# Symmetric Key Ciphers

**Symmetric key ciphers** (like **AES**, **ChaCha20**, **RC6**, **Twofish**, **CAST** and many others) use the same key (or password) to **encrypt** and **decrypt** data. They are often used in combination with other algorithms into a **symmetric encryption schemes** (like **ChaCha20-Poly1305** and **AES-128-GCM** and **AES-256-CTR-HMAC-SHA256**), often with password to **key derivation** algorithms (like **Scrypt** and **Argon2**). Symmetric key ciphers are **quantum-resistant**, which means that powerful quantum computers will not be able to break their security (when big enough key lengths are used). Symmetric ciphers can encrypt data coming as blocks of fixed size (**block ciphers**) or data coming as a sequence of bytes (**stream ciphers**). Block ciphers can be transformed to stream ciphers by certain constructions, known as “**block cipher modes** of operation”.

## Symmetric Encryption / Decryption

**Symmetric encryption** and decryption uses a **secret key** or passphrase (to derive the key from it). The **secret key** used to encrypt and decrypt the data is usually 128 bits or 256 bits and is called “**encryption key**”. Sometimes it is given as hex or base64-encoded integer number or is derived through a **password-to-key derivation scheme**.

When the input data is encrypted, it is transformed to **encrypted ciphertext** and when the ciphertext is decrypted, it is transformed back to the original input data.

## Symmetric Encryption Uses a Set of Algorithms

It is important to know as a concept that symmetric-key encryption algorithms usually do not work standalone. They work together with other related crypto algorithms, into a **symmetric encryption scheme** / **symmetric encryption construction**.

In most encryption schemes an **encryption** is combined with password to **key derivation** algorithm and **message authentication** scheme (see authenticated encryption). Typically a symmetric encryption procedure uses a sequence of steps, involving different crypto algorithms:

**Password-to-key derivation**algorithm (like Scrypt or Argon2): to allow using a password instead of a key and to make password cracking hard and slow to be performed.**Block to stream cipher transformation**algorithm (block cipher mode like**CBC**or**CTR**) +**message padding**algorithm like**PKCS7**(in some modes): to allow encrypting data of arbitrary size using a block cipher algorithm (like**AES**).**Block cipher algorithm**(like**AES**): to securely encrypt data blocks of fixed length using a secret key.**Message authentication**algorithm (like**HMAC**): to check whether after decryption the obtained result matches the original message before the encryption.

Later in this section we shall give **more details and examples** about how to configure and use symmetric block ciphers (like AES) along with the all above described algorithms to securely encrypt and decrypt messages of arbitrary size.