Encryption is the process of transforming information in a way that only authorized parties can understand it. In cryptography, this process converts the original information, known as plaintext, into incomprehensive text, known as ciphertext.
The transformation mechanism we use is what we know as an encryption algorithm. An encryption algorithm requires two inputs: the plaintext and the encryption key. The encryption algorithm is a mathematical function that will take the plaintext as input and apply this function to it. Based on the value of the key, the result (the ciphertext) will be different.
The goal of an encryption algorithm is to make it very hard to decipher the ciphertext without the key. A good encryption algorithm should require so much time and effort to find the key to break it that would make it impossible for the attackers to try it.
These algorithms however rely on the secrecy of the key. If the attacker finds the key he/she can break the code. There are two types or families of encryption algorithms, based on how the secret key is generated and used
- Symmetric Key Algorithms - Here, both sender and receiver use the same secret key to encrypt and decrypt information.
- Asymmetric Key Algorithms - Here, the sender and receiver use different keys. The sender encrypts the message with one key and the receiver uses another key, mathematically related to the sender’s key, to decrypt the message.
Symmetric Encryption
Symmetric encryption is often referred as private key encryption, because in this type of encryption only one key is required to encrypt and decrypt and this key must remain private to both parties. Both parties in the communication should know the shared secret key in advance and the exchange of this key should be done in advance, normally using another mechanism to secure the exchange.The most important piece of information is the secret key. If it is compromised, any interceptor or man-in-the-middle would be able to decrypt all communication.
Asymmetric Encryption
Asymmetric key algorithms use a pair of keys. We encrypt with one key and decrypt with the other. Having two keys we can keep one key secret and don’t share it with anyone (that will be our private key) and share the other one publicly, with anyone (that will be our public key)The beauty of this is that messages encrypted with the private key can only be decrypted with public key of that pair and viceversa. So this allows to, having our private key secure, send the public key to anyone, in plaintext, it does not matter if anyone can see our public key. If an intruder captures our encrypted traffic, even if they’ve got the public key they could only decrypt the traffic using the private key (and vice-versa).
This is very powerful because it’s a perfect way to provide confidentiality, integrity and authentication to the communication between two parties.
So, which one is better?
Which one should we choose then? The answer is... BOTH!
In a secured communication between parties, the best approach is to use both encryptions:
- First, we use asymmetric encryption to encrypt the exchange of a shared key
- And next, we use symmetric encryption using that shared key for the rest of the communication.
You might be thinking - why not encrypt the whole communication between two parties with asymmetric encryption? The answer is performance. Asymmetric encryption algorithms are great for establishing a secure communication without the need to exchange a shared key. But in terms of performance is much more heavy computational.
On the other hand, Symmetric algorithms are fast and efficient in terms of the computational resources needed, much faster and more efficient than asymmetric. This is why it is the preferred method for encrypted communications, especially in SSL/TLS once the exchange of the secret key is done.
So, the anwser is both types of encryption are required. Asymmetric to allow us to exchange securely a shared key. And simmetric to, using that key, encrypt all the communication fast and efficiently.