why are asymmetric keys more secure?

Question

I'm trying to understand this page from Microsoft http://technet.microsoft.com/en-us/library/ms189586.aspx.

According to the documentation "...they provide a higher level of security than symmetric encryption". I get that you first encrypt the data using symmetric and then encrypt that key using another method (symmetric or asymmetric) in order to avoid having to re-encrypt the data plus the speed benefits.

What I don't get is why choosing asymmetric over symmetric for that 2nd level is any more secure? Is it just because asymmetric can be then encrypted by the database master key? Is it possible to have one user encrypt data to another user on the same database then? I don't see what other advantage you would have within a database.

Answer 1

Given the absence of context on the referenced page I would assume they mean:

In a symmetric key regime anyone who has the shared secret key can encrypt or decrypt anything. In asymmetric key use, there is no single shared secret.

As Wikipedia notes, the "…requirement that both parties have access to the secret key is one of the main drawbacks of symmetric key encryption…"

added in response to comment:

Suppose I have a datum D that I want to encrypt with a symmetric shared key. I compute S(D) to get D'. If you have the key needed to decrypt D', you also have the key to compute E ⇔ E' where E and E' are any arbitrary plain- and cypher-text.

Contrariwise in asymmetric crypto, if I have used my secret key to compute P(D) to get D'' all you have available to you is my public key which allows you to compute Q(D'') → D but P(x) is not available to you so you can't create new cyphertext. You can't use my private key because you don't have it. You cannot give away my secret or use it yourself because you never had it. This is what makes shared key (symmetric) cryptography fundamentally less secure than public key (asymmetric) crypto.