Asymmetric Encryption

Asymmetric encryption uses two keys: a public key and a private key. For this reason, asymmetric encryption is sometimes referred to as public key/private key encryption. With asymmetric encryption, one key is used to encrypt, and the other key is used to decrypt. Without asymmetric encryption, modern online business transactions could not take place.

Learning Objectives

You should be able to:

  • Describe key principles of asymmetric encryption
  • Describe uses of asymmetric encryption
  • Recognize two popular asymmetric encryption systems--RSA and Elliptic Curve Cryptography
  • Compare symmetric encryption with asymmetric encryption

Asymmetric Encryption Principles

Two keys are used in asymmetric cryptography: a private key and a public key. The private key should be carefully guarded. The private key typically lives in a file on a computer. Access to that file should be restricted. If the private key is ever disclosed to the public, the private key should be revoked and never used again. Key pairs are generated using random data on computers. Those random numbers are used by programs that generate private keys. The public key can be derived from the private key, but the private key cannot be derived from the public key.

Key Pair Generation

The public key can be shared with anybody. The public key can be published on a website, sent via email, put in a chat, etc. There is no danger in sending a public key. A public key cannot be compromised because it is meant to be shared and gives no clues about the private key's contents.

With symmetric encryption, the same key is used to encrypt and decrypt data. Symmetric encryption is fast and efficient. With asymmetric encryption, one key encrypts and the other key decrypts. If you encrypt data with the public key, only the private key can decrypt the data. If you encrypt data with the private key, the public key can be used to decrypt the data, verifying that the data was encrypted by the only person who has the private key.

Asymmetric Process

Private keys can also be used to digitally sign files. The private key is used to create a digital signature. The signature does not look anything like a penned signature. A digital signature is like a digital fingerprint with a bunch of 0s and 1s. When a file is digitally signed with a private key, everybody can verify the signature with the public key.

Symmetric Key Exchange Process

Before you can send and receive encrypted data with HTTPS (e.g., https://www.google.com), your web browser and the web server need to agree on a temporary symmetric encryption key. Asymmetric encryption is used to share a temporary symmetric key, and once the symmetric key has been shared, all data with be encrypted and decrypted with the symmetric key. Basically, asymmetric encryption bootstraps the encryption process, but symmetric encryption does the bulk of the encryption and decryption.

Important Cryptosystems

Rivest-Shamir-Adleman (RSA) and Elliptic Curve (EC) cryptography are two popular cryptosystems. They are not just one algorithm, but specifications for creating keys, signing files, verifying signatures, and more. RSA is a bit older and battle-tested, but it has some limitations. EC cryptography is increasingly adopted, especially for key exchange processes. RSA's security relies primarily on the difficulty computers have factoring very large numbers. EC cryptography's security relies primarily on the difficulty of finding original plot points on a curved graph. With RSA, keys are computationally expensive to create. With EC, keys are computationally cheap to make.

Symmetric vs Asymmetric Encryption

Symmetric encryption is not "better" than asymmetric encryption. Asymmetric encryption is not "better" than symmetric encryption. They both have important uses.

Asymmetric encryption is good for:

  • Digitally signing files
  • Exchanging temporary keys used for symmetric encryption
  • Verifying who encrypted or signed a file

Symmetric encryption is good for:

  • Fast encryption and decryption
  • Encrypting data on hard drives
  • Encrypting data over a network, like web pages (once a key has been shared with asymmetric encryption)

Reflection

  • Should the government be able to decrypt all encrypted data?
  • Do you trust yourself to protect your private keys?
  • Would you trust online services to hold and protect your private keys?

Key Terms

  • Asymmetric Cryptography: A type of encryption that uses a pair of keys—a public key and a private key. The public key is used for encryption, and the private key is used for decryption. This method allows parties to begin secure communication without the need to share a secret key.
  • Public Key/Private Key Cryptography: Another term for asymmetric cryptography, where a pair of keys—a public key and a private key—are used for encryption and decryption.
  • Key Pair: In asymmetric cryptography, a key pair consists of a public key and a private key. The public key can be shared openly, while the private key must be kept secret. Together, they are used for encryption, decryption, and digital signatures.
  • RSA (Rivest-Shamir-Adleman): A widely used asymmetric cryptographic algorithm that relies on the mathematical properties of large prime numbers. RSA is used for secure data transmission, digital signatures, and key exchange.
  • Elliptic Curve Cryptography (ECC): A form of asymmetric cryptography based on the algebraic structure of elliptic curves over finite fields. ECC provides similar security to RSA but with smaller key sizes, resulting in faster computations and reduced storage requirements.
  • Key Exchange: The process of securely exchanging cryptographic keys between parties. In asymmetric cryptography, key exchange protocols like Diffie-Hellman allow two parties to establish a shared secret key over an insecure channel.
  • Digital Signature: A cryptographic technique that allows a person to prove the authenticity and integrity of a message or document. It involves generating a signature using the sender's private key, which can be verified by anyone with the corresponding public key.