Part II · 3 — Asymmetric primitives
The leap of 1976: each party has a key pair — one public, one private. It is what lets you combine secrets and prove authorship between strangers, without ever having shared anything. The price: it is orders of magnitude slower than symmetric crypto — which is why real systems are hybrid.
3.1 The idea: one-way function with a trapdoor
Asymmetry rests on trapdoor functions: easy to compute in one direction, infeasible to invert — unless you have a secret (the private key). The security comes from mathematical problems we believe to be hard (computational security, not perfect):
| Family | Hard problem | Primitives |
|---|---|---|
| Factoring | Factoring n = p·q of enormous integers. |
RSA |
| Discrete logarithm | Finding x in g^x mod p. |
Diffie-Hellman, DSA |
| Discrete log on elliptic curves | The same, over an elliptic curve. | ECDH, ECDSA, Ed25519 |
All of these problems fall before a quantum computer (Shor's algorithm) — the reason for Part IV (post-quantum).
3.2 Two operations, not one
Confusing the two is a common error. Asymmetric cryptography does distinct things with the key pair:
| Operation | Who uses the public key | Who uses the private key | Guarantees |
|---|---|---|---|
| Encrypt / encapsulate key (KEM) | the sender encrypts for you | you decrypt | confidentiality |
| Sign | anyone verifies your signature | you sign | authenticity + non-repudiation |
Notice the inversion: for secrecy, the public key encrypts and the private one opens; for signing, the private key signs and the public one verifies. The same math, roles swapped.
3.3 The algorithms that matter
- Diffie–Hellman (DH) / ECDH — key exchange: two sides derive a
common secret by exchanging only public values. The ephemeral version (ECDHE) gives forward secrecy and is the heart of the TLS handshake.
- RSA — versatile (encrypts and signs), but slow and with large keys;
never use "raw RSA" — only with secure padding (OAEP for encryption, PSS for signing). In gradual retreat in favor of curves.
- Elliptic curves — same security with much smaller keys:
- X25519 — key exchange (the modern ECDH).
- Ed25519 — fast, deterministic signatures, without
implementation pitfalls. Default for signing today.
3.4 Why elliptic keys are so much smaller
For the same security level, elliptic-curve math is much more "dense" than factoring:
| Security level | RSA / DH | Elliptic curve |
|---|---|---|
| 128 bits | 3072 bits | 256 bits (P-256, Curve25519) |
| 256 bits | 15360 bits | 512 bits |
Smaller keys ⇒ faster handshakes, less bandwidth, less CPU. That is why the web migrated from RSA to ECDHE + Ed25519.
3.5 The hybrid model (and the bridge to protocols)
Since asymmetric crypto is slow, nobody encrypts data with it. The universal pattern:
- Asymmetric crypto (ECDHE) establishes a symmetric session key.
- Symmetric crypto (AES-GCM / ChaCha20-Poly1305) protects the data, fast.
- A signature (Ed25519) or certificate authenticates who is who.
This fitting-together of the three primitives — key exchange, symmetric cipher, signature — is what a protocol choreographs. It is exactly what TLS does on every HTTPS connection, the theme of Part III.
Dense reference: the mathematical detail of DH, RSA (OAEP/PSS), ElGamal, DSAECDSAEdDSA, and equivalent sizes is in
05-asymmetric. End of Part II — the black boxes are open. Part III — Protocols (under construction) choreographs them in TLS, Signal, and PKI.