Fundamentals of symmetric and asymmetric cryptography

Nitesh Malviya
November 23, 2020 by
Nitesh Malviya

Cryptography uses symmetric and asymmetric encryption for encryption and decryption of data. If the sender and the recipient of the data use the same key to encrypt and decrypt the data, it’s called symmetric encryption and if the keys are different for encryption and decryption then it's asymmetric encryption. 

What is symmetric encryption?

Symmetric encryption is the one in which the sender and the recipient of the data use the same key to encrypt and decrypt the data. The sender and receiver must exchange the key with each other over a secure channel to maintain confidentiality and using this key the sender and receiver encrypt and decrypt the data exchanged between them. 

Symmetric encryption types

Symmetric encryption algorithms can be categorized into two types.

They are as follows:

  1. Block algorithms: As the name suggests, the data is divided into small chunks of blocks and each block is encrypted using a designated private key. Each block is of fixed size and encryption happens over each block. While each block is being encrypted, the system keeps the data in the memory until all the blocks are encrypted 
  2. Stream algorithms: Unlike Block algorithms, in stream algorithms data is encrypted as it streams. This is considered safer compared to Stream algorithms since the system does not retain data in the memory.

Symmetric encryption algorithms

The following algorithms uses symmetric encryption for encrypting the data:

  1. AES (Advanced Encryption Standard)
  2. DES (Data Encryption Standard)
  3. IDEA (International Data Encryption Algorithm)
  4. Blowfish (Drop-in replacement for DES or IDEA)
  5. RC4 (Rivest Cipher 4)
  6. RC5 (Rivest Cipher 5)
  7. RC6 (Rivest Cipher 6)

Block ciphers: AES, DES, IDEA, Blowfish, RC5 and RC6

Stream ciphers – RC4

Symmetric encryption applications

  1. Banking sector (Payment applications like card transactions)
  2. Random number generation
  3. Validation of sender’s message
  4. Digital signatures

What is asymmetric encryption?

Asymmetric encryption is when the sender and the recipient of the data use different keys to encrypt and decrypt the data. Asymmetric encryption makes use of two keys: one for encryption and the other for decryption. The key use for encrypting the data is called a public key and the other key for decrypting the data is called a private key. 

The public key is distributed publicly to the involved parties for encryption and the private key is stored on the server for decrypting the encrypted data. The private key must be stored securely on the server and should not be accessible to anyone. Anyone having access to the key can decrypt encrypted data and read the data in plain text.

Since asymmetric encryption uses two keys, it is more complex and time-consuming and requires more computational power than symmetric encryption. Asymmetric encryption ensures authentication and non-repudiation along with encryption. The usual key size involved in asymmetric encryption is 1024-4096 bits in length. Asymmetric encryption is ideal for applications where a small amount of data needs to be encrypted.

Asymmetric encryption algorithms

The following algorithms use asymmetric encryption for encrypting the data:

  1. RSA (Ron Rivest, Adi Shamir, and Leonard Adleman)
  2. DSA (Digital Signature Algorithm)
  3. ECC (Elliptic Curve Cryptography)
  4. Diffie-Hellman
  5. El Gamal 

Asymmetric encryption applications

  1. Confidentiality of data
  2. Authenticity using digital signatures 
  3. Integrity of information exchange 
  4. Non-repudiation

Learn Applied Cryptography

Learn Applied Cryptography

Build your applied cryptography and cryptanalysis skills with 13 courses covering hashing, PKI, SSL/TLS, full disk encryption and more.


Nitesh Malviya
Nitesh Malviya

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog - and Linkedin -