Symmetric Key Encryption

One method of secure communications is symmetric key encryption. The encryption key can be calculated from the decryption key and the decryption key can be calculated from the encryption key. A diagram of the cryptosystem is presented below:

The protocol is described below:

The sender and receiver agree on a how the key will encrypt / decrypt data.
The sender and receiver agree on a symmetric key.
The sender uses the key to encrypt a message.
The sender sends the encrypted message to the receiver.
The receiver uses the symmetric key to decrypt the message.

Symmetric key encryption is used for authentication and exchange of secret data on the world wide web. The world wide web uses this application because:

People want to keep their data confidential. They don't want to advertise personal information like their credit card number.
Hackers are out there and they will try to take your data and use it for their evil purposes.
Anyone can tap into the communications on the world wide web, so it is open to attacks.

There are several advantages to this approach.

The algorithms are highly efficient. They are not time consuming to execute.
The information is authentic because the information with one symmetric key can only be decrypted with the same key.
The sender and receiver know that they are talking to each other if the symmetric key has not been exposed.

However, there are several disadvantages to the symmetric key approach.

The keys must be distributed to the sender and receiver in secret. If an attacker intercepts the key, they will be able to decrypt the messages that are being sent from the sender to the receiver.
If the key is compromised, then an attacker can easily decrypt any message that goes from the sender to the receiver.
Assuming that each pair of users needs a symmetric key, it will take many keys to guarantee secure communications. For example, 5 users require 10 keys, 10 users require 45 keys, 100 users will require 4950 keys. N users will need N(N-1)/2 keys. This is a problem because of the large number of keys that would be needed to support users..

A note on the number of keys is presented for clarification. A simple example of 5 users is presented.

If there are 5 users, then each individual user can talk to 4 other people.
The combinations of communications are summarized as follows. Person 1 can talk to Persons 2, 3, 4, and 5. Person 2 can talk to Person 1, 3, 4, 5. Person 3 can talk to Persons 1, 2, 4, and 5. Person 4 can talk to Persons 1, 2, 3, and 5. Person 5 can talk to Persons 1, 2, 3, and 4. Therefore each person can talk to 4 other people. There are five people, so there are 20 total possible communications.
Whenever there is a communication between 2 people, it requires a single key. However, when Person 1 talks to Person 2, this uses the same key as when Person 2 talks to Person 1. When Person 1 talks to Person 3, it uses the same key as when Person 3 talks to Person 1. Therefore, when all of the combinations are counted, it can be seen that the following unique communication path exists: Person 1 and Persons 2, 3, 4, and 5 talking, Person 2 and Persons 3, 4, and 5 talking, Person 3 and Persons 4, and 5 talking. Person 4 and Person 5 talking. Therefore, there are 10 unique combinations and 10 keys required.

The reason that N users require N(N-1)/2 keys is because of the following.

If there are N users, then each individual user can talk to N - 1 other people. There is no reason to talk to yourself, so that's why it is N - 1 users.
The total number of possible communications is therefore N(N-1). This covers all the combinations.
Each communication between 2 users requires one key. However, when person N talks to person N-1, it uses the same key as when Person N-1 talks to Person N. This implies the total number of unique combinations is half of what was determined in the previous step. Therefore, N(N-1)/2 keys are required.

One method of solving the problem of so many keys is to use public key cryptography.

For more information:

"Private Key Cryptography" by David Cyganski is available at http://www.ece.wpi.edu/infoeng/textbook/node212.html. February 17, 1998.