Exploring the differences between symmetric and asymmetric Encryption
20 Oct, 2022 6 min read
Data encryption goes back to ancient civilisations that used forms of message concealment, in peace as well as in wartime. The Egyptians used Disordered Hieroglyphics, the Greeks Steganography, the Spartans Scytale and the Romans, the Caesar Shift Cypher.
While these basic methods laid the foundations for modern cryptography, what has evolved are two fundamental approaches based on complex mathematics: symmetric and asymmetric encryption.
While these basic methods laid the foundations for modern cryptography, what has evolved are two fundamental approaches based on complex mathematics: symmetric and asymmetric encryption.
What is symmetric encryption?
The Caesar Cipher is an example of symmetric encryption, designed to ensure that plain text is replaced by ciphertext, appearing to be gibberish. The message sender uses an algorithm and ‘key’ to encrypt it and the recipient reverses the processes, using the same algorithm and key.
A simple algorithm could be shifting the alphabet by a specific number of places: a key of 3 means letter A would be replaced with D, and so on. All modern forms of symmetric cryptography are based on this principle. However, there are security problems because the person encrypting the message must be able to deliver the key to the recipient safely. If anyone else acquires it and knows the algorithm, they can decrypt the message along with anyone else who has that information.
A simple algorithm could be shifting the alphabet by a specific number of places: a key of 3 means letter A would be replaced with D, and so on. All modern forms of symmetric cryptography are based on this principle. However, there are security problems because the person encrypting the message must be able to deliver the key to the recipient safely. If anyone else acquires it and knows the algorithm, they can decrypt the message along with anyone else who has that information.
What is asymmetric encryption?
To overcome this, researchers came up with ‘public key’ or asymmetric encryption, using complicated mathematics to create two tightly connected keys per person. One is public and the other is private. If Bob encrypts a message using Alice’s public key, she can decrypt it using her private key, hence the asymmetry. Alice can give everyone her public key so that they can all send encrypted messages to her. This is quite safe because only Alice can decrypt her messages with her private key which she keeps secret.
How does asymmetric encryption work?
To encrypt data so that only the intended person can read it, we need a reliable and secure way of finding their public key. If a malicious individual, Villanelle, manages to send her public key to Bob while pretending it’s Alice’s public key, then Villanelle can decrypt Bob’s message to Alice. Villanelle can then re-encrypt the message using Alice’s real public key and send it on so nobody notices the interception.
How does PKI encryption secure everything?
This is where PKI - Public Key Infrastructure - comes in, which addresses the problem of identity. Identity is at the core of PKI - and being able to identify an individual is all about trust. PKI uses the same principle as having a passport but instead employs digital certificates, ‘signed’ by a Certificate Authority (CA). Everyone needing to share or exchange encrypted data needs to trust the CA. The CA is similar to the government passport authority which issues your passport.
So, Alice, Bob and Villanelle all have certificates containing their public keys signed by their common CA. The signature uses the encryption process above but in reverse. The CA has its own public and private keys and uses its private key to encrypt (or sign) everyone else’s public keys. The resulting signatures are contained in digital certificates. Bob can retrieve Alice’s public key by obtaining her digital certificate from a directory service, secure in the knowledge that this is Alice’s true identity.
So, Alice, Bob and Villanelle all have certificates containing their public keys signed by their common CA. The signature uses the encryption process above but in reverse. The CA has its own public and private keys and uses its private key to encrypt (or sign) everyone else’s public keys. The resulting signatures are contained in digital certificates. Bob can retrieve Alice’s public key by obtaining her digital certificate from a directory service, secure in the knowledge that this is Alice’s true identity.
Asymmetric encryption performance
Asymmetric encryption is significantly slower than symmetric. To resolve the speed issue, there is a combined approach. Each file is encrypted using a very large symmetric key. The process is fast, employing hardware instructions that are incorporated into modern CPUs.
If Alice wants to encrypt a file called Customerdetails.xls, for example, so that both she and Bob can decrypt and work on it, she generates a random symmetric key and the Customer Details file is encrypted using it. Alice retrieves her and Bob’s certificates and through them, both their public keys. She encrypts the symmetric key using her and Bob’s public keys.
Alice now has a file that is useless for anyone other than herself and Bob. They use their private keys to decrypt the symmetric key and then use the symmetric key to decrypt the Customer Details file. Fast symmetric encryption is used to process bulk information, while slower asymmetric encryption secures just a small amount of data.
If Alice wants to encrypt a file called Customerdetails.xls, for example, so that both she and Bob can decrypt and work on it, she generates a random symmetric key and the Customer Details file is encrypted using it. Alice retrieves her and Bob’s certificates and through them, both their public keys. She encrypts the symmetric key using her and Bob’s public keys.
