Cryptography is currently divided into two main research areas: symmetric cryptography and asymmetric cryptography. Symmetric cryptography is often synonymous with symmetric encryption, and asymmetric cryptography includes two main use cases: asymmetric encryption and digital signatures.

Therefore, we can group these concepts as follows:

  • Symmetric key cryptography

    • Symmetric encryption

  • Asymmetric cryptography (or public key cryptography)

    • Asymmetric encryption (or public key encryption)

    • Digital signature (may or may not include encryption)

This article will focus on symmetric and asymmetric encryption algorithms.


Symmetric vs Asymmetric Encryption

Cryptographic algorithms are often divided into two categories, known as symmetric and asymmetric encryption. The fundamental difference between these two types of encryption algorithms is that symmetric encryption algorithms use a single key, while asymmetric encryption uses two different but related keys. This description of the difference, although very simple, clearly explains the difference in functionality and usage between the two encryption technologies. .


Understanding encryption keys

In cryptography, an encryption algorithm generates a few-bit key that is used to encrypt and decrypt a message. The way these keys are used also illustrates the difference between symmetric and asymmetric encryption.

While symmetric encryption algorithms use the same key to perform both encryption and decryption, asymmetric encryption algorithms, on the other hand, use one key to encrypt data and another key to decrypt it. In an asymmetric encryption system, the key used for encryption is called the public key and can be shared with others. On the other hand, the key used for decryption is the private key and should be kept secret.

For example, if Alice sends Bob a message encrypted using a symmetric algorithm, she needs to share the encryption key she used to encrypt it with Bob so that he can decrypt the message. This means that if a malicious actor intercepts the key, they can easily access the encrypted information.

However, if Alice uses an asymmetric encryption algorithm, she encrypts the message using Bob's public key, and Bob can decrypt the message using his private key. Therefore, asymmetric encryption provides a higher level of security because even if someone intercepts their message and obtains Bob's public key, they will not be able to decrypt the message.


Key length

Another functional difference between symmetric and asymmetric encryption has to do with the length of the key, which is measured in bits and is directly related to the level of security provided by each encryption algorithm.

In symmetric encryption, the key is randomly chosen and its length is usually set to 128 or 256 bits, depending on the desired level of security. In asymmetric encryption, however, the public and private keys are mathematically related, meaning there is an arithmetical connection between the two. An attacker could exploit this pattern to crack the ciphertext, so asymmetric keys require longer key lengths to provide the same level of security. The difference in key length is so significant that a 128-bit symmetric key and a 2,048-bit asymmetric key provide roughly the same level of security.

 

Comparison of advantages and disadvantages

There are different advantages and disadvantages between these two different types of encryption algorithms. Symmetric encryption algorithms are fast and require fewer computing resources, but their main disadvantage is the distribution of keys. Because the same key is used when encrypting and decrypting information, the key must be distributed to those who need to access the data, which also brings security risks (as mentioned above).

In contrast, asymmetric encryption uses a public key for encryption and a private key for decryption, solving the key distribution problem. However, the trade-off is that asymmetric encryption systems are very slow compared to symmetric encryption and require more computing resources due to their very long key lengths.


Applications

Symmetric encryption

Symmetric encryption is widely used in modern computer systems to protect information due to its faster operation speed. For example, the U.S. government uses the Advanced Encryption Standard (AES) to encrypt and classify sensitive information. AES replaced the previous Data Encryption Standard (DES), which was developed in the 1970s and has been the standard for symmetric encryption.


Asymmetric encryption

Asymmetric encryption is often used in systems where a large number of users need to encrypt and decrypt messages or data simultaneously, especially when speed and computing resources are sufficient. A common example of such a system is encrypted email, where a public key can be used to encrypt a message and a private key can be used to decrypt it.


Hybrid encryption system

In many applications, symmetric and asymmetric encryption are used together. A typical example of such a hybrid system is the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protocols, which are used to provide secure communications within the Internet. The SSL protocol is now considered insecure and should be discontinued. In contrast, the TLS protocol is currently considered secure and is widely used by major web browsers.


Do cryptocurrencies use cryptography?

The encryption technology used in many cryptocurrencies provides an additional level of security to the end user. For example, when a user sets a password for their crypto wallet, an encryption algorithm is used, which encrypts the files used to access the software through cryptography.

However, due to the use of public and private keys by Bitcoin and other cryptocurrencies, there is a common misconception that blockchain systems use asymmetric cryptography algorithms. As mentioned earlier, asymmetric encryption and digital signatures are the two main use cases of asymmetric cryptography (public key cryptography).

Therefore, not all digital signature systems use cryptography, even if they do use public and private keys. In fact, it is possible to digitally sign a message without encrypting it. RSA is an example algorithm used to sign encrypted messages, but the digital signature algorithm used by Bitcoin (called ECDSA) does not use cryptography at all.


Concluding Thoughts

In today's digital age, symmetric and asymmetric encryption play an important role in protecting sensitive information and network communications. Although both are very useful, they also have their own advantages and disadvantages, and are therefore suitable for different application scenarios. With the continuous development of cryptography, which can better defend against various new and complex threats, symmetric and asymmetric encryption are also closely related to computer security.