Beginner Cryptography

Symmetric vs Asymmetric Cryptography

Cryptography is the foundation of digital security. There are two main models: symmetric (one key) and asymmetric (key pair).

Symmetric Cryptography

A single key both encrypts and decrypts. Fast, ideal for large volumes of data.

AES (Advanced Encryption Standard) is the current standard. It uses 128-bit blocks with 128, 192, or 256-bit keys.

Original data  →  [AES-256 + secret key]  →  Ciphertext
Ciphertext     →  [AES-256 + same key]    →  Original data

Common operation modes:

  • CBC (Cipher Block Chaining) — each block depends on the previous one. Requires a unique IV.
  • GCM (Galois/Counter Mode) — authenticates in addition to encrypting. Preferred in modern systems.
# Encrypt a file with AES-256-GCM (OpenSSL)
openssl enc -aes-256-gcm -in file.txt -out file.enc -k strong_password

The problem: how do you securely share the key?

Asymmetric Cryptography

Uses a pair: public key (shared) and private key (secret). What one encrypts, only the other can decrypt.

RSA is the most well-known algorithm. It relies on the difficulty of factoring large prime numbers.

Alice publishes: her public key
Bob encrypts a message using Alice's public key
Only Alice (private key) can read it

ECC (Elliptic Curve Cryptography) uses elliptic curves over finite fields. Same security as RSA with much smaller keys.

Equivalent securityRSAECC
128 bits3072 b256 b
192 bits7680 b384 b
256 bits15360 b521 b

Common curves: P-256, P-384, Curve25519 (used in TLS 1.3 and SSH).

How Both Models Work Together

In practice, both work together — asymmetric exchanges the key, symmetric encrypts the data:

1. Client generates a random AES key
2. Encrypts that key with RSA/ECC (server's public key)
3. Server decrypts it with its private key
4. From that point on, communication uses AES

This pattern is present in TLS, SSH, and PGP.

When to Use Each

CriterionSymmetric (AES)Asymmetric (RSA/ECC)
SpeedVery fastSlow
Key exchangeProblemSolves it
Data volumeIdealAvoid
AuthenticationNoYes