Education Center

Asymmetric Encryption

What is Asymmetric Encryption? 

Asymmetric encryption is an encryption technique in which two different yet mathematically linked keys are used to encrypt and decrypt data exchanged between two communicating systems. The two keys are a public key and a private key. The public key is openly available to everyone. The corresponding private key, on the other hand, can only be accessed by the authorized recipient or system. 

The major difference between symmetric and asymmetric encryption is that the symmetric technique uses the same key to encrypt and decrypt data, whereas the asymmetric technique uses two unique keys to encrypt and decrypt data. 

2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations

How Asymmetric Encryption Works

In the example of a browser-server communication, when a browser hits the web server requesting for the website, the server responds to the request by presenting its SSL/TLS certificate embedded with its public key. The browser checks the certificate to verify if the website is legitimate. If there are no issues, generates a pre-master key, encrypts it using the public key of the server and sends it back. On receiving the pre-master key, the server uses the private key linked to the public key to decrypt it. Since the private key is known only to the server and no other unrelated key can decrypt the pre-master key, it is safely transmitted without any unauthorized parties accessing it. Once the client and server, both have the pre-master keys, they individually generate a shared secret called the session key. To verify that both of them have generated the same session key, they send each other messages encrypting with the session key. If they are able to decrypt the messages, then the connection is established and the communication switches to symmetric encryption.

Asymmetric Encryption

Where is Asymmetric Encryption Used?

  • TLS/SSL: The SSL/TLS protocol plays a critical role in securing web communications. The TLS/SSL handshake between a client and a server uses asymmetric encryption to verify the authenticity of the server and establish a secure channel for communication. 

When a user visits a website/web page, the browser initiates an SSL/TLS handshake with the web server that hosts the website. The server sends its SSL/TLS certificate to the client on receiving its request to connect. The client verifies its authenticity. If there are no issues, the client generates a unique “session key,” encrypts it using the server’s public key (that’s found on the certificate), and sends it back to the server. The server decrypts this session key with its private key (known only to it). Once the server and the client both have the session key, the handshake switches to symmetric encryption, where the session key is used to encrypt and decrypt all messages exchanged in that particular session. 

  • Digital Signatures: Asymmetric key encryption is used to sign digital signatures. The purpose of a digital signature is to allow a recipient to verify the identity of the sender and the authenticity of the document or message that is sent. Digital signatures are akin to a physically stamped seal. In this technique, the sender can digitally sign a document and encrypt it with the private key before sending it to the recipient. The recipient can decrypt the digital signature using the sender’s public key and verify that the document is in its original form and has not been altered during transit. 
  • Crypto-currency Transactions: Asymmetric key encryption is also used to digitally sign crypto-currency transactions and ensure only the authorized owners can spend the funds. 

Asymmetric Encryption Algorithms

The most commonly used and popular algorithms for asymmetric encryption are:

  • Diffie-Hellman 

The Diffie-Hellman algorithm is a key exchange mechanism that enables two parties who have never met each other to communicate securely over the internet by agreeing upon a shared secret key without actually transmitting it. As the shared secret is derived from complex modular arithmetic calculations performed separately on both ends, a potential hacker will never be able to decode the shared secret, making it a highly secure encryption technique for internet communication. 

  • Rivest Shamir Adleman (RSA)

RSA encryption uses a product of two large prime numbers to generate a public key and a private key. These prime numbers are discarded after the encryption-decryption process. Factoring out such incredibly large prime numbers and their products to derive the private key pair requires immense processing power, making RSA encryption extremely challenging to break.

  • Digital Signature Algorithm (DSA)

Digital Signature Algorithm (DSA) is used in digital signatures that serve as proof of the sender’s authenticity and message integrity. A sender digitally signs a message using the private key, and the recipient verifies the identity of the sender and the origin of the document using the sender’s corresponding public key.

Apart from these, the other asymmetric algorithms used are Elliptical Curve Cryptography (ECC) and EI Gamal. 

Key Characteristics of Asymmetric Encryption

  • Asymmetric encryption uses two different keys for encryption and decryption, unlike symmetric encryption that uses a single key for both processes.
  • As processing two separate keys takes longer, asymmetric encryption is best suited for encrypting small quantities of data.
  • As encryption and decryption are performed by two different keys, the private key is not shared or revealed during the process. 
  • Private key always remains with a single authorized recipient and is never distributed. Only the public key is distributed when a large number of devices and servers are involved.  
  • Asymmetric encryption uses keys with longer key lengths. Typically, RSA 2048-bit or higher that makes the encryption significantly stronger.

Advantages of Asymmetric Encryption

The biggest advantage of asymmetric encryption over its symmetric counterpart is that it uses two different keys for encryption and decryption. Using two different keys eliminates the need for key sharing between communicating parties. While the public key is available for everyone, the private key is accessed only by a single authorized recipient (or system) and is never transmitted or revealed, which greatly reduces the chances of data compromise due to key theft and also guarantees that the message cannot be altered during transit. As key sharing or distribution is not necessary, asymmetric encryption proves highly effective when a large number of endpoints are involved.

Also, asymmetric encryption uses keys with longer key lengths (up to 4096 bits). Longer key lengths amount to stronger encryption and better data security. 

Drawbacks of Asymmetric Encryption

One of the challenges with asymmetric encryption is its slow speed and resource consumption. As there are two separate keys with longer key lengths involved, the computing power required to process encryption and decryption is much higher when compared to the symmetric technique. Complex computing increases server overhead and eventually results in slow connections. This is why asymmetric encryption is not applied when a large quantity of data is involved. For example, in the case of the SSL/TLS handshake, asymmetric encryption is only used initially during server authentication. Once the connection is established between the web server and the user’s browser (or client), the handshake immediately switches to symmetric encryption for bulk data transmission.

Do you want to manage your machine identities better?