Symmetric vs. Asymmetric Encryption Explained

From Secret Handshakes to Public Keys: Why the Internet Needs Both - and Why Quantum Computers Threaten Them

1. Introduction: The Impossible Handshake

Imagine you want to send a secret package to a friend who lives on the other side of the world. You have a diamond (the data), a virtually indestructible steel box (the cipher), and a high-security padlock (the key).

You put the diamond in the box, lock it with your padlock, and ship it. But then you realize a massive problem: How does your friend open it?

You have the only key. If you mail the key in a separate envelope, the mail carrier (or a thief) could intercept the envelope, copy the key, and lock the envelope back up. They would then have full access to your diamond when the box arrives.

This scenario represents the Key Distribution Problem, and it plagued cryptographers for thousands of years. For centuries, if generals wanted to communicate securely, they had to meet in person to exchange codebooks before going to war.

In the digital age, “meeting in person” is impossible. Your web browser needs to communicate securely with a bank server in Switzerland that you have never visited. How can you agree on a secret code without a hacker in the middle stealing it?

The answer lies in the two main families of cryptography: Symmetric and Asymmetric encryption.

Today, we will explore how they work, why they are different, and how the modern internet combines them to solve the “Impossible Handshake.”

2. Symmetric Encryption (The Secret Handshake)

“Symmetric” means “the same on both sides.” In this type of cryptography, the same key is used to lock (encrypt) and unlock (decrypt) the data.

This is the traditional form of cryptography, almost all historical encryption was symmetric.

How It Works :

1. Agreement: Alice and Bob agree on a secret key (e.g., “RedHorse99”).
2. Encryption: Alice uses “RedHorse99” to scramble her message.
3. Transmission: She sends the scrambled text to Bob.
4. Decryption: Bob uses the exact same key, “RedHorse99,” to unscramble it.

The Analogy: The Hotel Safe

Think of a hotel room safe. You type in a 4-digit code (the key) to lock the door. To open the door again, you must type in that exact same 4-digit code. If you forget the code, the contents are lost. If someone watches you type the code, the security is broken.

The Champion Algorithm: AES

The gold standard for symmetric encryption today is AES (Advanced Encryption Standard). It is used by the US government to protect Top Secret data. AES is incredibly efficient and secure.

• Speed: It is blazing fast. Modern computer processors often have special hardware just to run AES calculations instantly.
• Usage: It is used to encrypt data at rest (your hard drive) and high-volume data in transit (streaming video on Netflix).

The Fatal Flaw

Symmetric encryption has one major weakness: How do you share the key? If you are Amazon and you have millions of customers, you cannot possibly meet every customer in person to whisper a secret key into their ear. If you send the key over the internet, hackers can steal it.

This limitation meant that for decades, secure communication over an open network like the internet was theoretically impossible, until 1976.

Symmetric Encryption uses one shared key for both locking and unlocking. Speed is high, but sharing the key safely is hard.

3. Asymmetric Encryption (The Public Mailbox)

In 1976, researchers Whitfield Diffie and Martin Hellman proposed a radical idea that changed history. What if we didn’t use one key? What if we used two?

This is called Asymmetric Encryption (or Public-Key Cryptography). In this system, every user generates a mathematically linked pair of keys:

1. The Public Key: This key can be given to anyone. You can post it on Twitter, print it on a billboard, or put it in your email signature. It is used only to Encrypt (Lock).
2. The Private Key: This key is kept secret. It never leaves your device. It is used only to Decrypt (Unlock).

The Magic Rule

Here is the mathematical magic that makes this work: Data encrypted with the Public Key can ONLY be decrypted by the Private Key. Even the Public Key itself cannot unscramble the message it just created!

The Analogy: The Open Padlock

Imagine Alice wants to receive secure messages.

