There are two types of encryption: asymmetric and symmetric. Traces of symmetric encryptions can be found as early as 500 BC. But asymmetric was only invented in the 1970s. You can imagine symmetric encryption as a safe you’d have at home. One key opens and closes the safe box (encrypt and decrypt a message). When exchanging a message, the key can be as simple as: “in my message, every letter in the alphabet is offset by 6”. To someone that doesn’t know this rule, the message wouldn’t be understandable. The problem is, with symmetric encryption, before exchanging a message, two people first have to find a way to exchange the key (the rule). This initial message (or “key exchange”) is the security risk.
The role of asymmetric encryption
Asymmetric encryption solves the security issue of the initial transfer of the key. Instead of having 1 key that can encrypt and decrypt. They created a system where there are two keys: a first one only decrypts and a second one only encrypts. In fact, you don’t need to worry about sharing a key that can only encrypt a message and not decrypt it.
Asymmetric encryption works like a mailbox.
Anybody can put an envelope in a mailbox, but only the mailman can take its content. With asymmetric encryption, the whole in the mail box is called the public key, anybody can know that key, it can only encrypt (lock). And the key to open the mailbox is called the private key, it is know only to the receiver of the information and can only decrypt (unlock).
Sending a message with asymmetric encryption.
The term key for the public key is misleading. The public key is a mathematical equation whose role is to transform a message into something unreadable. Lets call this equation f(x)
- f(x) is uniq to the receiver of the message. You have one, I have a different one, grandma has one also. It is public so anyone can know the f(x) of someone else and send them a message.
- x is the readable message
- f(x) = y
- y is the encrypted message transferred over the internet
We learned in school that it is possible to reverse a function. If ax+b = y, then x = (y-b)/a. Finding x when you know y and f(x) is dead simple. This is where the beauty comes in, with asymmetric encryption, when you know y and f(x), you cannot find x. The f(x) function is so complex that the best computers cannot reverse it.
Receiving a message with asymmetric encryption
Remember: y is the encrypted message, f(x) is the complex function, and x is the decrypted message. The receiver has more information, he/she knows the following:
- y = f(x)
- f(x) = 𝚫 g(x)
- g(x) is a function much simpler to compute,
- 𝚫 is a constant, the private key. If the receiver knows 𝚫, he can easily get x from y (the encrypted message).
What if… the private key I am using to send a message doesn’t really belong to the person I want to send information to?
How to prevent fake public keys?
Fake public keys : you think you are sending your info to someone but you are actually sending it to someone else. In fact, if public keys are public and everybody can use and handle them, someone could alter them.
A user needs to be sure that the public key he is using belongs to the person he/she wants to send data to.
There is a 3rd party system, this third party will certify that the key you are using is valid. The third party is called a certificate authority, it issues a certificate that certifies the ownership of key pairs. The certificate contains the public key and the identity of the owner.
Example : asymmetric in the technology behind https. The website wants to assure you that if you type your password in the field, the password won’t go anywhere else than in their server. When you go on a website and the https is green, it means the certificate authority has validated the certificate of the website, the public key at your disposal is correct, you can safely enter any information you want on the website.
All in all, asymmetric encryption provides security by allowing to share a key that can only encrypt. The certificate authority acts as a third party providing trust to the user.
Frequently asked questions on this topic
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses one key to both encrypt and decrypt information, meaning both the sender and receiver need to share the same key. Asymmetric encryption uses two keys: a public key to encrypt data and a private key to decrypt it. This makes asymmetric encryption more secure for sharing sensitive information, as only the intended recipient has the private key for decryption.
Why is asymmetric encryption more secure than symmetric encryption?
Asymmetric encryption is more secure because it eliminates the need to share a secret key before communication. In symmetric encryption, sharing the key itself can be a security risk. Asymmetric encryption, with separate public and private keys, ensures that even if the public key is known, only the person with the private key can decrypt the message.
How does a certificate authority (CA) ensure the security of public keys?
A certificate authority (CA) verifies the authenticity of public keys through a digital certificate. The CA ensures that the public key belongs to the legitimate owner, preventing attackers from intercepting or altering the public key. This validation process is critical in maintaining trust in secure communications, such as those using HTTPS on websites.
What are some real-world applications of asymmetric encryption?
Asymmetric encryption is widely used in secure communications, including HTTPS for secure browsing, email encryption, and digital signatures. It also plays a key role in blockchain technology, online banking, and virtual private networks (VPNs), ensuring data privacy and authenticity across various online services.