What is Asymmetric Encryption?
Encryption algorithms are primarily designed to protect data confidentiality, protecting against eavesdropping. Asymmetric or public key encryption is a sub-category of encryption algorithms that not only provide confidentiality but can also be used to ensure the authenticity and integrity of data.
Symmetric vs. Asymmetric Encryption
Encryption algorithms scramble data in a way that ensures that only someone with access to the correct decryption key has the ability to restore the original data. This provides strong protection against eavesdropping as long as the secret key is randomly generated and kept secret and secure.
Encryption algorithms can be broken up into two main categories based on how their secret keys work. Symmetric encryption algorithms use the same key for encryption and decryption. For this to work, the parties involved need some way to create or communicate a shared key before they can begin communicating.
Asymmetric encryption algorithms use a pair of related keys for encryption and decryption. The owner of the key generates a random private key and then derives the associated public key from this private key. As its name suggests, this public key can then be made public and is used for encrypting data or validating digital signatures.
How Asymmetric Encryption Works
In a nutshell, asymmetric encryption uses mathematical operations where one key undoes whatever the other key does. These keys are derived in a way that makes it easy to calculate the public key from the private key but infeasible to calculate the private key from the public key.
Mathematical relationships like this are the core of any asymmetric encryption algorithm. For example, some asymmetric cryptography is built around the discrete logarithm problem, which says that exponentiation is “easy” but logarithms are “hard”.
Imagine we have a message m, a private key a, and a public key A. Encryption is performed using the private key, so we could calculate a ciphertext as C = m^A mod X. (Just ignore the mod X for a moment). This ciphertext, C, would then be sent to the owner of the private key.
With the private key, a, the recipient would calculate M = C^a mod X = (m^A)^a mod X. Due to the properties of exponents, this would be equal to m^(a+A) mod X.
When setting up the public and private keys, the recipient would select a and A so that y^(a+A) mod X = y for any y. In this context, mod X means to divide the result by X and keep the remainder (i.e. 24 mod 5 = 4).
With these carefully selected values for a and A, M = C^a mod X = m^(a+A) mod X = m mod X. This is the original message, meaning that the recipient can read whatever was sent to them.
Asymmetric Cryptography Beyond Encryption
The use of a public/private key pair makes public key cryptography extremely powerful. In addition to encrypting data, the same public/private key pair can also be used to generate digital signatures.
A digital signature algorithm essentially flips the encryption process on its head. The owner of the private key can “encrypt” some data with their private key, generating a signature. This signature can be verified by “decrypting” it with the corresponding public key and comparing it to the original message.
Digital signature algorithms provide several benefits beyond confidentiality, including:
- Authentication: Only someone with knowledge of the private key can generate a valid digital signature.
- Integrity: Any modifications to the signed data will cause the signature to no longer match.
- Non-Repudiation: If only the owner of a private key can generate a valid signature, the existence of a signature on a message means that they signed it.
Asymmetric cryptography is fundamental to the modern digital age. Since only the public key is shared, it allows users to communicate secretly without first sharing a secret key. Additionally, its ability to ensure authentication, integrity, and non-repudiation is vital to secure web browsing (i.e. with HTTPS) and many other things we do every day.