1. Alice buys thousands of identical padlocks. She opens them all up.
2. She sends these Open Padlocks (Public Keys) to everyone — Bob, Charlie, and the mailman. She keeps the Key (Private Key) to these padlocks in her pocket and never gives it to anyone.
3. Bob wants to send Alice a secret. He puts his message in a box, grabs one of Alice’s open padlocks, and clicks it shut.
4. Crucial Step: Once Bob snaps the padlock shut, even Bob cannot open it again. He doesn’t have the key!
5. The box travels safely to Alice. Even if a thief steals the box, they see a locked padlock.
6. Alice receives the box and uses her Key (Private Key) to open it.

The Champion Algorithms: RSA and ECC

• RSA (Rivest-Shamir-Adleman): The original grandfather of internet security. It relies on the difficulty of factoring massive numbers.
• ECC (Elliptic Curve Cryptography): A modern, more efficient version. It provides the same security as RSA but with much smaller keys, making it perfect for mobile phones.

The Flaw:

If Asymmetric encryption is so magical, why don’t we use it for everything? It is incredibly slow. Because the math involved (factoring huge numbers) is complex, it requires a lot of processing power. If you tried to watch a YouTube video encrypted entirely with RSA, your battery would die in minutes, and the video would buffer constantly.

Asymmetric Encryption uses a Public Key to lock and a different Private Key to unlock. It solves the key distribution problem.

4. The Hybrid Solution: The Best of Both Worlds

So, we have two tools:

• Symmetric (AES): Fast, but hard to share keys.
• Asymmetric (RSA/ECC): Secure key sharing, but slow.

How does the internet work? We use both.

Every time you visit a secure website (https://), your browser performs a “Handshake” that combines these two families.

The Hybrid Handshake (Simplified)

1. The Hello: Your browser contacts the Bank’s server.
2. Asymmetric Phase: The Bank sends you its Public Key (The Open Padlock).
3. Key Generation: Your browser generates a temporary Symmetric Key (e.g., “SessionKey123”).
4. Secure Exchange: Your browser encrypts this “SessionKey123” using the Bank’s Public Key and sends it back.
5. Decryption: The Bank uses its Private Key to decrypt the message and retrieve “SessionKey123.”
6. Symmetric Phase: Now, both you and the Bank have “SessionKey123.” You discard the slow Asymmetric keys and use the fast Symmetric encryption (AES) for the rest of your browsing session.

This allows us to load high-definition video securely (speed of Symmetric) without ever having to meet the server administrator in person (security of Asymmetric).

The Internet uses Asymmetric crypto to safely swap a Symmetric key, then switches to Symmetric for speed.

5. Why This Distinctions Matters for the Future (PQC)

You might be wondering why we are spending so much time distinguishing between these two families.

Here is the critical connection to the rest of this course:

Quantum Computers affect these two families differently.

1. Symmetric Encryption (AES): It is mostly safe. Quantum computers can weaken it slightly, but we can fix that simply by making our keys longer (e.g upgrading from AES-128 to AES-256).
2. Asymmetric Encryption (RSA/ECC): It is doomed. The math that powers Public/Private keys (factoring numbers) is exactly the kind of math that quantum computers are terrifyingly good at solving. A powerful quantum computer could derive your Private Key from your Public Key, shattering the security of the entire internet.

This is why Post-Quantum Cryptography (PQC) is almost entirely focused on finding replacements for the Asymmetric part of the handshake. We need new ways to swap keys that don’t rely on the math that quantum computers can break.

Summary:

What’s Next?

We have now covered the tools: Encryption, Hashing, and Signatures. We know how keys are swapped.

But how do we trust the person giving us the key? If a hacker intercepts your connection to the bank and gives you their Public Key instead of the bank’s, how would you know?

The answer lies in the Certificate System.

In the upcoming week we will discuss How Internet Security Works (TLS, HTTPS & Certificates), we will put all these pieces together to explain the “Green Padlock” in your browser. We will learn how a global web of trust prevents hackers from impersonating Google, Amazon, or your bank.

---