4.3 Encryption — Symmetric, Asymmetric, Digital Certificates & PKI
What is Encryption?
Encryption is the process of converting plaintext (readable data) into ciphertext (unreadable data) using a mathematical algorithm and a key. Decryption reverses the process.
Plaintext ──[Encryption Algorithm + Key]──► Ciphertext
Ciphertext ──[Decryption Algorithm + Key]──► Plaintext
Terminology
| Term | Meaning |
|---|---|
| Plaintext | Original readable data |
| Ciphertext | Encrypted, unreadable data |
| Key | Secret used to encrypt/decrypt |
| Algorithm / Cipher | The mathematical process |
| Cryptanalysis | Breaking encryption without the key |
| Cryptology | The combined science |
---
Goals of Encryption
| Goal | Achieved by |
|---|---|
| Confidentiality | Encryption (anyone without key can't read) |
| Integrity | Hashing + signatures |
| Authentication | Digital signatures + certificates |
| Non-repudiation | Digital signatures with verified identity |
---
Two Main Categories of Encryption
Encryption
│
┌─────────────┴──────────────┐
│ │
Symmetric Asymmetric
(Secret Key) (Public Key)
│ │
Same key for Two keys:
encrypt + decrypt public + private
---
1. Symmetric / Secret-Key Encryption
In symmetric encryption, the same key is used for both encryption and decryption. Both parties must share the key in advance.
Algorithms
| Algorithm | Key Size | Block Size | Status |
|---|---|---|---|
| DES | 56 bits | 64 bits | Obsolete (cracked 1998) |
| 3DES (Triple DES) | 168 bits | 64 bits | Deprecated (2024) |
| AES | 128 / 192 / 256 bits | 128 bits | Modern standard |
| Blowfish | 32–448 bits | 64 bits | Legacy |
| Twofish | 128 / 256 bits | 128 bits | Alternative to AES |
| RC4 | Variable | Stream | Deprecated |
| ChaCha20 | 256 bits | Stream | Modern; used by Google |
AES — the current standard
- Advanced Encryption Standard
- Adopted by NIST in 2001 (replaces DES)
- Block cipher: 128-bit blocks
- Key sizes: 128, 192, 256 bits (AES-128, AES-192, AES-256)
- Used in: HTTPS, WPA2/3, disk encryption (BitLocker, FileVault), VPN
Advantages of symmetric encryption
- Fast — orders of magnitude faster than asymmetric
- Efficient for large data — bulk encryption
- Mature — well-understood algorithms
- Hardware acceleration — modern CPUs have AES-NI instructions
Disadvantages of symmetric encryption
- Key distribution problem — how to share the key securely?
- Scalability — N users need N(N-1)/2 key pairs
- No non-repudiation — both parties have the same key; can't prove who encrypted
- Key management — must be securely stored
---
2. Asymmetric / Public-Key Encryption
Asymmetric encryption uses a key pair:
- Public key — shared with everyone
- Private key — kept secret
Anything encrypted with the public key can only be decrypted with the private key, and vice versa.
