Difference between asymmetric and symmetric encryption methods?

Question

OK I'm confused as how these two encryption methods work. I know that symmetric is conventional, and uses a shared private key between two users.

Basically, I want to know

1. The principles of how they work

2. Their purpose

3. Their relative performance

of asymmetric and symmetric encryption methods.

Answer 1

I suggest starting with Applied Cryptography. It's an excellent introduction to the principles involved in cryptography.

If you're seriously interested in cryptography, I strongly recommend the Handbook of Applied Cryptography as an amazing reference work. It will be too much to handle at first, but it is free, so go grab a copy now :) and when you're done with AC, read HAC. (Actually, the hardback edition is very well made and far easier to read than a few hundred pages of laser-printed paper; consider buying it if you like the looks of the PDFs.)

Symmetric encryption works by mixing secret input with a secret key in such a fashion that it is (a) fast (b) cannot derive the input or key from the output. The details of the mixing varies significantly, but there are block ciphers and stream ciphers; block ciphers work by looking at the input data in 8 or 16 or 32 byte blocks at a time, and diffusing the input and key within those blocks. Different modes of operation are needed to encrypt more data than fits in the blocks, and different modes of operation might or might not spread data between blocks too.

Symmetric ciphers are fantastic for bulk data encryption, from 8 bytes to 8 terabytes, it's the best choice for encrypting data.

Asymmetric encryption works by exploiting very difficult mathematical problems with back doors that enable a fast solution to the problem, if you have a small piece of very important data. The usual mathematical problems are factoring large numbers and discrete logarithms. Asymmetric algorithms work on a fixed data size, typically 1024-2048 bits for RSA and El Gamal, and 384 bits for Elliptic Curve versions of RSA or El Gamal. (Elliptic Curve versions use a different field than the integers for their computations. RSA and El Gamal and similar systems work with any field that specifies both a multiply and an add operation, and ECC has a different representation of that field that magically packs 'more' data into a bit. It's a super clever way of making well-known mechanisms fit into less memory, and my one-sentence introduction can't begin to do it justice. The simplicity is the amazing part.)

Asymmetric encryption helps solve the key distribution problem, but only barely: instead of requiring O(N^2) key pairs between every pair of people wanting to use cryptography to talk amongst themselves, it requires O(N) keys, one public/private pair per person, and everyone just needs to know everyone else's public portion. This is still not an easy problem, as the complexity of x509 demonstrates, but mechanisms such as openPGP and OpenSSH have simpler models and mechanisms that work well for many uses.

Asymmetric ciphers are usually used to transfer session keys for symmetric ciphers. Even when only a small amount of data is going to be transferred, cryptographers will typically prefer sending the actual data encrypted with a symmetric cipher, and send the key encrypted with an asymmetric cipher. One huge benefit is that you can send a message to a hundred different recipients, and the size of the message will be O(size of message + 100*2048 bits) -- you can encrypt the session key to each of the recipients individually, and only transfer the message once. Great Success.

Asymmetric ciphers are also used for digital signatures. While it is possible to use a symmetric cipher for message authenticity, a symmetric cipher cannot be used to provide non-repudiable signatures.

Asymmetric ciphers are fantastic for encrypting small amounts of random, or 'indistinguishable-from-random', data, such as session keys and message digests. It's best used for keys and hashes.

Symmetric ciphers are typically much faster than asymmetric ciphers, but because they are used for different purposes, the speed difference isn't an issue in practice. Of course, speeds can vary significantly by algorithm (DES is wickedly slow in software and can be fast in hardware, but AES is 1.8 to 3.3 times faster for small data sets on my system, and could probably be much faster still in hardware.)