Symmetric vs. Asymmetric Encryption: Which Way is Better?

There are two fundamental ways to use keys or secrets for encryption:symmetric and asymmetric.  Symmetric encryption uses the identical key to both encrypt and decrypt the data.  Symmetric key algorithms are much faster computationally than asymmetric algorithms as the encryption process is less complicated.  The length of the key size is critical for the strength of the security.  NIST has recommendations on how long a key should be– in general, 160-512 bits.   There are inherent challenges with symmetric key encryption in that the key must somehow be managed.  Distributing a shared key is a major security risk.

symmetric encryption

symmetric encryption

Asymmetric encryption uses two related keys (public and private) for data encryption and decryption, and takes away the security risk of key sharing.  The private key is never exposed.  A message that is encrypted by using the public key can only be decrypted by applying the same algorithm and using the matching private key.   Likewise, a message that is encrypted by using the private key can only be decrypted by using the matching public key.

Asymmetric Encryption

Asymmetric Encryption

Are you building out for secure devices to protect your engineering designs and secure any potential hacking in your product? Receive a FREE Atmel CryptoAuthentication development tool?

This blog was written by Steve Jarmusz, Atmel Applications Manager for Crypto, Memory and Analog Devices. 

14 thoughts on “Symmetric vs. Asymmetric Encryption: Which Way is Better?

  1. A Reader

    “a message that is encrypted by using the private key can only be decrypted by using the matching public key.”
    This is a wrong statement. Private key is never used for encryption purpose.

    Like

    Reply
      1. a more knowledgeable reader

        private keys are only used for DEcryption. using them for encryption would be stupid because anyone could decrypt them with the public key. thats why its called a public key

        technically the statement in question is true, but that is not how asymmetric encryption is used

        Like

      2. dark5

        Ok, wow. I’m just commenting here to clarify incase some poor soul gets confused:

        – ONLY the shared key is used for encryption and decryption.
        – The shared key is generated from all public/private key(s) by means of whatever authentication and key exchange protocol.

        I have no idea why you would say “private keys are only used for DEcryption”. That is wrong and doesn’t make sense.

        “A message that is encrypted by using the public key can only be decrypted by applying the same algorithm and using the matching private key” as well as “A message that is encrypted by using the private key can only be decrypted by using the matching public key” also don’t make sense.
        THE KEY YOU USE TO ENCRYPT A MESSAGE IS THE KEY YOU USE TO DECRYPT A MESSAGE, HENCE HAVING A SHARED KEY.

        Unless the author and you guys are talking about some crazy protocols not specified in TLS and are not talking about AES encryption. In which case, good luck with your security.

        Like

    1. Tre', a Comtia A+, Network+, and Security+ certified student

      In terms of asymmetric encryption, only digital signatures on emails are encrypted with a private key. Other than that, only public keys are used to encrypt messages.

      Like

      Reply
  2. Mad Irish

    Based on the above comments it’s easy to see why there is so much confusion surrounding encryption. Part of that confusion stems from the fact that there’s no mathematical difference between a public and a private key in RSA (assuming you’re using RSA for your asymmetric encryption). The public and private keys are chosen arbitrarily from the key pair. While the public key is used to encrypt messages intended for the holder of the private key, message signing is, in fact, encryption with the private key and is done all the time.

    Like

    Reply
  3. Alex

    As people have stated, the information about asymmetric encryption is true except when the author states “Likewise, a message that is encrypted by using the private key can only be decrypted by using the matching public key”, and should be deleted or edited. Here is a very simple explanation of how an asymmetric conversation would work:

    Assume that person A and person B want to send a message to each other. They would both exchange their public keys. A would use B’s public key to encrypt, and B would use his private key to decrypt the message. B would then use A’s public key to encrypt a response, and A would use their private key to decrypt the message.

    If private keys were used for both encryption and decryption, it would be very easy to discover the algorithm used in the private key. That is why it is PRIVATE, you do not send any information out about this key what-so-ever (although the public key is technically mathematically related, it is near-impossible to reverse engineer).

    Like

    Reply
  4. Pingback: Week Three Case Study | Tyler N Woods

  5. Austin Owino

    BOTH keys are used for encryption; it only depends on WHY you are doing the encryption. As Mad Irish above has correctly said, if you want to people to know that you are associated with some item, you encrypt it using your PRIVATE key. This is called signing the item. Someone proves that you signed it by decrypting it with your PUBLIC key. It is only your PUBLIC key that can decrypt an item you have signed (encrypted with your PRIVATE key.

    Cryptography is not only used for concealment.

    Like

    Reply
  6. Pingback: SEC280 Wk3 Case Study | BruceClues

  7. Enrique

    Sometimes an explanation from the actual users in the Real World is needed to totally comprehend a concept. I also didn’t fully understand for what reasons you would encrypt something with the private keys. So far most definitions I found described the WHAT and HOW but not the WHY, which I know fully understand per the comments on this article. THANKS to the posters. Cheers

    Like

    Reply
  8. Pingback: Let's Encrypt: A New Hope | LAS 396 | Jupiter Broadcasting

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s