Algorithms
| Algorithm | Year | Based on | Common Use |
|---|---|---|---|
| RSA | 1977 | Integer factorisation | TLS, SSL, signatures |
| Diffie-Hellman (DH) | 1976 | Discrete logarithm | Key exchange |
| DSA | 1991 | Discrete logarithm | Digital signatures |
| ECC (Elliptic Curve) | 1985 | Elliptic curves | Modern, smaller keys |
| ECDSA | ECC variant | Bitcoin, modern TLS | |
| EdDSA / Ed25519 | 2011 | ECC | Modern, fast |
RSA — the classic
- Rivest, Shamir, Adleman (1977)
- Based on difficulty of factoring large primes
- Typical key size: 2048 or 4096 bits
- Used in: TLS handshake, email encryption (PGP), digital signatures
Advantages of asymmetric encryption
- No prior key sharing — Bob can encrypt without ever meeting Alice
- Scales — N users need only N key pairs (not N²)
- Enables digital signatures and non-repudiation
- Foundation for HTTPS and modern internet security
Disadvantages of asymmetric encryption
- Slow — 100–1000× slower than symmetric
- Not suitable for bulk encryption
- Larger keys — RSA 2048-bit vs AES 128-bit
- Computationally expensive
---
Symmetric vs Asymmetric — comparison
| Aspect | Symmetric | Asymmetric |
|---|---|---|
| Keys | One shared secret | Public + private pair |
| Speed | Fast | Slow |
| Algorithms | AES, 3DES | RSA, ECC, DH |
| Key sharing | Hard (must be secure) | Easy (public is public) |
| Use | Bulk encryption | Key exchange, signatures |
| Non-repudiation | No | Yes |
| Key size | 128–256 bits | 2048+ bits (RSA) |
---
Hybrid Encryption — best of both
Real-world systems (HTTPS, PGP, email) use both:
- Use asymmetric to securely exchange a symmetric session key
- Use symmetric to encrypt the actual data
This is how HTTPS / TLS works — explained in detail next lesson.
---
Hash Functions
A cryptographic hash function converts arbitrary-size input → fixed-size output (digest).
Properties
| Property | Meaning |
|---|---|
| One-way | Cannot reverse output to find input |
| Deterministic | Same input → same output every time |
| Fixed output size | Regardless of input size |
| Avalanche effect | Small input change → big output change |
| Collision-resistant | Hard to find two inputs with same hash |
Algorithms
| Algorithm | Output Size | Status |
|---|---|---|
| MD5 | 128 bits | Broken (don't use) |
| SHA-1 | 160 bits | Deprecated |
| SHA-256 | 256 bits | Standard |
| SHA-3 | Variable | Modern |
| bcrypt, scrypt, Argon2 | Variable | Password-specific (slow on purpose) |
Uses
- Password storage — store hash, not password
- File integrity — verify download (checksum)
- Blockchain — Bitcoin uses SHA-256
- Digital signatures — sign hash, not data
---
Digital Signatures
A digital signature proves the integrity + authenticity + non-repudiation of a message.
How it works
What digital signatures provide
A correctly designed digital signature simultaneously delivers three properties. Integrity is guaranteed because the signature is computed over a hash of the message; if the message is changed even by one bit, the recomputed hash will not match and verification fails. Authentication is guaranteed because only the sender (the holder of the private key) could have produced a signature that decrypts correctly with the sender's published public key — anyone else's signature would not verify. Non-repudiation follows from the same property: since only the sender holds the private key, the sender cannot later deny having signed the message without admitting their private key was compromised — which has serious legal consequences on its own.
Indian legal status
- IT Act 2000 recognises digital signatures as legally equivalent to handwritten
- Digital Signature Certificates (DSC) issued by CCA-licensed CAs
- Required for: GST filings, ROC (company filings), e-tenders, income-tax e-filing
---
Digital Certificates
A digital certificate is an electronic document that binds a public key to an identity (person, organisation, website).
Structure (X.509 standard)
| Field | Purpose |
|---|---|
| Subject | Owner identity (e.g., CN=flipkart.com) |
| Public key | The owner's public key |
| Issuer | The CA that issued it |
| Serial number | Unique within issuer |
| Validity | From / to dates |
| Algorithm | Signature algorithm used |
| Extensions | Subject alternative names, key usage, etc. |
| CA's signature | Issued/signed by the CA |
Certificate Authority (CA)
A Certificate Authority is a trusted third party that issues digital certificates.
| Global CA | Notes |
|---|---|
| DigiCert | Acquired Symantec, GeoTrust |
| Sectigo (Comodo) | Volume leader |
| GlobalSign | Enterprise |
| Let's Encrypt | Free, automated |
| GoDaddy SSL | Hosting-bundled |
Indian CAs (under CCA — Controller of Certifying Authorities)
- e-Mudhra
- Sify Safescrypt
- (n)Code Solutions
- IDRBT (banking)
- NIC (government)
- Capricorn
---
PKI — Public Key Infrastructure
PKI is the entire system that supports public-key cryptography — CAs, certificates, revocation lists, policies, software, hardware.
