Cybersecurity

Asymmetric-key algorithms and symmetric-key algorithms

Thought Leadership Team

Coalfire

Blog Images 2022 key algorithms tile

Asymmetric-key algorithms and symmetric-key algorithms are basic forms of cryptography.

Symmetric-key algorithms

The symmetry of the algorithm comes from the fact that both parties involved share the same key for both encryption and decryption. It works similar to a physical door where everyone uses a copy of the same key to both lock and unlock the door. A symmetric-key algorithm, just like real doors, requires the distribution and security of shared keys.

This raises the issue of key management, a critical concept in cryptography. Just like the keys to your home, great emphasis must be placed on maintaining and securing cryptographic keys.

Symmetric-key algorithms work by taking the plaintext message (i.e., the naturally readable information) and combining it with a shared key that is input to the algorithm, which outputs the ciphertext (i.e., the encrypted text). The process works in reverse to decrypt the message. The combined ciphertext and the shared key are input to the algorithm, which outputs the plaintext.

There are two types of symmetric-key algorithms, block ciphers and stream ciphers. The major difference between the two is how much information they encrypt or decrypt at a time.

  • Block ciphers, as the name implies, processes fixed-length groups of bits (i.e., blocks); whereas a stream cipher processes bits one at a time. Due to the larger fixed-length input, block ciphers are generally slower than stream ciphers.
  • Stream ciphers, due to their low processing requirements and flexible input lengths, are often found in hardware implementations. An example of a hardware-based stream cipher would be a secure wireless access point. Both WEP and WPA use the RC4 stream cipher for encrypting communications.

Asymmetric-key algorithms

Asymmetric-key algorithms work in a similar manner to symmetric-key algorithms, where plaintext is combined with a key, input to an algorithm, and outputs ciphertext. The major difference is the keys used for the encryption and decryption portions are different, thus the asymmetry of the algorithm. The key pair is comprised of a private key and a public key. As the names imply, the public key is made available to everyone, whereas the private key is kept secret. Which key is used for encryption and which key is used for decryption varies depending on the intended use of asymmetric-key algorithm in question.

The two main uses of asymmetric-key algorithms are public-key encryption and digital signatures. Public-key encryption is a method where anyone can send an encrypted message within a trusted network of users. The sender encrypts the message using the receiver’s public key, allowing only the receiver to decrypt the message using his or her own private key. Anyone could intercept the encrypted message, but only the receiver can decrypt it. This makes public-key encryption an ideal method for protecting messages sent over unsecured mediums, such as the World Wide Web, where the sender has no control over how a message is routed to the sender.

The biggest vulnerability to asymmetric-key encryption is key management. Along with symmetric-key encryption, a compromised key is very bad, as it could be used to disclose all information encrypted with that key. However, the additional threat faced by asymmetric-key encryption is the risk of an attacker using a compromised private key to send message on the victim’s behalf. The message would encrypt and decrypt correctly, so there would be no indication of wrongdoing. In this sense, key management is even more critical in asymmetric-key encryption. Great care should be taken to manage the encryption key lifecycles from issuance, to renewal, and revocation.