symmetric vs asymmetric encryption

Most VPN users don’t even need to know anything about encryption, only that it exists. But for those who want to delve deeper, the subject is endlessly complex. One of the more understandable basic ideas is the distinction between symmetric and asymmetric encryption. Just read our explanation in this article!

What is encryption?

First of all, encryption is the way of transforming your normal data that is easy to parse and understand into ciphertext, which is gibberish to anyone who can’t decipher it without a cipher (see what we did there?). 

The most basic ROT13 encryption would encrypt this text by shifting every letter by 13 positions on the alphabet. Anyone who knows that would be able to decrypt the message by doing the same thing in reverse. 

The real big difference in symmetric vs. asymmetric encryption is the distribution of ciphers between the parties involved in the communication

What is symmetric encryption?

Symmetric encryption relies on both parties having the same key for both encrypting and decrypting. We already mentioned ROT13 – it’s an example of symmetric encryption as both parties rely on shifting letters by 13 spaces. 

However, no sane company would use something that simple today. Modern symmetric encryption algorithms will transform a single bit of data multiple times before passing it along.

AES, TLS/SSL, DES, Triple DES, and IDEA are examples of standards or protocols that use symmetric key encryption. 

The advantages of symmetric encryption are:

  • Wide-spread adoption: AES and TLS/SSL are used by basically everyone everywhere. 
  • Speed: Symmetric encryption uses shorter and simpler keys to encrypt data than asymmetric encryption, and thus they work faster.
  • Security: Using current technology, it is unfeasible to crack AES encrypted data in a human lifetime, which makes it very much secure.

The disadvantages of symmetric encryption:

  • One key to rule them all: Symmetric encryption relies on all parties having the same secret key. Thus transmitting that key becomes a major issue, especially when dealing with such impromptu scenarios like you using a VPN when checking your email. 

What is asymmetric encryption?

Asymmetric encryption relies on making your head hurt when you explain it. But to put it shortly, it uses some advanced nerd-level math to create two encryption keys: a private key and a public key. The public key can only encrypt the message, so you send it to the other party. Once they encrypt the message, they send it to you, and you decrypt it with the private key. The same thing happens the other way around. 

RSA, Diffie–Hellman key exchange and TLS/SSL protocol (that’s not a mistake) are examples of asymmetric encryption you’re likely to encounter. 

The advantages of asymmetric encryption are:

  • No one key to rule them all: Since the public key is useless for decrypting the message, you can easily distribute it over unsecure channels as it’s of no value for any third party. 
  • Private keys remain secret: You only need the private key to read the stuff encrypted with your private key, so you don’t have to expose it to risks by transferring it somewhere. 
  • Digital signatures: I’ll cry if you ask me to explain it, but digital signatures help authenticate the message. They are created by sending a message and a version encrypted by the private key, and the recipient with the public key can then verify that it was indeed encrypted with the original private key. 

The disadvantages of asymmetric encryption:

  • Technically less secure: In theory, you could use math to crack the private key if you have the public key. However, as asymmetric encryption uses very long keys, it’s practically impossible to do in a feasible time frame.
  • It’s slower: To prevent cracking of the private key, the keys have to be longer (RSA specifies using a 2048 bit chonker) and the math has to be more complex, which slows down the process. 

Symmetric vs. asymmetric encryption

One key for both parties
Everyone has their own keys
Need for secure key transfer
No need for secure key transfer
Secure encryption
Secure encryption

Which one is better?

The answer is it depends:

  • If speed is an issue, you want to use symmetric encryption
  • If security is an issue, you want to use asymmetric encryption 

As you’ll learn later, most encryption you encounter daily uses both. Asymmetric encryption is used to establish the connection and to exchange the single key used in symmetric encryption. Symmetric encryption is then used for data encryption for the rest of it.

Which is HTTPS?

This is a trick question, as HTTPS utilizes both symmetric and asymmetric encryption. How? Well, HTTPS gets that “S” for “Security” by using TLS/SSL to secure its communication.

TLS (Transport Layer Security) is a cryptographic protocol that handles all the encryption that HTTPS does. That’s where encryption methods come into play: 

  • TLS employs key exchange algorithms like Diffie-Helman to use asymmetric encryption to establish secure channels in order to exchange cipher keys for symmetric encryption.
  • TLS uses the keys exchanged via Diffie-Helman (or others) to initiate symmetric encryption ciphers like the world-renowned AES (Surfshark uses protocols that employ the AES-256-GCM version). 

That way, the slow asymmetric encryption is only used in the initial contact, and the real work of encrypting and decrypting your data is given over to the much-faster symmetric encryption. 

Which is AES: symmetric or asymmetric encryption?

What is AES? The acronym stands for Advanced Encryption Standard. It’s a block cipher: it splits messages into 128 bit-large (a bit being the most basic level of digital information, so either 1 or a 0. The word “cat” is 24 bits) chunks before encrypting. It’s accepted all around the world and incorporated into leading VPN protocols. 

While there are various lengths of AES keys, the 256-bit ones are the most secure. How do they work? In maddening mathematical detail, of course, but what you need to know is that a 256-bit key transforms the original message 14 times before spitting out encrypted ciphertext. 

If you append -GCM to it, it means that the cipher employs Galois/Counter Mode of operation, which was created to improve the speed of operations. 

How does encryption work with VPN?

A VPN would just be a VN if there was no encryption to provide the “P” for “Privacy.” Therefore, VPN protocols have encryption algorithms integrated into their structure. I’ll use the ones available on Surfshark as an example: 

Wireguard: It employs asymmetric encryption in the shape of Curve22519 for the Diffie-Helman exchange and symmetric encryption for the actual transfer of data. 

IKEv2: Standing for Internet Key Exchange version 2, it actually provides key exchange for the IPsec protocol. Asymmetric encryption is done via Diffie-Helman, and symmetric encryption is carried out by IPsec-supported AES. 

OpenVPN: It uses the OpenSSL library for security, and guess what often-mentioned names in key exchanges and encryption algorithms that one supports (hint: it’s Diffie-Helman and AES)!

Make encryption work for you

But you know what the real beauty of a VPN like Surfshark is? It’s that you don’t need to know anything about symmetric or asymmetric encryption – or anything about encryption – to use it. All those complicated processes I described in the most layman terms possible (our office goal is descriptions so easy to understand even a cat would get it) happen in the background and you just reap the benefits. 

Still haven’t got a VPN?

Give us a chance - it’s risk-free

Get Surfshark