PKI components
| Component | Role |
|---|---|
| CA (Certificate Authority) | Issues certificates |
| RA (Registration Authority) | Verifies identity before issuing |
| Certificate Repository | Stores and distributes certificates |
| CRL (Certificate Revocation List) | List of revoked certs |
| OCSP | Online status checking (faster than CRL) |
| End entities | Users, servers, devices that use certs |
Certificate lifecycle
- Identity verification — RA confirms applicant
- Key pair generation — applicant generates locally
- CSR (Certificate Signing Request) — submitted to CA
- Issuance — CA signs the cert
- Distribution & Use — installed on server
- Renewal / Revocation — at expiry or compromise
---
Certificate Trust Chain
Root CA Certificate (self-signed, in OS / browser)
│
▼ signs
Intermediate CA Certificate
│
▼ signs
End-entity Certificate (e.g., flipkart.com)
When you visit https://flipkart.com:
- Server sends its cert + intermediate cert
- Browser verifies chain up to a trusted root
- If valid → secure connection; if not → warning
Why trust chains matter
- Root CAs are pre-installed in OS/browser
- A compromised intermediate can be revoked without revoking the root
- Public CAs operate offline root signing for safety
---
Key Terms — Lesson 4.3
Encryption has its own dense vocabulary. Every term below appears in the prescribed textbooks (Stallings, Laudon) and at least once in most cryptography PYQs.
Encryption — The process of converting plaintext (readable data) into ciphertext (unreadable data) using a mathematical algorithm and a key, such that without the correct key the ciphertext is computationally infeasible to invert. Decryption is the reverse process. Encryption protects confidentiality — anyone intercepting the ciphertext learns nothing about the plaintext.
Plaintext / Ciphertext / Key — The three core terms. Plaintext is the original, readable message. Ciphertext is the encrypted form. Key is the secret value that parameterises the encryption — the algorithm is usually public, the key is the secret.
Symmetric Encryption (Secret-Key Encryption) — A cryptographic system where the same key is used for both encryption and decryption. Symmetric is fast (orders of magnitude faster than asymmetric), making it ideal for bulk data, but suffers from the key distribution problem — the two parties must somehow share the secret key without an eavesdropper learning it. Examples: AES, 3DES, ChaCha20.
AES (Advanced Encryption Standard) — A symmetric block cipher standardised by the US NIST in 2001 as the successor to DES. AES uses 128-bit blocks and key sizes of 128, 192, or 256 bits. AES is the dominant symmetric cipher in HTTPS, WPA2/3 Wi-Fi, disk encryption (BitLocker, FileVault), VPN, and Indian payments. Modern CPUs have AES-NI hardware acceleration that makes AES nearly free in performance terms.
DES / 3DES — The Data Encryption Standard (1977), now obsolete because its 56-bit key was brute-forced in 1998. Triple DES (3DES) applies DES three times with three different keys to extend its useful life; 3DES is deprecated as of 2024 in favour of AES.
Asymmetric Encryption (Public-Key Encryption) — A cryptographic system using a key pair — a public key that can be freely shared and a private key that must stay secret. Anything encrypted with one key in the pair can only be decrypted with the other. Asymmetric encryption is slow compared to symmetric but solves the key-distribution problem and enables digital signatures. Examples: RSA, ECC, Diffie-Hellman.
RSA (Rivest-Shamir-Adleman) — The classic asymmetric algorithm, published in 1977. Security rests on the difficulty of factoring large composite numbers into their prime factors. Typical key sizes are 2048 or 4096 bits. RSA is used in TLS handshakes, email encryption (PGP), digital signatures, and most legal e-signing workflows.
