Nowadays, the way we communicate and interact with each other online has taken modern communication to the point where it looks like magic. But reaping the fruits of technology comes at a price – abandoning our privacy.
With the development of the internet, actions such as hacking have become common, and their effects are often devastating.
Encryption has been around for thousands of years, but now we adapted it to our technological development. And in industries such as cryptocurrency, it plays a crucial role in supporting safety and anonymity.
There are two primary encryption techniques – symmetric and asymmetric.
But before we start talking about them, let’s define some of the terms we will encounter, and find out how cryptography really works.
Cryptography terms you should know
- Encryption. The process of transforming simple text into unintelligible text.
- Decryption. The process of transforming unintelligible text into normal text.
- Key. A password or a code used to encrypt and decrypt information.
- Plaintext. The standard message, without any form of encryption.
- Ciphertext. The encrypted message.
What is Cryptography?
Back in the day, cryptography was mostly used in military or government operations. But with the recent technological evolution, it quickly found its place in most of life’s aspects.
Cryptography uses complex mathematical formulas to convert simple text into unintelligible in order to hide the message. In its most basic formula, cryptography has two steps – encryption and decryption.
The encryption process uses a cipher to encrypt the plaintext and turn it into ciphertext. Decryption, on the other hand, applies the same cipher to turn the ciphertext back into plaintext.
Here’s an example of what a message encrypted using Caesar’s cipher would look like:
Sd nyocx’d bokvvi wkddob.
Let me know in the comments if you can figure out what it says.
And while at a glance the text might look unreadable, the process is really simple once you know how the encryption method works. Also known as a shift cipher, Caesar’s cipher shifts each letter by a set number of spaces to the right or to the left of the alphabet.
So if we choose to switch by 7 spaces to the right, we’re left with the following:
- A = H
- B = I
- C = J
- D = K
- W = D
- X = E
- Y = F
- Z = G
As you can see, Caesar’s cipher is pretty straightforward, which is why it’s one of the easiest to solve. All you have to do is figure out the number of spaces the alphabet was switched with.
What is symmetric encryption?
Symmetric encryption is the most basic form of encryption, with Caesar’s cipher serving as a perfect example.
It uses a single secret key to both encrypt and decrypt information, which makes the process quite simple. A message is encrypted using the secret key on computer A. It is then transferred to computer B, which decrypts it using the same key.
Since both the encryption and the decryption process uses the same key, symmetric encryption is faster than its counterpart. Which is why it is usually preferred for large files that need mass encryption – such as databases.
Symmetric encryption is usually used by banks, as it efficiently protects PII (Personal Identifying Information) without huge costs of resources. This helps lower the risk involved in dealing with payment transactions on a daily basis.
Modern methods of symmetric encryption include AES (Advanced Encryption Standard), 3DES (Triple Data Encryption Standard), and Blowfish.
The algorithm recommended by the US National Institute of Standards Technology is AES. Thus, the most popular ones are AES-128, AES-192, and AES-256.
How is asymmetric encryption different?
Also known as Public-Key Cryptography, asymmetric cryptography uses more than one key, of two different types – public and private.
And I’m sure this sounds familiar to those of you who own a crypto wallet.
As their names suggest, a public key is a key that is publicly available to anyone, while a private key is secret. Only the owner must know it.
Instead of using a single key to decrypt and encrypt information, asymmetric encryption uses two of them. A message encrypted by a public key can only be decrypted by a private key. And naturally, a message encrypted by a private key can only be decrypted using a public key.
SIDENOTE. Asymmetric encryption systems oftentimes use more than only 2 keys. There are algorithms which use 5 keys, which highly increases the security and the total number of possible solutions to decrypt a message.
The usage of two keys makes the encryption and decryption process very complex, and it improves the security it provides. This makes them a crucial ingredient in today’s cryptosystems, by providing anonymity and validity.
One of the first public-key encryption systems is RSA (Rivest-Shamir-Adleman) and was first presented in 1978. Today, some of the most widely used algorithms for asymmetric encryption are Diffie-Hellman and Digital Signature Algorithm.
The main difference between these algorithms is that some provide key distribution and anonymity, others provide digital signatures, and others provide both.
However, there’s still one problem that needs fixing – the proof of authenticity.
This is where digital certificates come in
In order for asymmetric encryption to work, we need a way to validate the authenticity of the transmitted message.
One solution is through the usage of digital certificates. A digital certificate is a package of information that identifies a user and a server. Think of it as your ID.
It contains your name (or your organization’s name), the name of the organization that issued the certificate, your e-mail address, your country of origin, and your public key.
When a person sends an encrypted message through a secure channel, his digital certificate is automatically included. This helps identify the two users/devices and establishes a secure communication channel.
What are the differences between symmetric and asymmetric encryption?
The main issue with today’s encryption systems is the difficulty of exchanging the secret key over the internet. This is why most systems use a combination of both symmetric and asymmetric encryption.
The asymmetric encryption is used to deliver the code needed to decipher symmetric encryption.
Essentially, asymmetric encryption serves as a set of rules on how to start decrypting the message. It explains how to unlock the cipher required to decrypt the initial data.
Therefore, trying to state that one encryption is better than the other is difficult. But here are the main differences between the 2 systems.
- Symmetric encryption uses a single key to encrypt and decrypt information, while asymmetric encryption uses more keys of two different types – public and private.
- While symmetric encryption is faster and ideal for encrypting large amounts of data, asymmetric encryption is usually used to transmit the code needed to decipher the symmetric encryption.
- Asymmetric encryption is a modern algorithm, while symmetric encryption has been around for approximately 2,000 years.
- Symmetric encryption is a relatively simple process, while asymmetric encryption is far more complex and thus harder (but not impossible) to break using pure computational power.
Which is more secure – symmetric or asymmetric encryption?
This is a difficult question to answer.
Most people believe that asymmetric encryption is more secure since it has both a public and a private key. But comparing the strength and resistance to attack of symmetric and asymmetric encryption isn’t that easy.
What is important here is the context.
Symmetric encryption is better used when trying to share information between a smaller number of people. It is easier to use and understand, so there are lower chances of the information being misinterpreted.
Moreso, algorithms for symmetric encryption/decryption tend to work faster.
On the other hand, asymmetric encryption work way better on large groups of people (such as the internet).
Most of today’s systems (such as SSL or TLS) use a combination of both symmetric and asymmetric encryption, as well as other algorithms.
Therefore, saying which of the two encryption methods strictly depends on the context.
Encryption is a complex topic, but it usually boils down to what you want to use it for.
This makes it hard to say that “asymmetric is better than symmetric” or vice-versa. While symmetric encryption might be the best fit for certain situations, in other cases asymmetric encryption might be the better choice.
And while it might seem easy to say that encryption is strictly the concern of developers, that’s simply wrong. All of us should have a basic idea of how internet security works. That will help us better defend against potential attacks and will foster a responsible behavior when it comes to online activity.