Symmetric and asymmetric: why two types of encryption?
Tech culture
Cuando empezamos a interesarnos en el cifrado, rápidamente nos encontramos con dos tipos de cifrado: simétrico y asimétrico. Más información sobre sus características y usos.
Encryption is one of the solutions to protect yourself and guarantee confidentiality. There are actually two main families: asymmetric encryption (e.g.: RSA, ECDSA) and symmetric encryption (e.g: AES-256). Each has its advantages and disadvantages. To understand the difference and their uses, some history is needed.
The ancient origins of symmetric encryption
The need to keep information confidential, and to make it accessible only to the owners or recipients, has existed for a long time. If we go back to antiquity or to the Roman era, there are already traces of a method still used today: encryption (see the Polybius square or Caesar’s code). The principle is simple, to make data unreadable by substituting and/or swapping the characters in a precise order. This order is indicated by a key held by the sender and the recipient, thus making the information confidential.
With the arrival of computers and their growing power, encryption algorithms have become more complex (several swapping and substitution sequences) and the keys have become longer. Nevertheless, the purpose remains the same: to guarantee that only the key holders can access the data in readable format both when it’s stored (“at rest”) and when it’s exchanged (“in transit”).
In both cases, the same key is usually used to encrypt and decrypt, this is called symmetric encryption also referred to as secret key encryption.
Asymmetric encryption to facilitate key exchanges
Although symmetric encryption is very effective, to be able to communicate confidentially with another system or another user means they must have a copy of the encryption key. In the digital age where computer networks make it possible to communicate easily from one end of the globe to the other, handing over the key in person is an important constraint. To overcome this problem, during the second half of the 20th century, a second type of encryption was created: asymmetric encryption. It also consists of an algorithm, but this time with not one, but two, mathematically linked, keys. When one of the keys is used to encrypt the data, only the other key can decrypt it, and vice versa. By convention, one of the keys is called the “private key” and the other the “public key”.
The idea here is to keep the private key safe and to distribute the public key. Anyone who wants to communicate confidentially with the private key holder can then easily send a symmetric key by first encrypting it using the public key. Only the holder of the private key will be able to decrypt it to establish the encrypted communication using the symmetrical key (much faster to encrypt data).
Two types of encryption that complement each other
These two types of encryption, by themselves or combined, can be found in different use cases.
- Encryption of data at rest or in transit (application, database, file, disk, instant messaging, etc.) using symmetric encryption.
- Secure end-to-end SSL/TLS connections (key exchange and data encryption) by using both asymmetric and symmetric encryption.
- Electronic signature (documents, emails, software, …) using asymmetric encryption associated with a hash function. In that case, it isn’t the document that is encrypted, but an imprint of it obtained using a hash algorithm.
- Authentication using a certificate also uses asymmetric encryption. Since the user is the sole owner of their private key, it can be certified by a trusted third party (commonly known as a Certification Authority) using a certificate that will contain the corresponding public key.
Under the pressure of regulations and the threat of increasingly frequent cyber attacks, the adoption of encryption has become widespread , creating a new area of expertise: data confidentiality management.