Networking Theory Concepts

Asymmetric Encryption

Understanding public key cryptography and how asymmetric encryption enables secure communication

Asymmetric Encryption

Asymmetric encryption (also called public key cryptography) uses two mathematically related keys - a public key and a private key - to encrypt and decrypt data. Unlike symmetric encryption where both parties share the same secret key, asymmetric encryption allows secure communication without prior key exchange.

  • Key Generation: Mathematical algorithms create a key pair where data encrypted with one key can only be decrypted with the other
  • Public Key: Freely distributed and used by anyone to encrypt messages to the key owner
  • Private Key: Kept secret by the owner and used to decrypt messages encrypted with the corresponding public key
  • Mathematical Relationship: Keys are linked through complex mathematical functions (typically involving prime factorization or elliptic curves)

How It Works

  • Encryption Process: Sender uses recipient’s public key to encrypt plaintext → creates ciphertext that only recipient can decrypt
  • Decryption Process: Recipient uses their private key to decrypt the ciphertext back to plaintext
  • Reverse Operation: Private key can encrypt data that public key decrypts (used for digital signatures)

For example, if Alice wants to send Bob a secure message:

  1. Alice obtains Bob’s public key (freely available)
  2. Alice encrypts her message using Bob’s public key
  3. Bob receives the encrypted message and decrypts it with his private key
  4. Only Bob can decrypt the message since only he has the private key
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

Alice                    Bob
  |                       |
  | 1. Get Bob's          |
  |    public key         |
  |<----------------------|
  |                       |
  | 2. Encrypt message    |
  |    with public key    |
  |                       |
  | 3. Send encrypted     |
  |    message            |
  |---------------------->|
  |                       |
  |                    4. Decrypt
  |                    with private
  |                    key
  |                       |

Keys: Public (🔓) Private (🔐)
Bob has: 🔓 (shared) + 🔐 (secret)

Common Asymmetric Algorithms

Algorithm Key Size Strength Use Case Notes
RSA 1024-4096 bits High (with large keys) General purpose, SSL/TLS Most widely deployed
ECC (Elliptic Curve) 256-521 bits Very High Mobile devices, IoT Smaller keys, same security as larger RSA
Diffie-Hellman 1024-4096 bits High Key exchange Used to establish shared secrets
DSA 1024-3072 bits High Digital signatures only Cannot encrypt data

Vocabulary

  • Key Pair: The mathematically related public and private keys generated together
  • Digital Signature: Using private key to encrypt a hash, proving authenticity and non-repudiation
  • Key Exchange: Process of securely sharing encryption keys between parties
  • Certificate Authority (CA): Trusted third party that validates public key ownership
  • PKI (Public Key Infrastructure): Framework managing public key certificates and digital signatures

Practical Applications

SSL/TLS Handshake

  • Client verifies server’s certificate (contains server’s public key)
  • Client generates symmetric session key and encrypts it with server’s public key
  • Server decrypts session key with its private key
  • Both parties use symmetric encryption for actual data transfer (asymmetric is too slow for bulk data)

Digital Signatures

  • Sender creates hash of message and encrypts hash with their private key
  • Recipients decrypt hash with sender’s public key and compare to message hash
  • If hashes match, message is authentic and unmodified

VPN Authentication

  • IPSec and SSL VPNs use asymmetric encryption for initial authentication
  • Establishes identity before switching to faster symmetric encryption for data

Advantages vs Disadvantages

Advantages:

  • No need for pre-shared keys between parties
  • Enables digital signatures for authentication and non-repudiation
  • Scalable for large networks (each user needs only one key pair)
  • Solves key distribution problem of symmetric encryption

Disadvantages:

  • Significantly slower than symmetric encryption (100-1000x slower)
  • Requires more computational resources and battery power
  • Vulnerable to quantum computing attacks (future threat)
  • Key management complexity increases with certificate authorities

Network Implementation Considerations

Performance Impact

  • Use asymmetric encryption only for key exchange and authentication
  • Switch to symmetric encryption (AES) for actual data transmission
  • Hardware acceleration recommended for high-throughput environments

Key Size Recommendations

  • RSA: Minimum 2048 bits (4096 bits for high security, government use)
  • ECC: 256 bits equivalent to RSA 3072 bits
  • Larger keys = better security but slower performance

Certificate Management

  • Certificates bind public keys to identities (like digital ID cards)
  • Must be renewed before expiration to maintain trust
  • Certificate revocation lists (CRLs) track compromised certificates

Notes

  • Asymmetric encryption is the foundation of internet security - enables secure communication between strangers without prior key exchange
  • Always combined with symmetric encryption in practice (hybrid cryptosystems) because asymmetric is too slow for bulk data
  • Quantum computing poses future threat to current asymmetric algorithms - post-quantum cryptography being developed
  • In corporate networks, often see RSA 2048-bit keys for compatibility, ECC 256-bit for newer implementations requiring efficiency
  • Remember: Public key encrypts TO someone, private key decrypts FROM others - this relationship enables secure communication without shared secrets
  • Certificate authorities create chain of trust - your browser trusts root CAs, root CAs sign intermediate CAs, intermediate CAs sign server certificates