5.6 ASYMMETRIC ENCRYPTION
The symmetric encryption techniques discussed so far provide extremely efficient protection for digital information. Modern block ciphers such as AES can encrypt vast quantities of data at very high speeds while providing an exceptionally high level of security. For this reason, symmetric cryptography remains the preferred method for protecting bulk data in almost every modern communications system. However, despite these strengths, symmetric encryption suffers from one fundamental practical limitation: both communicating parties must possess the same secret key before secure communication can begin.
The requirement to establish a shared secret presents what is known as the key-distribution problem. If two parties have never communicated before, how can they exchange the secret key without exposing it to an eavesdropper? Delivering the key in person may be practical within a single organization but becomes increasingly difficult as the number of users grows or when communication occurs across the Internet between individuals who have never previously met. A network containing N users potentially requires thousands or even millions of securely distributed keys, making key management one of the most significant challenges in large-scale cryptographic systems.
During the 1970s, cryptographers recognized that the principal obstacle to secure communications was no longer the strength of the encryption algorithms themselves but the secure distribution and management of keys. This realization led to one of the most significant developments in the history of cryptography: public-key cryptography, also known as asymmetric cryptography. Instead of requiring both parties to share a single secret key, asymmetric systems employ a pair of mathematically related keys. One key may be distributed publicly without compromising security, while the other remains private and known only to its owner. The security of the system depends not on keeping the algorithm secret, but on the computational difficulty of deriving the private key from the public key.
Asymmetric cryptography transformed secure communications by solving problems that symmetric systems alone cannot address. In addition to enabling secure key exchange over insecure networks, public-key algorithms support digital signatures, authentication, certificate-based identity management, and public-key infrastructures that establish trust between previously unknown parties. These capabilities underpin secure web browsing, electronic commerce, secure email, software distribution, virtual private networks, and countless other Internet services.
It is important to recognize, however, that asymmetric encryption does not replace symmetric encryption. Public-key algorithms require substantially more computation than symmetric ciphers and are therefore much slower when encrypting large quantities of data. Modern secure communication systems consequently employ a hybrid approach: asymmetric cryptography is used to establish or exchange a temporary symmetric session key, after which the actual user data are encrypted using a fast symmetric algorithm such as AES. This combination exploits the strengths of both approaches, providing secure key management together with high-speed data encryption.
The following sections examine the principles of asymmetric cryptography, beginning with the concept of public and private key pairs before introducing the RSA algorithm, elliptic-curve cryptography, digital signatures, public-key infrastructures, and the hybrid cryptographic systems that secure today's Internet.
Back to reading