Asymmetric Encryption
Asymmetric encryption uses a public and private key pair for confidentiality and digital signatures without sharing a secret in advance.
Asymmetric encryption, also called public-key cryptography, uses two related keys: a public key that can be shared freely and a private key that is kept secret. Data encrypted with the public key can only be decrypted with the private key, and a signature made with the private key can be verified with the public key.
How It Works
The key pair is generated together using algorithms such as RSA or elliptic-curve cryptography (ECC). Because the keys differ for encryption and decryption, two parties can communicate securely without first sharing a secret.
There are two main uses. For confidentiality, a sender encrypts with the recipient's public key, and only the recipient's private key can decrypt it. For authentication and integrity, a sender signs data with their private key, and anyone can verify the signature with the public key, proving origin and that the data was not altered.
Asymmetric operations are slow compared with symmetric encryption, so real systems combine them. TLS, for example, uses asymmetric encryption only to authenticate and exchange a symmetric session key, then encrypts traffic with the faster symmetric cipher.
Why It Matters
Asymmetric encryption solves the key-distribution problem that plagues symmetric systems: you can establish secure communication with someone you have never met. It underpins TLS, SSH, signed software, digital certificates, signed tokens like JWTs, and cryptocurrency.
Its security depends on protecting the private key and on the mathematical hardness of the underlying problem. Advances in quantum computing threaten current algorithms, driving interest in post-quantum cryptography.
Related Terms
Asymmetric encryption complements symmetric encryption and is the basis of public key infrastructure. It secures encryption in transit, signs JSON web tokens, and enables mutual TLS.