Asymmetric encryption is a data encryption method that uses two keys: a public key and a private key. The public key is used to encrypt the data and can be distributed widely and openly. The private key is used to decrypt the data encrypted with the public key. Public and private keys are both very large numbers, linked by a certain function that makes it extremely difficult to calculate one even if you know the other.
The purpose of asymmetric encryption is to protect data during transfer; its principles have also found application in digital signatures.
How does asymmetric encryption work?
The scheme for data transfer between two users (A and B) with the use of a public key is as follows:
- User A generates a pair of keys: one public, one private.
- User A sends the public key to user B using any available channel, including nonsecure ones.
- User B encrypts the data package with the public key received and sends it to A using any available channel, including nonsecure ones.
- User A decrypts the data received from user B with the secret private key they generated in the beginning.
Under this scheme, intercepting any data transmitted over nonsecure channels is pointless because decrypting the data is impossible without the private key, which is known only to the recipient and does not require transmission.
Use of asymmetric algorithms
Asymmetric encryption addresses the main problem of the symmetric method, which uses a single key for data encryption and its decryption. If such a key is transmitted over nonsecure channels, outside parties may intercept it and access the encrypted data. However, asymmetric algorithms are much slower than symmetrical ones, so many cryptographic systems use both types.
For example, the SSL and TLS protocols use an asymmetric algorithm when establishing a connection (a handshake). The algorithm is used to encrypt and send the key to a symmetric cipher used for further data transfer.
Asymmetric algorithms are also used to generate digital signatures certifying the source and/or integrity of data. In such cases, the signature is created with a private key and verified with a public one.
The most widespread asymmetric encryption algorithms are:
- RSA (the acronym comes from Ron Rivest, Adi Shamir, and Leonard Adleman, who authored the algorithm), which relies on the practical difficulty of factoring large numbers — in other words, presenting them as products of several smaller objects. It is used in secure SSL and TLS protocols, encryption standards such as PGP and S/MIME, and so on, both for data encryption and for digital signatures.
- DSA (Digital Signature Algorithm), which is based on the discrete logarithm problem and is used for digital signature generation. It forms a part of the DSS (Digital Signature Standard).
- The ElGamal encryption system, an algorithm that is based on the discrete logarithm problem and serves as the foundation of the DSA. It is used for both data encryption and digital signature generation.
- ECDSA (Elliptic Curve Digital Signature Algorithm), which is based on the discrete logarithm problem in a group of elliptic curve points. It is used for digital signature generation, in particular, to authorize cryptocurrency transactions on the Ripple platform.
Security of asymmetric encryption
Theoretically, one can compute the private key of an asymmetric cipher by knowing its public key and the underlying mechanism of the encryption algorithm (which is general knowledge). Ciphers can be considered secure if they make such attempts impractical. For example, cracking an RSA-based cipher with a 768-bit key on a computer with a single-core 2.2 GHz AMD Opteron CPU, which was popular in the mid-2000s, would take 2,000 years.
The actual security of encryption depends on the length of the key and the complexity of the problem that underlies the encryption algorithm in the context of available technologies. Computing capacity is steadily growing, so it is necessary to switch to longer keys every once in a while. In 1977 (when the RSA algorithm was first publicly described), attempting to decipher a message encoded with a 426-bit key was considered impractical. In contrast, the keys used today for encryption range from 1024 to 4096 bits, with the first category already shifting toward nonsecure ones.
As for the efficiency of key retrieval, this changes negligibly over time but can increase abruptly with the introduction of revolutionary technology (such as quantum computers). Such events may demand alternative approaches to data encryption.