Symmetric vs Asymmetric Encryption
Overview
Encryption techniques can be broadly categorized as either symmetric or asymmetric. Each has a specific use case, but they are often used together.
- Symmetric encryption: A single key is used to encrypt and decrypt. The simplicity of this design results in much lower encryption/decryption overhead, which enables this encryption technique to be used for much larger payloads.
- Asymmetric encryption: One key is used to encrypt, while another key is used to decrypt. The complexity of this design results in a much higher encryption/decryption overhead, which restricts this encryption technique to be used for much smaller payloads.
These two encryption techniques are often used together in a mechanism called key exchange. The most prevalent example of key exchange:
- TLS protocol: The protocol that is used to secure your connection to this website uses a key exchange mechanism. The TLS protocol’s handshake is a mechanism to agree upon a symmetric key to use for encrypting the payload to and from server (Software.Land) and client (you).
Table of Contents
Comparison
| Symmetric | Asymmetric | |
|---|---|---|
| Time Complexity | Typically O(N) | Typically O(N2) to O(N3) |
| Use Case | Suitable for large amounts of data, given the scalability (i.e. time complexity) of symmetric algorithms. | Suitable for small amounts of data. Often used for secure key exchange (of symmetric keys). |
| Examples (Key Algorithms) | AES, DES, 3DES, RC4. | RSA, ECC (Elliptic Curve Cryptography), DSA (Digital Signature Algorithm). |
| Key Distribution | Same private key must be shared between all encrypting/decrypting parties. | Public key can be openly shared, making key distribution easier. |
| Key Length | Shorter (e.g. 128 or 256-bit AES) | Longer (e.g. 2048 or 4096-bit for RSA) |
Symmetric Encryption
The landscape of symmetric cryptographic algorithms is vast. The table above mentions some of the most common. The structures of these algorithms can vary significantly, and each one merits its own post.
Having a single private key for both decrypting and encrypting has its advantages and disadvantages. There’s only one key to manage, but if an unauthorized party gains access to that one key, anything that was encrypted with it will become accessible.
Today, AES-256 is the most common and secure symmetric key algorithm and it is quantum resistant.
Asymmetric Encryption
Asymmetric cryptography requires larger keys compared to symmetric keys. This is due to the fundamental difference in the underlying logical structure behind the key’s creation. This structure is typically based on a mathematical problem that is easy to perform in one direction, but difficult to reverse without the private key. An exception to this rule is the McEliece Cryptosystem, which is a quantum-resistant asymmetric algorithm currently being evaluated as a replacement for the asymmetric algorithms in use today (see examples in Comparison table above). McEliece is based on coding theory, rather than number theory.
Digital Signatures
Asymmetric keys can be used to either encrypt or sign. In the case of signing, the private key is used to create a signature, and the public key is used to validate the identity of the sender. This is one way of validating the identity of a sender in a distributed system. This is in contrast to encryption, where the public key is used for encryption and the private key is used for decryption.
Conclusion
Both Symmetric and Asymmetric keys are very complex from the perspective of their cryptographic solutions. This is in contrast to how easy it is to use them. Their use cases are vastly different, but they can work well together in a mechanism known as key exchange. This is the same mechanism that is used when you view this website.
Author
Sam Malayek works in Vancouver, using this space to fill in a few gaps. Opinions are his own.