Every piece of encryption in your life belongs to one of two families, and the difference comes down to a single question: do both sides hold the same key, or do they hold different halves of a matched pair? That one design choice splits cryptography into a fast workhorse and a clever diplomat, and the reason your bank connection works at all is that engineers figured out how to make them cooperate.

If you want the wide-angle view first, the pillar article how encryption actually works frames where these two families sit alongside hashing and TLS. This article zooms in on the split itself.

Symmetric: one key, shared by both sides

Symmetric encryption is the intuitive kind. One secret key both locks and unlocks, like the key to your front door. Sender and receiver must both have it, and anyone else who gets it reads everything.

The reigning symmetric cipher is AES, the Advanced Encryption Standard. It was chosen in 2001, when the US standards agency NIST ran an open international competition and selected a Belgian design called Rijndael over fourteen other candidates. That open process matters: AES won by surviving years of public attack from the world's best cryptanalysts, not by being anyone's secret.

AES works on 128-bit blocks of data, scrambling each block through repeated rounds of substitution and mixing, steered at every round by material derived from the key. The variant you hear about most, AES-256, uses a 256-bit key. What does that buy? Each extra key bit doubles the guessing work, so 2^256 possibilities is a number with about 77 digits. Brute force is not merely slow; it collides with physics. The energy needed just to flip a counter through that many states exceeds anything remotely available. After roughly a quarter century of concentrated academic attack, nothing meaningfully better than brute force is publicly known against full AES.

And it is fast. Most mainstream processors made in the last decade include dedicated AES instructions, so a modern laptop can encrypt at gigabytes per second. That speed is why AES handles the "bulk": disk encryption, video streams, database backups, the body of every HTTPS connection.

Symmetric encryption's deepest structural flaw is not mathematical. (Implementations still have to get modes, nonces, and side channels right, but those are engineering problems; this one is built into the concept.) Both sides need the key first. You cannot send it over the channel you are trying to protect, since an eavesdropper would simply copy it. For most of history the answer was physical: couriers, sealed envelopes, code books carried aboard ships. That works for embassies. It does not work for a browser meeting a shopping site for the first time, one of millions of such meetings per second, none with time for a courier.

Asymmetric: a matched pair of keys

The escape from the key-delivery trap arrived in the 1970s and still feels like a magic trick. In asymmetric (public-key) cryptography, each participant generates two mathematically linked keys. The public key can be shouted from the rooftops. The private key never leaves its owner. Whatever the public key encrypts, only the private key can decrypt.

Now a stranger can send you a secret with no prior contact: fetch your public key, encrypt, transmit. Eavesdroppers hold the ciphertext and the public key and still cannot recover the message, because the encryption direction and decryption direction use different keys.

How can revealing the locking key not reveal the unlocking key? The answer is a trapdoor one-way function: a mathematical operation easy to run forward and infeasible to reverse, unless you know a secret shortcut. RSA, published by Rivest, Shamir, and Adleman in 1977, builds its trapdoor from prime numbers: multiplying two enormous primes takes microseconds, but recovering the primes from their product would take longer than civilization has existed. The private key holder knows the primes; everyone else faces the factoring problem. The full mechanism, with a worked example small enough to check by hand, is in RSA in plain English.

The other major family, elliptic-curve cryptography (ECC), builds a steeper one-way street from the arithmetic of points on a curve. Reversing it is even harder per bit than factoring, which is why a 256-bit elliptic-curve key delivers security that RSA needs roughly 3072 bits to match. Smaller keys mean faster handshakes and less bandwidth, so modern protocols have largely moved to elliptic curves for key exchange.

Asymmetric keys also run in reverse gear: use your private key to compute a signature over a message, and anyone holding your public key can verify it. That does nothing for secrecy, since everyone can check it, but it is perfect for proof: only you could have produced it. That is a digital signature, and combined with hashing (covered in hash functions explained) it is how software updates, certificates, and contracts get authenticated.

Why not use asymmetric for everything?

If public-key cryptography solves the hard problem, why keep AES around? Speed, mainly. RSA operations involve exponentiating numbers hundreds of digits long; a single decryption costs on the order of thousands of times more computation than AES spends on the same amount of data. Asymmetric schemes also carry structural baggage: RSA can only encrypt messages smaller than its key, needs careful random padding to be safe, and inflates the data. Using RSA to encrypt a movie would be like sending a novel one page per armored truck.

So every serious protocol is a hybrid. The pattern:

  1. Use asymmetric cryptography once, at the start, to establish a shared secret. Either one side encrypts a random key to the other's public key, or, more commonly today, both sides run a Diffie-Hellman style exchange where each combines its own private value with the other's public value and both arrive at the same secret independently.
  2. Feed that shared secret into a symmetric cipher.
  3. Encrypt all actual traffic with AES (or the similar ChaCha20) at full speed.

The expensive diplomat performs the introduction; the fast workhorse carries the cargo. TLS does exactly this on every connection — since TLS 1.3, always via the Diffie-Hellman route, the encrypt-a-key-to-the-server variant having been removed from the protocol — and what TLS actually does traces the handshake step by step. Signal, WhatsApp, and SSH follow the same shape with different details.

Key length intuition, and why the numbers don't compare

A common confusion: "RSA uses 2048-bit keys and AES uses 256, so RSA is eight times stronger." It's the opposite, and the reason is instructive. Security is measured by the best attack, not by key size.

An AES key is an arbitrary string of bits with no structure to exploit; the attack is guessing, and difficulty doubles per bit. An RSA public key contains a number with a hidden structure, the product of two primes, and the attack is factoring. Factoring algorithms are dramatically better than blind guessing, and they improve with number size in a gentler way, so RSA must compensate with bulk. Standard estimates put 2048-bit RSA around the strength of a 112-bit symmetric key, and 3072-bit RSA around 128 bits. Elliptic curves sit in between: no structure shortcuts of comparable power are known, so 256 curve bits buy about 128 bits of security.

One looming caveat applies unevenly: a large-scale quantum computer running Shor's algorithm would break RSA and elliptic curves outright, while merely denting symmetric ciphers (the best known quantum attack, Grover's algorithm, would cut AES-256's effective strength to about 128 bits, which is still considered strong). That asymmetry is why post-quantum replacements target the public-key layer first.

The takeaway

Symmetric encryption is fast and simple but cannot introduce strangers; asymmetric encryption introduces strangers but is too slow to carry the conversation. Neither is "better" any more than a handshake is better than a delivery truck. Nearly every secure system you use is the two of them in relay, a design so effective it has been the standard architecture for decades. If this kind of hidden everyday machinery is your idea of fun, NerdSip's five-minute explainers scratch the same itch across science and technology, and the rest of this cluster keeps pulling on the cryptographic thread.