ECC (Elliptic Curve Cryptography) — A modern family of asymmetric algorithms based on the mathematics of elliptic curves over finite fields. ECC achieves equivalent security to RSA with much smaller keys — 256-bit ECC ≈ 3072-bit RSA — making it faster and lighter on memory. ECDSA and Ed25519 are common ECC signature schemes; Bitcoin, modern TLS, and SSH keys increasingly use ECC.
Diffie-Hellman (DH) Key Exchange — A 1976 algorithm that lets two parties establish a shared secret over an insecure channel without ever transmitting the secret itself. DH is a key-exchange protocol, not an encryption algorithm; the established shared secret is then used as a symmetric key. ECDH (Elliptic Curve Diffie-Hellman) is the modern variant.
Hybrid Encryption — The real-world combination of symmetric and asymmetric encryption used by HTTPS, PGP, S/MIME, and most secure-messaging protocols. Asymmetric encryption is used to exchange a symmetric session key; the actual data is then encrypted with the faster symmetric cipher. You get the trust properties of asymmetric and the performance of symmetric.
Cryptographic Hash Function — A function that maps arbitrary-size input to fixed-size output (digest) and satisfies three properties: one-way (you cannot reverse the output to find the input), deterministic (same input always produces the same output), and collision-resistant (it is computationally infeasible to find two distinct inputs producing the same output). Hash functions are not encryption — they are not reversible.
SHA-256 — The 256-bit member of the SHA-2 family of hash functions, the current de-facto standard for digital signatures, file integrity, blockchain (Bitcoin), TLS certificates, and password hashing in legacy systems. SHA-1 (160 bits) is deprecated; MD5 is broken and must not be used for security.
Avalanche Effect — The desirable property of a hash function that a 1-bit change in input produces a 50% change in output bits. Avalanche makes hashes useful for integrity — any tampering produces a wildly different hash.
Salt — Random data added to a password before hashing, so the same password used by two different users produces two different hashes. Salts defeat rainbow table attacks. Every modern password-storage system (bcrypt, scrypt, Argon2) uses per-user salts.
Password Hashing Functions (bcrypt, scrypt, Argon2) — Specialised hash functions designed to be deliberately slow (and memory-hungry) so that attackers cannot brute-force passwords at billions per second. Argon2 won the Password Hashing Competition (2015) and is the current best-practice recommendation.
Digital Signature — A cryptographic construct that proves the integrity, authenticity, and non-repudiation of a message. To sign: compute SHA-256 of the message, then encrypt that hash with the sender's private key. To verify: recompute the hash, decrypt the signature with the sender's public key, compare. If the comparison matches, the signature is valid.
Digital Signature Certificate (DSC) — In Indian legal context, a smart-card or USB-token-based digital signature issued by a CCA-licensed Certifying Authority (e-Mudhra, Sify Safescrypt, (n)Code, Capricorn, IDRBT). Legally equivalent to a handwritten signature under IT Act 2000. Required for GST returns, RoC filings, e-tenders, and most corporate compliance.
Digital Certificate (X.509) — An electronic document that binds a public key to an identity (a person, an organisation, a server's domain name). The X.509 standard defines the format — subject, issuer, public key, validity, serial number, extensions, and the issuer's signature. Used in every HTTPS connection, code-signing, and email-signing workflow.
Certificate Authority (CA) — A trusted third party that issues digital certificates after verifying the identity of the requester. Global CAs include DigiCert, Sectigo, GlobalSign, and Let's Encrypt (which provides free, automated DV certs). Indian CAs licensed by CCA include e-Mudhra, Sify Safescrypt, (n)Code, IDRBT (for banking), NIC (for government), and Capricorn.
CCA (Controller of Certifying Authorities) — The Indian regulator (under MeitY) that licenses and oversees Certifying Authorities issuing Digital Signature Certificates in India under the IT Act 2000.
Registration Authority (RA) — The entity that verifies the identity of an applicant before forwarding the certificate request to the CA. Sometimes a separate organisation, sometimes a function inside the CA. The RA does the in-person KYC; the CA does the cryptographic signing.
