This complete mapping places some constraints on the algorithms that
can be used since the mapping of the E function from the plaintext
onto the ciphertext must be symmetrical with the mapping of the same
function from the ciphertext to the plaintext. When a symmetric key
algorithm is used for sending information the recipient will know
that the data came from the authentic sender if the correct secret
key can be used to decipher the message and it makes sense. This provides
authentication of origin, that is, the technique allows the recipient
to be confident that the identity of the sender is known. As long
as the key really is a secret known only to the authorized sender
and recipient. To ensure that the deciphered data is not gibberish
the plaintext usually contains some easily identifiable pattern so
that it can be checked by a computer.
The protection provided by the symmetric algorithm relies on keeping
the key a secret, confined to those who need to carry out the encipherment
or decipherment of the data. For instance, if this technique was to
be used to provide confidentiality on a piece of data (to protect
it from a disclosure threat), then every object that needed to access
the data would have a copy of the key. If these objects were distributed
around the system then that key would have to be sent to each of the
objects. When symmetric keys need to be distributed this must be done
with confidentiality.
The most widely used symmetric algorithm is known as DES (Data Encryption
Standard) which was originally approved by the US government for commercial
use; though this approval has now lapsed. Since no other algorithms
have been approved (nor are they likely to be) and since a number
of hardware implementations of this algorithm have been produced it
is widely used in Banking and some allied commercial applications.
Symmetric algorithms can be made to work quite fast and are considered
to be quite satisfactory for use on processing quite large amounts
of data for confidentiality and integrity. They are used to protect
information on storage systems as well as during transfer between
computer systems.