Symmetric vs. Asymmetric Encryption
Cryptographic systems are currently divided into two major fields of study: symmetric and asymmetric cryptography. While symmetric encryption is often used as a synonymous of symmetric cryptography, asymmetric cryptography embraces two primary use cases: asymmetric encryption and digital signatures.
Therefore, we may represent these groups as follows:
- Symmetric key cryptography
- Symmetric encryption
- Asymmetric cryptography (or public key cryptography)
- Asymmetric encryption (or public key encryption)
- Digital signatures (may or may not include encryption)
This article will focus on symmetric and asymmetric encryption algorithms.
Symmetric vs. asymmetric encryption
Encryption algorithms are often divided into two categories, known as symmetric and asymmetric encryption. The fundamental difference between these two methods of encryption relies on the fact that symmetric encryption algorithms make use of a single key, while asymmetric encryption makes use of two different but related keys. Such a distinction, though apparently simple, accounts for the functional differences between the two forms of encryption techniques and the ways they are used.
Understanding encryption keys
In cryptography, encryption algorithms generate keys as a series of bits that are used for encrypting and decrypting a piece of information. The way in which those keys are employed accounts for the difference between symmetric and asymmetric encryption.
While symmetric encryption algorithms use the same key to perform both the encryption and decryption functions, an asymmetric encryption algorithm, by contrast, uses one key to encrypt the data and another key to decrypt it. In asymmetric systems, the key used for encryption is known as the public key and can be freely shared with others. On the other hand, the key used for decryption is the private key and should be kept in secret.
For example, if Alice sends Bob a message that is protected by symmetric encryption, she needs to share the same key she used for encryption with Bob so that he can decrypt the message. This means that if a malicious actor intercepts the key, they are able to access the encrypted information.
However, if Alice uses an asymmetric scheme instead, she encrypts the message with Bob’s public key, so Bob will be able to decrypt it with his private key. Thus, asymmetric encryption offers a higher level of security because even if someone intercepts their messages and finds Bob’s public key, they are not able to decrypt the message.
Another functional difference between symmetric and asymmetric encryption is related to the length of the keys, which are measured in bits and are directly related to the level of security provided by each cryptographic algorithm.
In symmetric schemes, the keys are randomly selected, and their lengths are usually set at 128 or 256 bits, depending on the required level of security. In asymmetric encryption, however, there must be a mathematical relationship between the public and private keys, meaning that there is a mathematical pattern between the two. Due to the fact that this pattern can potentially be exploited by attackers to crack the encryption, asymmetric keys need to be much longer to present an equivalent level of security. The difference in key length is so pronounced that a 128-bit symmetric key and a 2,048-bit asymmetric key offer roughly similar levels of security.
Advantages and disadvantages
Both types of encryption have advantages and disadvantages relative to one another. Symmetric encryption algorithms are much faster and require less computational power, but their main weakness is key distribution. Because the same key is used to encrypt and decrypt information, that key must be distributed to anyone who would need to access the data, which naturally opens up security risks (as previously illustrated).
Conversely, asymmetric encryption solves the problem of key distribution by using public keys for encryption and private keys for decryption. The tradeoff, however, is that asymmetric encryption systems are very slow by comparison to symmetric systems and require much more computing power as a result of their vastly longer key lengths.
Because of its greater speed, symmetric encryption is widely used to protect information in many modern computer systems. For example, the Advanced Encryption Standard (AES), is used by the United States government to encrypt classified and sensitive information. The AES replaced the previously Data Encryption Standard (DES), which was developed in the 1970s as a standard for symmetric encryption.
Asymmetric encryption can be applied to systems in which many users may need to encrypt and decrypt a message or set of data, especially when speed and computing power are not primary concerns. One example of such a system is encrypted email, in which a public key can be used to encrypt a message, and a private key can be used to decrypt it.
In many applications, symmetric and asymmetric encryption are used together. Typical examples of such hybrid systems are the Security Sockets Layer (SSL) and the Transport Layer Security (TLS) cryptographic protocols, which were designed to provide secure communication within the Internet. The SSL protocols are now considered insecure and its use should be discontinued. In contrast, the TLS protocols are deemed safe and have been extensively used by all major web browsers.
Do cryptocurrencies use encryption?
Encryption techniques are used in many cryptocurrencies wallets as a way to provide increased levels of security to the end-users. Encryption algorithms are applied, for example, when users set up a password for their cryptocurrency wallets, which means the file used to access the software was encrypted.
However, due to the fact that Bitcoin and other cryptocurrencies make use of public-private key pairs, there is a common misconception that blockchain systems make use of asymmetric encryption algorithms. As previously noted, though, asymmetric encryption and digital signatures are two major use cases of asymmetric cryptography (public key cryptography).
Therefore, not all digital signature systems make use of encryption techniques, even if they present a public and a private key. In fact, a message can be digitally signed without being encrypted. The RSA is one example of an algorithm that can be used for signing encrypted messages, but the digital signature algorithm used by Bitcoin (named ECDSA) does not use encryption at all.
Both symmetric and asymmetric encryption play important roles in keeping sensitive information and communications secure in today's digitally dependent world. Though both can be useful, they each have their own advantages and disadvantages and so are put to different applications. As the science of cryptography continues to evolve to defend against newer and more sophisticated threats, both symmetric and asymmetric cryptographic systems will likely remain relevant to computer security.