Asymmetric encryption, or public-key encryption, is a type of cryptographic protocol that uses a public and private key to exchange encrypted data between two users or devices.
The development of asymmetric encryption in the 1970s was essential to encrypting communications over the internet and remains a popular method for securing data.
Unlike symmetric encryption, which uses the same key for encryption and decryption, public-key cryptography employs a private key only known to the intended recipient of an encrypted message. Though asymmetric encryption is slower than symmetric encryption, the additional complexity makes a threat actor’s job infinitely more difficult for hacking the protected data.
This article looks at asymmetric encryption, how it works, its features, examples, and the history of public-key cryptography.
In this definition...
Asymmetric encryption is when two users exchange a mix of public and private variables over a network to produce a secure, trusted communication protocol for sharing data. This initial exchange, also known as a handshake, establishes a shared key for further communication.
Once connected, users send communications encrypted by the shared public key, which is only accessible to the unique recipient who holds the corresponding private key.
The public-key handshake is a complex mathematical process to ensure access while denying prying eyes on public networks. The original Diffie-Hellman-Merkle method uses modular arithmetic as presented in the below infographic and in-depth explanation:
Before asymmetric encryption was developed, symmetric encryption allowed for encrypted communication through a single shared key.
In symmetric encryption, users can grant access to encrypted messages by sharing a specific private key. This shared key method is faster, uses fewer bits, and requires less overhead, but it isn’t as effective in securing data for larger networks.
Asymmetric encryption provides more robust security for data at rest and in transit, but with more bits and a longer process, it isn’t as fast as symmetric encryption methods.
Asymmetric Encryption | Symmetric Encryption | |
Keys | 2 – Public and Private | 1 – Private |
Bits | 2,048 to 4,096 | 128 to 256 |
Speed | Slower | Faster |
Overhead | More Complex, Expensive | Less Complex, Expensive |
Security | Strong | Limited |
Examples | Diffie-Hellman, RSA, ECC, DSA | AES, RC4, 3DES, QUAD |
Web developers and cryptographers increasingly use both encryption methods, leveraging the speed provided by symmetric encryption and the security provided by asymmetric encryption.
Hybrid encryption systems often use asymmetric encryption to establish a trusted connection with another user, followed by symmetric encryption for subsequent communications. The Transport Layer Security (TLS) protocol is one of the most visible examples of hybrid encryption, with its extensive implementation for instant messaging, VoIP, email, and other web services.
Before the internet boom, encryption for distributed networks hit a tipping point with the development of public-key cryptography in the 1970s. In 1976, three computer scientists at Stanford—Whitfield Diffie, Martin Hellman, and Ralph Merkle—published their research and dubbed it the Diffie-Hellman-Merkle (DHM) key exchange.
Shortly after, three computer scientists at MIT—Ron Rivest, Adi Shamir, and Leonard Adelman—formulated a system for public-key cryptography, named the RSA algorithm. Both methods remain two of the most popular for asymmetric cryptography; however, RSA includes a digital signature component for authenticating users.
Asymmetric encryption algorithms are essential to establishing the communication protocol between two parties and generating public and private keys. Here are some of the most common examples:
In 1991, cryptographer Phil Zimmerman developed the hybrid encryption protocol, Pretty Good Privacy (PGP), known for its extensive use in securing email communications. Symantec acquired PGP Corporation in 2010, but an OpenPGP-based open source version, GNU Privacy Guard (GPG), is a popular and actively maintained Linux distro.
The successor to the Secure Sockets Layer (SSL), TLS often incorporates a public-key infrastructure (PKI) and digital certificates to secure web browser communications.
Developed in the mid-1990s to replace Telnet and Unix shell protocols, the Secure Shell Protocol (SSH) allows network and server administrators to create a secure tunnel for managing remote devices.
Part of cryptocurrency’s appeal is the security ensured by cryptographic algorithms and hashes. Popular coins like Bitcoin employ public-key encryption to enable the secure sending and receiving of funds from different user addresses.
This article is an update originally written and published by Vangie Beal on October 17, 1996.