Symmetric vs Asymmetric Encryption
Symmetric and asymmetric (public-key) cryptography solve different problems with different trade-offs. Real systems use both — symmetric for bulk data, asymmetric for key exchange and identity.
Symmetric
Both parties hold the same key. Encryption and decryption use that one key. Algorithms: AES (the standard since 2001), ChaCha20 (modern stream cipher).
- Fast — hardware-accelerated on every modern CPU.
- Compact keys — 128 or 256 bits.
- Problem: how do two parties agree on the key without ever meeting?
Asymmetric
Each party has a keypair — a private key (kept secret) and a public key (shared freely). Operations are bound to the keypair: encryption with the public key requires the private key to decrypt; a signature with the private key can be verified with the public key. Algorithms: RSA, ECDSA, Ed25519, (EC)DH.
- Solves the key-distribution problem — public keys are public.
- Enables digital signatures and non-repudiation.
- Hundreds of times slower than symmetric encryption.
- Larger keys for equivalent security (RSA-3072 ≈ AES-128).
How real protocols combine them
TLS, SSH, PGP, and Signal all follow the same pattern: use asymmetric crypto to authenticate the parties and agree on a fresh symmetric key, then encrypt the bulk of the data symmetrically. This pattern is sometimes called a "hybrid cryptosystem."
| Symmetric | Asymmetric | |
|---|---|---|
| Same key both ends | Yes | No — keypair |
| Throughput | Gigabits/sec/core | Megabits/sec/core |
| Key sharing | Hard (out-of-band) | Easy (publish public key) |
| Signatures | HMAC (shared secret only) | Verifiable by anyone |
| Typical use | Bulk data, file/disk encryption | Key exchange, signing, identity |
Post-quantum. Symmetric ciphers like AES-256 remain secure against expected quantum attacks. Today's asymmetric algorithms (RSA, ECDSA, ECDH) would be broken by a sufficiently large quantum computer. NIST has standardised post-quantum replacements: ML-KEM for key exchange and ML-DSA for signatures.