โ๏ธ Symmetric vs Asymmetric Encryption
When to Use Each Typeโ
In 5 minutes: Understand when to use shared secrets vs public/private keys
Prerequisite: Public/Private Keys + Diffie-Hellman
๐ฏ The Simple Storyโ
Alice and Bob need to talk privately.
Question: Should they use the same key (symmetric) or different keys (asymmetric)?
Answer: Use both! Different purposes!
๐ง Mental Modelโ
Hold this picture in your head:
Symmetric (Same Key):
Alice and Bob both have key K ๐
Alice encrypts with K โ Bob decrypts with K
Bob encrypts with K โ Alice decrypts with K
Problem: How to share K initially?
Asymmetric (Different Keys):
Alice has public key pk_Bob (Bob's public)
Bob has private key sk_Bob (Bob's secret)
Alice encrypts with pk_Bob โ Bob decrypts with sk_Bob
Advantage: No secret key exchange needed!
Think of it like:
๐ Shared house key (Symmetric: both have same key, but how to give one the key?)
๐ฌ Mailbox (Asymmetric: different keys for send and receive)
๐ See It Happenโ
Let's compare both types:
๐ญ The Story: Two Methodsโ
Scenario 1: Symmetric (Same Key)
Alice and Bob want to talk privately.
Step 1: Alice generates key: K = 12345
Step 2: Alice needs to send K to Bob. How?
Problem: Eve watches everything! If Eve sees K = 12345, Eve can use K to decrypt everything!
Solution: This is the hard part. We need Diffie-Hellman (we learned this) to share K without Eve seeing it!
Scenario 2: Asymmetric (Different Keys)
Alice wants to send Bob a message.
Step 1: Bob publishes his public key (pk_Bob) and keeps his private key (sk_Bob).
Step 2: Alice encrypts her message with Bob's public key.
Step 3: Alice sends encrypted message to Bob. Eve can see it but can't decrypt (no private key!).
Step 4: Bob decrypts with his private key. Only Bob can do this!
Advantage: No secret key exchange needed!
๐ฎ Try It Yourselfโ
Question 1: Alice and Bob use symmetric encryption. Alice generates K = 99999. How does Alice give K to Bob without Eve seeing it?
Show Answer
This is the problem! Alice needs to share K with Bob securely.
Solutions:
- Use Diffie-Hellman: Use public exchange to derive secret K
- Use asymmetric: Encrypt K with Bob's public key
- Meet in person: unsafe if they don't trust the place
- Use a courier: might Eve bribe them?
The best solution: Combine both! Use asymmetric to share key, then use symmetric for messages (fast).
Answer: Use Diffie-Hellman or encrypt K with Bob's public key first
Question 2: Alice encrypts "Hello Bob" with Bob's public key. Who can decrypt it?
Show Answer
Only Bob!
Bob's public key encrypted the message. Only Bob's private key can decrypt it.
Eve has Bob's public key too, but she can't decrypt anything with a public key. Public keys only encrypt; private keys decrypt.
Alice can't decrypt it either! She used Bob's public key, so she lost access.
Answer: Only Bob (with Bob's private key)
Question 3: Which is faster: encrypting with public keys or shared secrets?
Show Answer
Shared secrets (symmetric) are much faster!
Symmetric encryption (like AES-GCM):
- Speed: ~1-5 microseconds per block
- Used for: Encrypting actual messages
Asymmetric encryption (like RSA/ECC/X25519):
- Speed: ~1-10 milliseconds per operation
- Used for: Key exchange, digital signatures
That's why protocols like Signal Protocol use asymmetric to share the key, then symmetric to encrypt messages!
