Symmetric and asymmetric cryptosystems are both employed to encipher and decipher data. Symmetric cryptosystems always use the a single key for both the encryption and decryption process. In an asymmetric cryptosystem, however, the sender can encrypt data using the receivers public key, which the receiver decrypts data using a separate, private key. A major downside of asymmetric cryptography is that it is computationally demanding and thus much slower than a symmetric encryption algorithm. Nowadays it is common to see a blending of the two systems (otherwise known as ‘hybrid cryptosystems’) as a measure to balance the utility of each. For example, asymmetric encryption is often used in the secure exchanging of keys, simplifying the key distribution process, and a symmetric encryption process is then used to quickly and securely exchange large amounts of data.
The most common asymmetric cryptosystems today are based on RSA. One of the primary functions of asymmetric cryptography has just been mentioned – that is, it is used to provide a solution to the key distribution process involved in symmetric encryption algorithms where the key must be exchanged prior to any encryption and encryption. By employing asymmetric cryptography in this way, a key does not need to be passed along through an insecure channel. Instead, a hybrid cryptosystem uses asymmetric keys to first encrypt a symmetric session key, which is then used to encrypt and decrypt the data that is being sent. Examples of this hybrid cryptosystem include SSL, SSH, and PGP.
A second example of a common use of asymmetric cryptography is in non-repudiation services. Non-repudiation is the assurance that an entity cannot deny a previous action or commitment. It is a vital service for any application which may require evidence that an entity has generated data. In the physical world, our hand-written signatures serve as a form of non-repudiation. Likewise, in the digital world we have digital signatures. These are used to bind an entity with some specific data (providing data origin authentication). In their seminal work, New Directions of Cryptography, Whit Diffie and Martin Hellman proposed public key cryptography as a means to provide a true, unforgeable, purely digital signature and receipt scheme. In their paper they outline just how a public key cryptosystem may be employed to create a one way authentication system.
A third example of asymmetric cryptography is something we encounter on a regular basis as we browse the internet: Transport Layer Security (TLS).
TLS is designed for use in open environments, where it is unreasonable to expect communicating entities to have agreed or exchanged security-related information such as cryptographic keys(Martin, 2017)
TLS is commonly used in e-commerce. As an example, suppose we wanted to make a purchase from a company’s online website that we’ve never visited before. Because this is our first time buying an item from them, there is no reason to expect any pre-existing relationship between us. As a result we have no established means of sending encrypted information to one another. This is where a TLS session becomes handy as it employs hybrid encryption that allows two strangers to exchange data securely (in other words, we can be confident in securely sharing our payment information).
Martin, K. M. (2017). Everyday Cryptography: Fundamental Principles and Applications. Oxford: Oxford University Press.A