Before discussing about asymmetric cryptography.

Let's first review symmetric cryptography,

which we discussed in the previous course.

In symmetric cryptography, we use one key,

one key that is shared by all the authorized parties, Alice and Bob.

The security of the cryptosystem relies on the secrecy of the key.

And if the attacker compromises the key,

then the attacker breaks the cryptosystem.

Because the key is to be secret against the unauthorized attackers,

symmetric cryptography is also called private key cryptography

or secret key cryptography.

Let's now discuss the radically different public key systems,

or asymmetric systems, in which two keys are used.

Public key cryptography, is asymmetric,

involving the use of two separate keys,

in contrast to symmetric encryption,

that uses only one key.

Anyone knowing the public key can encrypted messages or verify signatures,

but cannot decrypt messages, or create signatures.

Although this may initially seem counter-intuitive,

we will describe in greater detail in the next lesson.

There are a couple of misconceptions about asymmetric cryptography,

when compared to symmetric cryptography.

These misconceptions that asymmetric crypto is better than symmetric crypto,

often come from the fact that

asymmetric cryptography was developed after symmetric cryptography.

And tends to require more sophisticated setup.

The first misconception, is

that asymmetric encryption is more secure than symmetric encryption.

There's nothing in principle to show one is superior to

another from the point of view of resisting cryptanalysis.

The second misconception is that,

asymmetric cipher is a general purpose technique that

has made symmetric encryption obsolete.

This is not true, because the computational overhead of

current asymmetric ciphers is generally higher than the symmetric ciphers,

and make them too slow for certain applications.

Asymmetric ciphers rather complement symmetric ciphers,

or are used for different applications.

The third misconception is that,

key distribution is trivial for asymmetric cryptography.

This is also not true,

because the procedures involved are not simpler,

nor any more efficient than those required for symmetric encryption.

Some people overlook the overhead of

the key establishment and distribution of the public private key pair,

when designing asymmetric cryptographic system,

only to realize that such keys set up

overhead becomes the bottleneck of the system later.

The concept of asymmetric cryptography arose from

the real world issues that symmetric cryptography cannot sufficiently address.

More specifically, asymmetric cryptography was motivated to

solve the most difficult problems associated with symmetric photography,

which are key distribution and digital signatures.

The first problem with symmetric cryptography,

is that a key distribution.

Which under symmetric encryption,

requires either that Alice and Bob already shared key,

which somehow has been distributed to them,

or the use of trusted third party in the key distribution center.

This seemed to negate the very essence of cryptography.

The ability to maintain total secrecy over your own communication.

The second problem with symmetric cryptography was that of digital signatures,

if the use of cryptography was to become widespread,

not just the military context,

but also for commercial and private purposes,

then electronic messages and transactions would need

the equivalent of signature used in physical paper documents.

Such signatures can be used for authentication were just to ensure source user integrity.

The idea of public key schemes and the first practical scheme for

key distribution was published in 1976 by Whitfield Diffie and Martin Hellman.

Due to their contributions to asymmetric cryptography,

Diffie and Hellman received the ACM Turing Award,

an equivalent to Nobel Prize among computer scientists in 2015.

While we have Diffie and Hellman to be thankful for,

for publishing the concept of public key schemes.

The concept has previously been described in

a classified report in 1970 by James Ellis from the United Kingdom.

Who used the term non-secret encryption to describe the concept.

Interestingly, the British agency discovered RSA first,

and then Diffie-Hellman Key Exchange later.

Which is opposite to the order of public discovery.

In addition, some claim that the NSA knew of the concept in the mid 1960's.

Asymmetric algorithms rely on

one key for encryption and a different key but related key for decryption.

One key is public and therefore called public key,

while the other key is private and is known only to the key holder,

and therefore called private key.

Since the public key is public,

asymmetric cryptography needs to ensure that it is computationally infeasible,

difficult to derive the private key from the public key.