Alice now has a file that is useless for anyone other than herself and Bob. They use their private keys to decrypt the symmetric key and then use the symmetric key to decrypt the Customer Details file. Fast symmetric encryption is used to process bulk information, while slower asymmetric encryption secures just a small amount of data.
Importance of using the right type of encryption
You could believe with the evolution and plethora of encryption products available, we have it cracked. But it’s not as simple as that.
For comprehensive data protection, we must recognise the most innocuous-looking information could help ‘bad guys’ build personal profiles for fraud. All data must be encrypted all the time, in all locations: at rest, in motion and in use.
The exponential growth in remote working enforced by COVID-19 means we must be particularly sure that information is useless if in the wrong hands, whether by accident, insider theft or ransomware attack.
Ubiquitous encryption needs to be fast and invisible to the user, removing the human element entirely. The only way to do this is through transparent, authenticated encryption operating at the file system level. There is no disruption to the way people and applications work. If you want to edit a spreadsheet, it’s opened normally. Finding keys, decrypting and encrypting happens behind the scenes, removing user decisions and ensuring that data is always strongly protected.
Ancient history showed us the way and had we thought more about protecting data and less about preventing access to it with firewalls, user controls and other ‘castle and moat’ techniques, modern information security may have been very different. We now have the knowledge, technology and processing power to deliver encryption to protect all the data all of the time with SecureAge Security Suite.
For comprehensive data protection, we must recognise the most innocuous-looking information could help ‘bad guys’ build personal profiles for fraud. All data must be encrypted all the time, in all locations: at rest, in motion and in use.
The exponential growth in remote working enforced by COVID-19 means we must be particularly sure that information is useless if in the wrong hands, whether by accident, insider theft or ransomware attack.
Ubiquitous encryption needs to be fast and invisible to the user, removing the human element entirely. The only way to do this is through transparent, authenticated encryption operating at the file system level. There is no disruption to the way people and applications work. If you want to edit a spreadsheet, it’s opened normally. Finding keys, decrypting and encrypting happens behind the scenes, removing user decisions and ensuring that data is always strongly protected.
Ancient history showed us the way and had we thought more about protecting data and less about preventing access to it with firewalls, user controls and other ‘castle and moat’ techniques, modern information security may have been very different. We now have the knowledge, technology and processing power to deliver encryption to protect all the data all of the time with SecureAge Security Suite.
Using SecureAge PKI-based asymmetric encryption to protect your files
With SecureAge, data is encrypted all the time, in all locations: at rest, in motion and in use and secured against theft and unauthorised access.
SecureAge's PKI-based encryption uses asymmetric encryption, providing each user with their own unique key. Each file is encrypted and then locked with the user's unique, personal key so that even privileged users (like Edward Snowden) cannot access data they have not specifically been granted access to. Other solutions which use symmetric encryption apply the same key across files and users, which means that many users share the same key giving wide access to large amounts of data, reducing security and adding an administrative burden to perform key rotation. On the other hand, SecureAge’s asymmetric encryption allows for natural and secure file sharing between users since the PKI techniques are applied in a way that the encryption is an inherent part of the Data and therefore invisible to the user.
SecureAge uses PKI-based asymmetric encryption to remove the trade-off between proven data security and usability. End users don’t even need to be aware that they are using SecureAge and can work as they normally do, sharing files securely and thinking about things other than cybersecurity. In short, it doesn’t force anyone to become a cybersecurity expert. Visit our SecureAge Security Suite page to find out more and get in touch with our representative to see live in action how SecureAge Security Suite works.
SecureAge's PKI-based encryption uses asymmetric encryption, providing each user with their own unique key. Each file is encrypted and then locked with the user's unique, personal key so that even privileged users (like Edward Snowden) cannot access data they have not specifically been granted access to. Other solutions which use symmetric encryption apply the same key across files and users, which means that many users share the same key giving wide access to large amounts of data, reducing security and adding an administrative burden to perform key rotation. On the other hand, SecureAge’s asymmetric encryption allows for natural and secure file sharing between users since the PKI techniques are applied in a way that the encryption is an inherent part of the Data and therefore invisible to the user.
SecureAge uses PKI-based asymmetric encryption to remove the trade-off between proven data security and usability. End users don’t even need to be aware that they are using SecureAge and can work as they normally do, sharing files securely and thinking about things other than cybersecurity. In short, it doesn’t force anyone to become a cybersecurity expert. Visit our SecureAge Security Suite page to find out more and get in touch with our representative to see live in action how SecureAge Security Suite works.