What is Asymmetric encryption?

Asymmetric encryption (i.e. public key encryption or public key cryptography), also known as asymmetric cryptography, is used to protect files, directories, and entire devices from unauthorized access and to exchange secret messages. This is done by using keys for encryption and decryption.

Unlike in symmetric encryption, users do not share a common secret key (i.e. a private key) in this method. Instead, each user generates their own key pair which consists of a secret or private key and a public key. Any party with the public key can send encrypted data to the owner of the private key, verify their digital signature, and authenticate them. In turn, the private key can decrypt the encrypted data, generate digital signatures, and provide authentication.

In the following, we explain the idea behind asymmetric encryption, its functions, applications, and potential advantages and disadvantages.

The concept of public key cryptography first emerged in 1975 which makes asymmetric encryption a rather new field in cryptography. Cryptography itself dates back more than 2,000 years. The main advantage of asymmetric encryption is also the greatest disadvantage of symmetric encryption. The communicating parties do not have to agree on a single shared key. Each party has their own additional private key.

The problem with a secret key method (symmetric encryption) is the key exchange. The secret key must reach the recipient; the more communicating parties share a key, the more confusing and time-consuming this exchange becomes, thus, making it more unsecure and vulnerable.

This makes asymmetric cryptography a practical alternative since each user has their own key pair.

When using asymmetric cryptography, each communicating party has a key pair consisting of a public key and a private key. Like keys being held together by a keyring, keys in this cryptosystem are tightly coupled together by a mathematical algorithm. Data encrypted with the public key can only be decrypted with the private key. It is, therefore, crucial that the private key remains secret from all other communicating parties to protect the data and ensure that public key cryptography is carried out securely.

In practice, the person sending the data will always need the recipient’s public key. The public key has a one-way function in encryption. It can encrypt the data, but it cannot then decrypt it. This can only be done by the recipient of the data with their own private key. However, the public key is not just used for encryption. It is also used to verify digital signatures and authenticate communicating parties.

The key is transferred during the initial contact. The private key simultaneously generates digital signatures and can authenticate itself to other communicating parties. In short, asymmetric encryption allows everyone to access a public key but only decrypt it with the private key. This allows for highly secure data exchange.

To start asymmetric encryption, the recipient generates a private and a public key. The communicating partner can access the public key. This simple transfer occurs via a certification authority or a key server where the key has been stored. The sender encrypts their message with the public key and can then send it to the recipient as cipher text. Once this message has been encrypted, it can only be decrypted by the recipient using their private key. Therefore, in principle, you can freely choose which communication channel to use; even if the encrypted message is intercepted by an attacker, its contents will remain secret.

This one-way function is the main idea behind the asymmetric cryptosystem. The two keys are completely independent from one another. Even if an attacker has access to the public key, they cannot use it to draw any conclusions about the private key. To ensure this is the case, the public key uses clearly defined prime factors that are multiplied together and produce an unambiguous result. The following is an example of a calculation the public key might perform:

The private key, on the other hand, works exclusively with the result of this calculation (which is 4,577 in this example). It is almost impossible to draw any conclusions about which factors were used to get this value since there are a countless number of possibilities for how it could have been reached. To this day, there is still no mathematical procedure or algorithm that would simplify this reverse calculation.

Public key cryptography is often used for email traffic, such as with the standard encryption method S/MIME, for digital signatures as well as for cryptographic protocols such as SSL/TLS, SSH, and HTTPS.

Asymmetric cryptosystems can also be combined with symmetric methods. In this case, the keys are first exchanged using asymmetric encryption, but the subsequent communication is then encrypted symmetrically. This hybrid encryption system is used when users want the speed of symmetric cryptography but the security of asymmetric cryptography.

The most popular encryption program is probably Pretty Good Privacy, better known as PGP. It is based on public key cryptography and is used to encrypt emails. In this case, a public and private key are generated upon installation. The public key can then either be personally distributed or stored in a central database. In this database, anyone can search for keys from specific owners. Using the public key, the sender encrypts their data and labels the email or message as being PGP encrypted. The recipient can then use their private key to decrypt it and make it readable again.

Signature methods are always closely tied to public key cryptography. RSA is the best-known method for digital signatures. A signature is the code containing the private key for the message. The sender “signs” their message with RSA and, in this way, adds a layer of security. They can then send the message. The authenticity of the message and identity of the sender are verified by the recipient using their public key.

RSA is regarded as an old but proven signature method. A couple of alternatives that generate and recognize digital signatures using a similar method are DSA (Digital Signature Algorithm) and ElGamal.

A concrete example of cryptographic protocols is encryption with SSL/TLS. This network protocol ensures secure communication, such as between the web server and browser. Simultaneously, it verifies the server’s authenticity. To do so, SSL/TLS uses hybrid encryption (i.e. both asymmetric and symmetric methods). The public key is signed by a certificate authority, and the resulting certificate is encrypted. The certificate can then only be opened by the certificate authority’s public key. To do so, the web server sends its certified public key to the browser, for example, which checks the certificate. If the certificate is valid, the browser generates a symmetric key and sends it to the web server. Both will then use the same shared key for the rest of the SSL/TLS session for the symmetric encryption of their data traffic.

The main disadvantage of public key cryptography is its slow speed of encryption. It also requires significantly more computing power. Therefore, a hybrid system was developed that combines symmetric and asymmetric systems, like the previously mentioned example of SSL encryption. Previous issues such as unsecure authentication and a high vulnerability to malware have since been solved by the use of digital certificates and signatures and ID-based cryptosystems.

To get the best of both worlds, we recommend hybrid encryption. Asymmetric cryptography handles the task of key distribution. This means you can avoid the cumbersome process of distributing keys associated with a symmetric cryptosystem. The result is encryption that is fast, secure, and practical.