Encryption stands as the cornerstone of data security. But not all encryption is created equal. Two powerful methods, Symmetric and Asymmetric encryption, form the backbone of modern cryptography. Whether you’re sending a confidential email or securing massive data transfers, understanding how these techniques work can empower you to make smarter security choices. Let’s dive into the fascinating world of encryption and uncover the key differences between these two essential approaches.
This is continuation of my previous article on “How Encryption Secures Your Data – for Beginners (Part 1/2)”.
A quick recap, in my previous article I explained how Key bases encryption has become the industry standard for scalable solution to encrypt data.
Key based encryption allows us to use a standard publicly know encryption algorithm to encrypt the same plain text to different cipher text for each recipient.
And as mentioned in my earlier article there are two types of encryptions available as of now Symmetric and Asymmetric.
Symmetric vs Asymmetric Encryption
In Symmetric encryption we use the same key to encrypt and decrypt. We can draw an analogy, suppose you want to send four gift boxes to four different persons, and you have locked each gift box using different lock and key. The recipient can use their individual keys to open respective boxes, at the same time they cannot use the same key to open another person’s box. It is fair enough.
However, in Asymmetric encryption we use different keys to encrypt and decrypt. In line with the above analogy the sender will use one key to lock and the user will have another key to open the box. Interesting isn’t it, we will take a closer look on this as well.
Character map for our algorithm
To explain let’s consider a very simple encryption algorithm.
Let’s consider all the printable characters and assign them a number to represent each character. We will use this character map to explain our encryption algorithm.
Symmetric Encryption
As we know in Symmetric encryption, we use the same key to encrypt and decrypt.
To keep things simple, lets us consider a simple encryption algorithm to move the characters backward based on the key.
For example, let us consider the word WORLD as the plain text that will be encrypted using the secret key, and let the secret key be number 5.
Plaintext: WORLD
Secret Key: 5
As our encryption algorithm is moving letters backward by number of places as represented by the secret key (in this case 5 places backward)
If we move letter W five places backward in the above character map, we end up having letter R. let’s do the same for rest of the letters of our plain text we end up “RJMG?” as the cipher text.
Now if our Encryption algorithm is to move backward number of times represented by our secret key then our Decryption algorithm will be to move forward same number of times as per the secret key.
And in Symmetric encryption we use the same key 5. So I move forward 5 places and we end up getting the plain text.
That’s a simple example of Symmetric encryption. It is to be noted that we used the same key “5” for both encryption and decryption. (This is also known as Caesar Cipher).
Use our online AES Encryption service. https://ivydotnet.com/Products/aes-key-generation-encryption-service
Asymmetric Encryption
In Asymmetric encryption we will still use an encryption algorithm but the keys will be different.
To keep things simple, let us consider the same word WORLD as the plain text that will be encrypted using the secret key, and let the secret key be number 10 .
Plaintext: WORLD
Encrypt Key: 10
If we move letter W ten places backward in the above character map, we end up having letter M. let’s do the same for rest of the letters of our plain text we end up “MEHB:” as the cipher text.
Though it might seem that we can reverse the process to decrypt it and get back the word “WORLD”, that is because our algorithm is too much simplistic.
But in real world Asymmetric encryption algorithm will not allow the reverse process to decrypt.
In Asymmetric encryption algorithm the mathematical feature called the “Trap Door Algorithm” these are mathematical operations that can only be done in one-way we cannot do reverse logic.
So in real world our algorithm should not allow us to do decryption by using the reverse logic operation of going forward direction. Instead we have to go the same direction. In this case to decrypt we need to move further backward in the same direction.
We are going to decrypt our cipher text and use a different key to decrypt it.
Cipher text: MEHB:
Decrypt Key: 84
We move to the same backward direction with a different key of 84 positions on our character map. So, starting with “M” of our cipher text we move 84 positions backward, we end up on our character “W”. Let’s do the same for rest of the letters of our cipher text we end up “MEHB:”
Notice here, that we used two different keys to encrypt and decrypt and we went the same direction in our algorithm (in this case backward direction).
Also understand that the two keys 10 and 84 are mathematically related (paired). As this is our over simplified algorithm, we can use any pair of keys as long as they add up to 94 as per our character map.
What happens when we reverse the keys
Let us do another interesting thing here, let’s reverse the keys and see what happens, that is, if we use 84 as Encryption key and 10 as Decryption key.
By moving the characters 84 places we get a cipher text as “aY\VN”.
And in the in the same way when we decrypt with 10 we get back the plain text.