Answer: Symmetric ~1000x faster (for actual data encryption)
๐ข The Mathโ
Symmetric Encryptionโ
K = shared secret (both Alice and Bob have this)
Encrypt(message, K):
ciphertext = SymmetricEncrypt(message, K)
return ciphertext
Decrypt(ciphertext, K):
message = SymmetricDecrypt(ciphertext, K)
return message
Asymmetric Encryptionโ
pk_Bob = Bob's public key (everyone can use)
sk_Bob = Bob's private key (only Bob has)
Encrypt(message, pk_Bob):
ciphertext = AsymmetricEncrypt(message, pk_Bob)
return ciphertext
Decrypt(ciphertext, sk_Bob):
message = AsymmetricDecrypt(ciphertext, sk_Bob)
return message
Speed Comparisonโ
| Operation | Speed | Use Case |
|---|---|---|
| Symmetric (AES-GCM) | ~1 ยตs/block | Encrypting messages |
| Asymmetric (X25519) | ~200 ยตs/operation | Key exchange |
| Asymmetric (RSA-2048) | ~10 ms/operation | Slower, used differently |
๐ก Why We Careโ
The Real Problemโ
Symmetric encryption is fast and secure, but:
- Problem: How to share the key K initially?
- Eve watches everything!
Asymmetric encryption solves the key sharing problem but:
- Problem: Much slower than symmetric!
- Problem: Can't encrypt large data efficiently
The Solution: Use Both!โ
Phase 1: Key Exchange (Asymmetric)
- Use Diffie-Hellman or public/private keys to agree on secret K
- Slow but necessary for initial exchange
Phase 2: Message Encryption (Symmetric)
- Both sides now have secret K
- Use K with symmetric encryption (fast!) for messages
- This is what Signal Protocol does!
Signal Protocol Patternโ
1. X3DH (Asymmetric): Use public/private keys to establish secret
- Slow but secure key exchange
- Result: Shared secret K
2. Double Ratchet (Symmetric): Use K to derive message keys
- Fast encryption for messages
- K deleted after use (forward secrecy)
--- Real-World Uses
| Application | Encryption Type | Why |
|---|---|---|
| SSL/TLS (HTTPS) | Both | Asymmetric for handshake, symmetric for data |
| Signal Protocol | Both | X3DH (asymmetric), Double Ratchet (symmetric) |
| Both | Same as Signal Protocol | |
| SSH | Both | RSA/ECC handshake, AES for tunnel |
โ Quick Checkโ
Can you explain the difference?
Try saying this out loud:
"Symmetric encryption means both people have the same key - it's like both having the same house key. Asymmetric means one key locks and a different key unlocks - it's like a mailbox where anyone can drop letters but only the owner has the key to open it!"
Which should you use?
Decision tree:
Need to exchange a secret key securely? Use asymmetric.
Encrypting lots of messages quickly? Use symmetric.
Best approach? Use asymmetric first, then symmetric!
๐ Key Takeawaysโ
โ
Symmetric = Same key for encryption and decryption
โ
Asymmetric = Different keys: public (encrypt), private (decrypt)
โ
Symmetric fast = ~1000x faster than asymmetric
โ
Problem with symmetric = Key exchange (how to share K securely)
โ
Solution = Use asymmetric for key exchange, symmetric for data
โ
Signal Protocol = X3DH (asymmetric handshake) + Double Ratchet (symmetric messages)
๐ What You'll Learn Nextโ
Now you understand when to use each type! This is crucial for understanding the Signal Protocol.
Next, we'll learn about hash functions - the digital fingerprints of cryptography!
๐ Continue: Digital Fingerprints
We'll learn how to fingerprint messages so that even one changed bit makes the fingerprint completely different!
Now you know when to use symmetric vs asymmetric. Next: Hash functions!
๐ Comparing Use Casesโ
| Use Case | Recommended Approach | Why |
|---|---|---|
| Long-term key storage | Asymmetric | Encrypt with public key, recover with private |
| Encrypting a file | Symmetric | Faster for large data |
| Sending a password over unsecured network | Asymmetric (or DH) | Must avoid Eve seeing the password |
| Ongoing conversation (chat) | Both (X3DH + Symmetric) | Use DH to establish secret, then symmetric for messages |
| Digital signatures | Asymmetric | Sign with private, verify with public |