Encryption > Types of encryption > Asymmetric vs. symmetric
Asymmetric vs. symmetric encryption
Every encrypted connection you make — such as browsing a website, sending an email, or using a VPN — relies on asymmetric encryption, symmetric encryption, or both. Understanding the difference explains why modern encryption uses both.
What is symmetric encryption?
Symmetric encryption uses a single key to both lock (encrypt) and unlock (decrypt) data. The same secret key must be held by both the sender and the recipient — anyone who gets hold of it can read everything it protects.
Think of a physical safe with one combination. Whoever knows the combination can open it. It’s fast and simple, but you have to share that combination securely before you can use it together.
Because symmetric encryption is computationally fast, it excels at protecting large amounts of data — encrypting the files on your hard drive, the traffic through a VPN(neues Fenster) tunnel, or the contents of a database. Common symmetric algorithms include AES and ChaCha20.
The fundamental weakness: How do you share the key in the first place? If you send it over an insecure channel, an attacker who intercepts it can decrypt everything. This is the key distribution problem, and what asymmetric encryption solves.
What is asymmetric encryption?
Asymmetric encryption uses two mathematically linked keys: a public key and a private key. What one key encrypts, only the other can decrypt. You share the public key openly with anyone; the private key never leaves your device.
Think of a mail slot in your front door. Anyone can drop a letter through it (encrypt with your public key), but only you have the key to open the box and read what’s inside (decrypt with your private key). No prior secret exchange required.
This solves the key distribution problem entirely. Two strangers who have never communicated before can establish a secure channel — one publishes their public key, the other encrypts a message with it, and only the key holder can read the reply. This is the foundation of end-to-end encryption, HTTPS, and digital signatures.
The trade-off: Asymmetric encryption is around 1,000 times slower than symmetric encryption because of the complex mathematics involved. Encrypting a large file or a sustained data stream with asymmetric cryptography alone would be impractical.
Common asymmetric algorithms include:
- RSA (Rivest–Shamir–Adleman)
- Elliptic-curve cryptography (ECC), such as ECDH for key exchange and Ed25519 for digital signatures
- ML-KEM, a newer post-quantum asymmetric algorithm standardized by NIST in 2024, designed to resist attacks from quantum computers
Asymmetric vs. symmetric encryption: Key differences
One shared key
Fast, efficient, ideal for bulk data. Requires both parties to already share a secret key securely.
Public + private key pair
Slower, but solves the key exchange problem. Anyone can encrypt; only the key owner can decrypt.
| | Symmetric | Asymmetric |
|---|---|---|
| Keys | One shared key | Public + private key pair |
| Speed | Very fast | ~1,000x slower |
| Key length | 128–256 bits | ≥2048 bits (RSA), ≥256 bits (ECC) |
| Key distribution | Must be shared securely in advance | Public key can be shared openly |
| Best for | Encrypting large data, such as files, disks, and VPN traffic | Secure key exchange, digital signatures, messaging |
| Examples | AES, ChaCha20 | RSA, ECDH, Ed25519, ML-KEM (post-quantum) |
Why modern encryption uses both
In practice, symmetric and asymmetric encryption are almost never used in isolation. The most secure systems combine them: asymmetric encryption to securely exchange a key, then symmetric encryption to protect the actual data. This gives you the security of asymmetric cryptography and the speed of symmetric cryptography.
Using asymmetric and symmetric encryption together is called hybrid cryptography. It is the foundation of HTTPS, TLS, VPNs, OpenPGP encrypted email, and most other secure communication protocols.
What happens when you visit a secure website
Your browser and the server use asymmetric encryption (via ECDH) to agree on a shared session key without transmitting it — even if someone intercepts the exchange, they cannot derive the key.
That shared session key is used with symmetric encryption (AES or ChaCha20) to encrypt all data for the rest of the session — fast enough to handle continuous traffic.
The session key is discarded when the connection closes. This matters because a stolen private key would otherwise become a “master key” — capable of decrypting every past and future session. Generating a fresh key per session means a compromise is contained to that session only. This property is called perfect forward secrecy.
What happens when you send an end-to-end encrypted email
The message is encrypted with a randomly generated symmetric session key (AES) — fast enough for any message size.
That session key is then encrypted using the recipient’s public key (asymmetric encryption), so only they can unlock it with their private key.
Both are sent together. The recipient decrypts the session key with their private key, then uses it to decrypt the message — all without sharing any secret in advance.
Authenticity and digital signatures
Encryption hides the contents of a message, but it doesn’t prove who sent it. For that, you need authentication: a way to verify that a message genuinely came from the claimed sender and hasn’t been tampered with in transit.
Asymmetric encryption makes this possible through digital signatures. Instead of encrypting with a public key, the sender signs data with their private key. Anyone holding the corresponding public key can verify the signature, confirming both the sender’s identity and that the content is unchanged.
For the data itself, most modern protocols use authenticated encryption — ciphers that simultaneously encrypt and verify integrity in one operation. Common examples are AES-GCM and ChaCha20-Poly1305, both of which are used across Proton’s services. If even a single bit of the ciphertext is altered in transit, decryption fails and the tampered data is rejected.
Quantum computers and encryption
Symmetric and asymmetric encryption face very different threats from quantum computers — and understanding the difference matters for how the industry is preparing.
Traditional asymmetric encryption relies on hard mathematical problems: factoring large numbers (RSA) or solving discrete logarithm problems (ECDH). Quantum computers, using Shor’s algorithm, are specifically good at this class of problem, effectively breaking traditional asymmetric cryptography at scale.
Symmetric encryption is far more resilient. It relies on brute force (trying every possible key) that quantum computers can speed up, but not enough to make well-sized keys obsolete. A 256-bit symmetric key remains secure against known quantum attacks; no practical increase in key size is needed.
This is why post-quantum algorithms like ML-KEM are designed as asymmetric replacements — slotting in where RSA and ECDH are used today, while symmetric encryption remains largely unchanged.
How Proton uses asymmetric and symmetric encryption
Every Proton service uses hybrid cryptography: asymmetric encryption to establish secure key exchange, and symmetric encryption to protect your data at speed.
Proton Mail uses the OpenPGP standard, which combines symmetric encryption for message content with asymmetric keys, such as ECC or RSA keys, for encryption, key exchange, and digital signatures. It also supports post-quantum encryption.
Proton VPN encrypts traffic with ChaCha20 or AES-256, using modern VPN protocols such as WireGuard and OpenVPN. These protocols use asymmetric key exchange to establish fresh symmetric session keys, helping provide perfect forward secrecy.
Proton Drive encrypts files client-side using the OpenPGP standard. It uses asymmetric public/private keys so that only your private key can decrypt your files, meaning no one but you — not even Proton — can access them.
Proton Pass stores credentials and other vault items using AES-256-GCM symmetric encryption. It uses randomly generated 32-byte vault and item keys, which are protected with asymmetric user keys.
Take charge of your data
Modern encryption works because symmetric and asymmetric cryptography work together — and Proton uses both to protect your privacy across all apps.
With end-to-end encryption, zero-access architecture, post-quantum protection, open-source apps, and independent audits, your information stays yours.
Frequently asked questions
- What is the main difference between symmetric and asymmetric encryption?
- Which one is faster, asymmetric or symmetric encryption?
- Why do we need both symmetric and asymmetric encryption?
- Is symmetric encryption less secure than asymmetric encryption?
- Can asymmetric encryption replace symmetric encryption?
- Are symmetric or asymmetric algorithms more vulnerable to quantum computers?
