Symmetric cryptography

- [Instructor] Hello again. It's time for us to build our foundation and dive into the two main types of cryptography. We've got symmetric and asymmetric. At a high level, symmetric cryptography is all about leveraging the same key to both encrypt and decrypt. While asymmetric cryptography is just about the opposite, as it uses two separate keys called a key pair, one to encrypt and the other to decrypt. To begin, let's talk about symmetric cryptography. What comes to mind when you think of the word symmetric or symmetry? Perhaps you think of shapes or even us as humans having attributes of being divided into identical or similar parts. Well, symmetric cryptography relates to having the same key on both sides. There are a few key concepts you'll need to know. It's true, symmetric can be generically defined as identical or same. We'll be focusing on how the encryption and decryption process works using the same key concept. Symmetric cryptography goes by the alias of secret key encryption, which is especially important as you study to take your exam. What better way to kick off then by sharing the best part early as to why symmetric cryptography is still in use today? Because it is computationally fast, that means that it has lightning fast processing speeds on large amounts of data, and who doesn't want that? It enhances our experience and performance. I'll provide an example, explain the strengths and weaknesses, and highlight the algorithms associated with it. Now let's review how this process really works. We have a sender and a receiver who both possess the same shared key. Our sender has a plaintext message he would like to send. The sender will convert it to ciphertext by encrypting it with the key. That message is sent over the public internet via email and successfully arrives at its destination. You may recall that a symmetric algorithm or mathematical recipe is being executed in the background to convert it to a character or binary notation. Once received, the receiver will take the same key to decrypt the message from ciphertext back to plaintext. Voila, there you have it. A message exchange that protects the confidentiality of the information shared between our sender and receiver. Even if intercepted by prying eyes like a hacker, they couldn't read the contents of the message. As you can see, it would be dangerous to send a key with the message or even separately without keeping it protected. We'll later discuss other modes of transmitting and protecting this key so that it always remains a secret. Let's keep on these symmetric-based concepts. Symmetric cryptography has a few limitations. First, it requires a secure initial key exchange, and as much as we would like to think the internet is secure, it simply isn't, at least not without extra precautions. In this case, we would need to use an out-of-band key exchange. This means we're going to meet face-to-face, write it on paper and mail it, or use our phones. In the age of artificial intelligence, we certainly can see how voices can be imitated. Also, remote work limits the ability to exchange in person, and mailing it may not be efficient either. Second, symmetric cryptography is not scalable for large organizations or networks. In the example, we needed one key for only two people. However, the max number of unique keys required is N multiplied by N - 1 divided by 2, where N equals the number of people involved. This creates overhead because it grows exponentially the more people that we need to share information with. What's most important is that symmetric cryptography accomplishes the security goal of preserving confidentiality. Confidentiality ensures that the data, objects, and resources are protected from unauthorized viewing. Next, I'll share an elementary level example of both out-of-band key exchange and key requirements. Lecture 1 then looked at ideally what is required to exchange a key before any messages can be sent? Our sender must first send the key across a secure channel. Imagine that he didn't like the out-of-band options we just reviewed and decided to send it over the internet via email. This space is untrusted, and we'll discuss better mechanisms for establishing trust as we move forward. However, for now, our recipient receives the email and saves the key. All good, right? Not so fast. As you may have guessed, they have made themselves vulnerable to a cryptographic attack. What if someone known as a man-in-the-middle or a hacker suits yourself on a name was eavesdropping or listening in on that same channel? This means that someone now has in their possession a copy of the same key. Unbeknownst to the sender and receiver, they're now using a compromised key. When they send messages that are encrypted with that key back and forth via email, there's someone also able to decrypt their messages and access that information. It's no longer a secret anymore, and we can no longer guarantee confidentiality. We'll discuss ways to fill this gap later in this course.