CSR (Certificate Signing Request) — A standardised file (PKCS#10) sent by an applicant to a CA, containing the applicant's public key and identity information. The CA verifies the applicant, signs the CSR, and returns it as a certificate.
PKI (Public Key Infrastructure) — The entire system that supports public-key cryptography in practice: Certificate Authorities, Registration Authorities, certificate repositories, revocation infrastructure (CRL, OCSP), end-entity certificates, software and hardware, and the policies/procedures around them. PKI is what lets you trust a TLS certificate on a website you have never visited before.
CRL (Certificate Revocation List) — A periodically-published list of certificates that have been revoked before their natural expiry — because of key compromise, ownership change, or CA error. Browsers download CRLs and refuse connections to revoked certificates. CRLs are heavy and increasingly being replaced by OCSP.
OCSP (Online Certificate Status Protocol) — A real-time alternative to CRL: instead of downloading a long list, the browser asks the CA "is this specific certificate valid?" and gets a signed yes/no response in milliseconds. OCSP stapling lets the server itself attach a fresh OCSP response to the TLS handshake, eliminating the browser-to-CA round trip.
Trust Chain / Certificate Chain — The verification chain from an end-entity certificate (say, flipkart.com) up through one or more intermediate CA certificates to a self-signed root CA certificate pre-installed in the browser/OS. If every link in the chain has a valid CA signature and none has expired or been revoked, the chain is trusted.
Self-Signed Certificate — A certificate that is signed by its own private key rather than by a CA. Self-signed certs are fine for internal/lab use but cause browser warnings on public sites. Root CAs are technically self-signed — they sit at the top of every trust chain.
Certificate Transparency (CT) — A 2013 Google initiative that requires CAs to publish every issued certificate to public append-only logs. CT lets domain owners detect mis-issued certificates (a CA mistakenly issuing a cert for your domain to someone else) — a key defence after the DigiNotar 2011 and Symantec 2017 CA compromises.
Post-Quantum Cryptography (PQC) — A family of cryptographic algorithms designed to resist attacks by future quantum computers, which (in theory) could break RSA and ECC. NIST has been standardising PQC algorithms since 2022 — CRYSTALS-Kyber (key encapsulation), CRYSTALS-Dilithium (signatures), FALCON, SPHINCS+. Industry migration is expected to begin around 2030.
---
Study deep
- Symmetric is for speed, asymmetric is for trust. The genius of HTTPS is hybrid encryption — use asymmetric to bootstrap, then switch to symmetric for the conversation.
- RSA vs ECC. ECC achieves equivalent security with much smaller keys — 256-bit ECC ≈ 3072-bit RSA. Modern systems prefer ECC for performance.
- Quantum threat. Future quantum computers may break RSA and ECC. NIST is standardising post-quantum cryptography (PQC) — algorithms safe against quantum (e.g., CRYSTALS-Kyber, Dilithium). Migration begins ~2030.
- The CA trust model is fragile. Any of 100+ root CAs can issue certs for any domain. A compromised CA (DigiNotar 2011, Symantec 2017) can break the system. Certificate Transparency (CT) logs were created in response.
- Indian CAs and the IT Act. India recognises specific CAs (e-Mudhra etc.) under CCA. DSCs issued by these are legally valid for filings, contracts, e-tenders. Foreign CAs (DigiCert) are valid for SSL/TLS but not always for legal signatures.
PYQ pattern (very common): "Differentiate symmetric and asymmetric encryption with examples." — Define both; table 6 differences (keys, speed, use, scalability, non-repudiation, algorithms); name examples (AES, RSA).
PYQ pattern: "What is a digital certificate? Explain PKI." — Define cert; X.509 fields; CA's role; list PKI components (CA, RA, repository, CRL, OCSP); diagram trust chain.
PYQ pattern: "What is digital signature? How is it generated and verified?" — Hash + encrypt-with-private-key; verification reverses; provides integrity + auth + non-repudiation; legal status under IT Act 2000.