Privacy and the protection of it has never been more important than today. It’s therefore important to know at least the core concepts about encryption. You may have heard about symmetric and asymmetric encryption before. In today’s world, you probably have used either of them without knowing it. In this article I’ll outline to you the basics of symmetric and asymmetric encryption in simple terms.
Encryption is a method of changing the data so that only authorized people can understand them. It’s a way of protecting sensible data from unauthorized people. Usually you encrypt your data with a cryptographic key. The result is also called cyphertext.
One of the earliest encryption method is the so called Ceasar’s cipher: You basically have an alphabet that you shift to the left or the right to a certain number of times, so that each letter now corresponds to another letter in the alphabet. Instead of using the “normal” alphabet to write your secret message, you are using the shifted alphabet. Doing so will now obfuscate the original message for anyone who doesn’t know how many times you shifted the alphabet and in which direction. So, the cryptographic key here is the number of shifts and the direction the alphabet was shifted to. In order to decrypt the secret message you only need to “unshift” the alphabet in the other direction the exact number of times you shifted the original alphabet.
For example you shift the alphabet four times to the left so that the D now corresponds to A, the E corresponds to the B, the F corresponds to the C, etc.
Instead of writing “HELLO” the secret message is now “EBIIL”. If you don’t know how many times and in which direction the alphabet was shifted, you wouldn’t know what “EBIIL” means.
However, encryption has come a long way since Ceasar. Modern computers are so powerful nowadays that by using pattern analysis these kinds of encryption methods are not secure by today’s standard anymore. Because of that more secure algorithms have been developed. They can be divided into symmetric and asymmetric algorithms.
In symmetric algorithms the same key is used to encrypt as well as to decrypt data. So both parties need to have the same key. That key have to be kept secret, of course, so third parties can’t encrypt the ciphertext. Therefore symmetric algorithms are also known as “secret key” algorithms.
In the example below, Alice wants to send Bob a secret message. Because she only wants Bob to read it, she decrypts it with her secret key and sends the cyphertext to Bob. Bob needs to decrypt the cyphertext in order to read it. So, he uses his secret key and decrypts it. Both Alice’s and Bob’s key are the same. One is just a copy of the other.
The same process goes if Bob wants to send Alice a secret message, i.e. he has to decrypt his message with his secret key and sends the cyphertext to Alice and Alice has to decrypt it using her secret key.
The advantage of this algorithm is, that it is very fast and straight forward. However, it is not scaleable, because you can’t reuse the secret key for another party, e.g. if Bob wants to send a secret message to Charles, then Bob can’t reuse his secret key that he uses for encryption and decryption of Alice’s messages. Both, Bob and Charles, need to have their own secret key. So, in the end, Bob needs to have as many keys as the amount of person he sends and receives secret messages to. Another disadvantage is that both parties have to have the same secret keys in the first place. If they don’t, they usually have to share it via an unsecured channel, which would make the purpose of security void.
Examples of symmetric algorithms are:
Asymmetric algorithms are also known as “public key” algorithms, because one party needs a public key and a private key. The public key is only used for encryption. While the private key is only used for decryption.
In the example below, if Alice wants to send Bob a secret message, then she needs Bob to first send her his public key. Since the key is public anyway, he can send it to her via any channel, even an unsecured one. Alice then uses Bob’s public key in order to encrypt her message. Once it is encrypted she sends the cyphertext to Bob. Once he receives Alice’s secret message, Bob uses his private key to decrypt Alice’s message.
If Bob wants to send Alice a secret message, then the process is reversed, i.e. he needs the public key of Alice in order to encrypt. And she uses her private key, in order to decrypt Bob’s message.
The asymmetric algorithm is very scaleable, because Bob can send to anyone a secret message as long as he they share their public key with him. He also doesn’t need to keep a key for every party he holds a secret conversation with. The two keys he already has now are sufficient for any future conversations. Once the conversation is over he can throw away their public key and asks for a new one if he wishes to exchange secrete messages again. It’s also very secure because no one needs to share their private keys. The disadvantage though is that every party needs to hold two different keys. Also asymmetric algorithms are in comparison to symmetric algorithms much slower.
Examples of asymmetric algorithms are:
- Elliptic curve cryptography
Encryption can be divided into symmetric and asymmetric algorithms. Symmetric algorithms uses one secret key for every same conversation, but for every different conversation the partys need their own keys. The number of keys is proportional to the number of conversation with different parties. In asymmetric algorithms one party only holds two keys for every conversation. So, the number of keys stays constant in asymmetric algorithms. Both algorithms have their advantages and disadvantages, e.g. speed, scalability, security.
Modern encryption algorithms combine both algorithms in order to combine the advantages of both algorithm types, i.e. they are building a secure connection between both parties via asymmetric algorithm. Once this connection is established they are sharing their secret keys for symmetric encryption of their messages, in order to encrypt faster.
What have been your experience with encryption? What encryption method have you used in the past? Do you have any questions? Comment below and let me know.