Encryption is a key concept in cryptography. It is the process in which one can encode a message to a format that can’t be read by an eavesdropper. It is an age old technique, and one popular ancient use case was found in Caesar’s messages, which were encrypted using Caesar cipher. It can be thought of as a transformation. User has plain text, and when it is encoded in to cipher text, no eavesdropper can interfere with your plain text. Once it is received by the intended receiver, he can decrypt it to obtain the original plain text. Encryption is used in almost all the network communications in to varying degrees without our knowledge. It used to be limited to military applications and government communication, but with the widespread of internet recently, the need for secure information channels became paramount, and encryption became mainstream solution for that. There are two major types of encryption which is known as Symmetric Encryption and Asymmetric Encryption. We will be comparing them side by side against each other today.
Symmetric Encryption
This is the simplest kind of encryption that involves in using one secret key. It is the oldest known encryption method and Caesar cipher falls in to this category. The secret key can be as simple as a number or a string of letters etc. For instance, let us look at a shift cipher which is a simple symmetric encryption technique that can be elegantly demonstrated. We have the plain text ‘I want to send a secret message’ in our hands, and our secret key is to shift each letter by three positions. So if you have ‘A’ in the plaintext, it will become ‘D’ in the cipher text. This is what is known as the Caesar cipher, and your cipher text would look like ‘L zdqw wr vhqg d vhfuhw phvvdjh’. At a glance, it’s incomprehensible, but once you decode it with the secret key, it becomes plain text again. There are a lot of symmetric key encryption algorithms in use today which includes stream ciphers like RC4, FISH, Py, QUAD, SNOW etc. and block ciphers like AES, Blowfish, DES, Serpent, Camellia etc.
Asymmetric Encryption
Asymmetric encryption is also known as public key cryptography which is a relatively new area compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt your plain text. This came to the arena to address an inherent problem with the symmetric cipher. If the eavesdropper somehow get hold of the symmetric secret key, then the whole point of encryption is nullified. This is highly probable because secret key may have to be communicated over unsecure communication channels. As a solution, asymmetric encryption uses two key where one key is publicly available, and the other key is private and is known only to you. Imagine someone wants to send you a message; in that scenario, you will have a private secret key and the corresponding public key for that will be available to anyone who might want to send you an encrypted message. So the sender encrypts the message using the public key and make transform the plain text to cipher text, and this can only be decrypted using the corresponding private key which enables anyone to send you a message without ever having to share a secret key with you. If a message is encrypted with the secret key, then it can be decrypted with the public key, as well. In fact, Asymmetric encryption is mostly used in day to day communication channels especially over the internet. Popular asymmetric key encryption algorithms includes ElGamal, RSA, Elliptic curve techniques, PGP, SSH etc.
What is the difference between Symmetric Encryption and Asymmetric Encryption?
• Symmetric Encryption uses a single secret key that needs to be shared among the people who needs to receive the message while Asymmetric encryption uses a pair of public key, and a private key to encrypt and decrypt messages when communicating.
• Symmetric Encryption is an age old technique while Asymmetric Encryption is relatively new.
• Asymmetric Encryption was introduced to complement the inherent problem of the need to share the key in symmetric encryption model eliminating the need to share the key by using a pair of public-private keys.
Symmetric Encryption vs Asymmetric Encryption
I can give you a comprehensive overview on whether to select symmetric encryption or asymmetric encryption, but the truth is that it is highly unlikely that you’ll get the chance to select either if you aren’t a developer or a software engineer. This is because all these encryptions happen in the application layer and below that in the OSI model of networking and a layman would not have to interfere with any of that. They will have assurances to varying degrees about the privacy depending on the programs they use. So what’s important to remember is that never to communicate your secret key over a public network if you are using a symmetric key algorithm, and asymmetric encryption avoids that hassle. However, usually asymmetric encryption takes relatively more time and as such, most real systems uses a hybrid of these two encryption methods where the secret key used in the symmetric encryption is encrypted using asymmetric encryption to be sent over an insecure channel while the rest of the data is encrypted using symmetric encryption and sent over the insecure channel. When the receiver gets the asymmetrically encrypted key, he uses his private key to decrypt it and once he knows the secret, he can easily decrypt the symmetrically encrypted message.