Conventional encryption uses a single key that is shared between the sender and receiver to both encrypt and decrypt messages. The sender uses the key to encrypt the plaintext message into ciphertext, and the receiver uses the same key to decrypt the ciphertext back into plaintext. While simple and fast, conventional encryption has disadvantages in that it cannot guarantee the origin or authenticity of messages, is less secure than public key encryption, and does not scale well for large numbers of users as each pair of users must agree upon a shared key.