Quiz Entry - updated: 2026.07.14
Why is asymmetric cryptography not used to directly encrypt messages in practice?
Asymmetric operations (RSA, ECC) are much slower than symmetric ones (AES), so in practice a hybrid approach is used: asymmetric crypto exchanges a symmetric key, which then encrypts the actual data.
* Slow asymmetric crypto is spent once to transport a symmetric key; fast AES does the bulk work — key distribution and speed at once. *
Key characteristics of asymmetric crypto:
- RSA modulus since 2023: min. 3072 bits (BSI recommendation)
- DH parameters: also min. 3072 bits
- ECC keys: min. 256 bits, preferably 512 bits
- Available in both hardware and software (but very slow in software)
- Much slower than block ciphers
The hybrid approach:
- Use asymmetric crypto (RSA or DH/ECC) to securely exchange a session key (e.g., AES-256 key)
- Use the symmetric session key to encrypt the actual bulk data
- This combines the best of both worlds: secure key distribution + fast encryption
Uses of asymmetric crypto:
- Signature systems (RSA, DSA, ECDSA, Schnorr, EdDSA)
- Key distribution (Diffie-Hellman, ECDH)
- Authentication protocols (Challenge-Response based on signatures)
- NOT direct message encryption (too slow, and RSA is deterministic)
Note: Diffie-Hellman is a key exchange protocol — not an encryption or signature scheme. The encryption scheme built on DH is called ElGamal.
Go deeper:
Hybrid cryptosystem (Wikipedia) — the standard "wrap a symmetric key with a public-key cipher" design (KEM + DEM).