The important point we are trying to make here is that in Asymmetric encryption we can encrypt with one key and can be decrypted only with the corresponding other key, and it works in either direction. And the two key pairs are mathematically related.
In our example is over simplified algorithm and anyone can guess the other key if they know one of the key. But in real life scenario it is next to impossible to derive one key based on the other.
Public Key and Private Key
In the industry they take the two keys and label one of them as “Public Key” and the other as “Private Key”. The public key is shared where as the private key is kept as secret.
In this way anyone can send you an encrypted message using your public key, but only you will be able to decrypt it with your private key.
- Therefore, in Asymmetric encryption, there are two keys involved, and they are mathematically related.
- One of the key will be used to encrypt and only the other key can decrypt.
- One key will be made as Public key and will be shared with others.
- Whereas the other key will be made as Private key and will secret.
There are lots of use case scenarios on where and how to use public and private keys. We will discuss it in detail sometime later. As of now let’s continue with the comparison between Symmetric and Asymmetric algorithms.
Compare Symmetric and Asymmetric algorithms
- One of the primary strength of Symmetric encryption is that it is faster as compared to Asymmetric encryption. It needs less CPU resources. Whereas Asymmetric encryption is slower and require large Key size.
- Another interesting thing in Symmetric encryption is that the Cipher text it produces is almost of same size of plain text. Whereas Asymmetric encryption has this property of Cipher text expansion, which is much larger than the original plain text.
- One of the weakness of Symmetric encryption is that it needs to share the same key and that leads a security risk. We need to find out ways to share the same key across. Whereas Asymmetric encryption never require to share the private key. Therefore Symmetric encryption is less secured than Asymmetric encryption.
- Symmetric encryption is generally used for large volume data, whereas Asymmetric encryption is used for smaller but more sensitive data, which needs more security.
These strength and weaknesses make Symmetric and Asymmetric encryption ideal for different use cases.
Symmetric encryption is good for bulk data, whereas Asymmetric encryption is used for small data which required more security.
Some of the common symmetric encryption algorithms:
| Algorithm | Key Length | Description |
| AES (Advanced Encryption Standard) | 128, 192, or 256 bits | Widely used, highly secure, and efficient. Standard for government and industry data protection. |
| DES (Data Encryption Standard) | 56 bits | An older standard, now considered insecure due to short key length. Paved the way for modern methods. |
| 3DES (Triple DES) | 112 or 168 bits | Applies DES three times for increased security. Slower and less secure than modern algorithms. |
| Blowfish | Variable (32 to 448 bits) | Fast and flexible; commonly used in software. Gradually replaced by newer algorithms. |
| Twofish | Up to 256 bits | Successor to Blowfish; more secure and efficient. Finalist in the AES competition. |
| RC4 (Rivest Cipher 4) | Variable (up to 2048 bits) | Stream cipher, once popular in WEP and SSL. Known vulnerabilities led to its decline. |
| IDEA (International Data Encryption Algorithm) | 128 bits | Used in older PGP versions; relatively secure but less common today. |
| Serpent | 128, 192, or 256 bits | AES finalist with a high level of security but slower than AES. |
| CAST-128 and CAST-256 | 40 to 128 bits (CAST-128); up to 256 bits (CAST-256) | Secure and efficient algorithms used in various applications. |
| Skipjack | 80 bits | Developed by the NSA, once used in the Clipper chip. Less common today due to stronger alternatives. |
Some of the common asymmetric encryption algorithms:
| Algorithm | Key Length | Description |
| RSA (Rivest-Shamir-Adleman) | 1024 to 4096 bits | One of the most widely used asymmetric algorithms. It uses large key sizes and is fundamental to many secure communications. |
| ECC (Elliptic Curve Cryptography) | 160 to 512 bits | Offers similar security to RSA but with smaller key sizes, making it faster and more efficient. Popular for mobile and IoT devices. |
| DSA (Digital Signature Algorithm) | 1024 to 3072 bits | Primarily used for digital signatures, ensuring data integrity and authenticity. |
| ElGamal | Variable (2048 bits and higher recommended) | Used for both encryption and digital signatures. It is secure but less efficient compared to RSA. |
| Diffie-Hellman | Variable (2048 bits and higher recommended) | Primarily used for secure key exchange rather than encryption of messages. Essential in protocols like SSL/TLS. |
| PAKE (Password-Authenticated Key Exchange) | Variable | Protocols like SRP (Secure Remote Password) fall under this, focusing on secure key exchange using password-based authentication. |
