Asymmetric cryptography or public-key cryptography is cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely. Initially, a network user receives a public and private key pair from a certificate authority. Any other user who wants to send an encrypted message can get the intended recipient's public key from a public directory. They use this key to encrypt the message, and they send it to the recipient. When the recipient gets the message, they decrypt it with their private key, which no one else should have access to.
Witfield Diffie & Martin Hellman, researchers at Stanford University, first publicly proposed asymmetric encryption in their 1977 paper, New Directions In Cryptography. (The concept had been independently and covertly proposed by James Ellis several years before when he was working for the British Government Communications Headquarters.) An asymmetric algorithm, as outlined in the Diffie-Hellman paper, is a trap door or one-way function. Such a function is easy to perform in one direction, but difficult or impossible to reverse. For example, it is easy to compute the product of two given numbers, but it is computationally much harder to find the two factors given only their product. Given both the product and one of the factors, it is easy to compute the second factor, which demonstrates the fact that the hard direction of the computation can be made easy when access to some secret key is given. The function used, the algorithm, is known universally. This knowledge does not enable the decryption of the message. The only added information that is necessary and sufficient for decryption is the recipient's secret key.
In cases where the same algorithm is used to encrypt and decrypt, such as in RSA, a message can be securely signed by a specific sender: if the sender encrypts the message using their private key, then the message can be decrypted only using that sender's public key, authenticating the sender.
This also allows for the exchanging of securely signed and one-to-one messages, as follows. The sender encrypts the message using the common algorithm and his own secret key. They then sign the result, encrypt it again (with their signature in cleartext) using the recipient's public key, and send it. The recipient decrypts the received message using their own secret key, identifies the sender from their now-cleartext signature, and then decrypt the result using the sender's public key. This ensures the recipient that whoever composed the message had access to the sender's private key, and that nobody tampered with the message or read it along the way.
In symmetric cryptography, the same key is used for both encryption and decryption. This approach is simpler in dealing with each message, but less secure since the key must be communicated to and known at both sender and receiver locations.See also: PKI, RSA