The cryptographic strength of symmetric cryptography comes from the sheer size of the keyspace and the secrecy of the keys. Asymmetric cryptography cannot rely on this strength as half of the key, the public key, is known. In fact, given a public key is procedurally very easy to derive the private key. The strength comes from the fact that although the procedure is very easy, the computing power required to perform the operation is tremendous. Take the mathematical function square root. The process of squaring a number (multiplying it by itself) and producing a square root (finding out which two numbers, when multiplied, produce the result) are directly related and fundamentally opposite. It is very easy to calculate 232 = 529, but very difficult to calculate v529 = 23. A similar problem is that of factoring. When two prime numbers are multiplied to produce a result, those prime numbers are said to be factors of the result. Determining the factors of a result, given just the result is easy, but time consuming. If the result and factors are large enough (hundreds of digits), then the time required to compute the factors, even given Moore’s law, is measured in decades. The primary strength of asymmetric key cryptography is that it would take too long to break, making calculation of a private key, given a public key statistically infeasible.

Note: Moore, one of the founders of Intel once noted that computing power seems to double about ever 18 months. This pattern has held for many years and in the general rule used when predicting computing power in the future.

RSA (named for the founders of RSA Securities) is the most common implementation of asymmetric cryptography. The RSA algorithm has undergone tremendous scrutiny and is considered to be very secure. The strength of RSA is based strictly on the difficulty in factoring large numbers.