Part II · 3 — Asymmetric primitives

draft

The leap of 1976: each party has a key pair — one public, one private. It is what lets you combine secrets and prove authorship between strangers, without ever having shared anything. The price: it is orders of magnitude slower than symmetric crypto — which is why real systems are hybrid.


3.1 The idea: one-way function with a trapdoor

Asymmetry rests on trapdoor functions: easy to compute in one direction, infeasible to invert — unless you have a secret (the private key). The security comes from mathematical problems we believe to be hard (computational security, not perfect):

Family Hard problem Primitives
Factoring Factoring n = p·q of enormous integers. RSA
Discrete logarithm Finding x in g^x mod p. Diffie-Hellman, DSA
Discrete log on elliptic curves The same, over an elliptic curve. ECDH, ECDSA, Ed25519

All of these problems fall before a quantum computer (Shor's algorithm) — the reason for Part IV (post-quantum).


3.2 Two operations, not one

Confusing the two is a common error. Asymmetric cryptography does distinct things with the key pair:

Operation Who uses the public key Who uses the private key Guarantees
Encrypt / encapsulate key (KEM) the sender encrypts for you you decrypt confidentiality
Sign anyone verifies your signature you sign authenticity + non-repudiation

Notice the inversion: for secrecy, the public key encrypts and the private one opens; for signing, the private key signs and the public one verifies. The same math, roles swapped.

Symmetric × asymmetric: one shared key × a public/private pair


3.3 The algorithms that matter

  • Diffie–Hellman (DH) / ECDHkey exchange: two sides derive a

    common secret by exchanging only public values. The ephemeral version (ECDHE) gives forward secrecy and is the heart of the TLS handshake.

  • RSA — versatile (encrypts and signs), but slow and with large keys;

    never use "raw RSA" — only with secure padding (OAEP for encryption, PSS for signing). In gradual retreat in favor of curves.

  • Elliptic curves — same security with much smaller keys:
    • X25519 — key exchange (the modern ECDH).
    • Ed25519 — fast, deterministic signatures, without

      implementation pitfalls. Default for signing today.


3.4 Why elliptic keys are so much smaller

For the same security level, elliptic-curve math is much more "dense" than factoring:

Security level RSA / DH Elliptic curve
128 bits 3072 bits 256 bits (P-256, Curve25519)
256 bits 15360 bits 512 bits

Smaller keys ⇒ faster handshakes, less bandwidth, less CPU. That is why the web migrated from RSA to ECDHE + Ed25519.


3.5 The hybrid model (and the bridge to protocols)

Since asymmetric crypto is slow, nobody encrypts data with it. The universal pattern:

  1. Asymmetric crypto (ECDHE) establishes a symmetric session key.
  2. Symmetric crypto (AES-GCM / ChaCha20-Poly1305) protects the data, fast.
  3. A signature (Ed25519) or certificate authenticates who is who.

This fitting-together of the three primitives — key exchange, symmetric cipher, signature — is what a protocol choreographs. It is exactly what TLS does on every HTTPS connection, the theme of Part III.


Dense reference: the mathematical detail of DH, RSA (OAEP/PSS), ElGamal, DSAECDSAEdDSA, and equivalent sizes is in 05-asymmetric. End of Part II — the black boxes are open. Part III — Protocols (under construction) choreographs them in TLS, Signal, and PKI.