cisspSecurity Architecture and Engineering· 12 min read· 16 May 2026
Cryptography Fundamentals: Symmetric, Asymmetric, PKI, and Quantum Threats
Cryptography is one of the most technically dense topics on the CISSP exam. Domain 3 tests cryptographic concepts at the level of: how do the different types of cryptography work, when is each appropriate, how does PKI establish trust, and what threats — including emerging quantum threats — does the exam expect you to understand? The exam does not require you to implement cryptographic algorithms, but it does require deep conceptual understanding of their properties, use cases, and vulnerabilities.
Symmetric Cryptography
Symmetric cryptography uses the same key for both encryption and decryption. Both parties must possess the same secret key, and the security of the communication depends entirely on the secrecy of that key.
Strengths of symmetric cryptography: it is computationally fast, making it practical for encrypting large volumes of data. Modern symmetric algorithms (AES-256, ChaCha20) are extremely secure against brute force attacks given adequate key lengths.
Weaknesses of symmetric cryptography: the key distribution problem. How do two parties who have never met agree on a shared secret key without it being intercepted? In small-scale deployments (two parties with a pre-existing secure channel), this is manageable. At scale (thousands of parties communicating with each other), key distribution becomes practically impossible without a more sophisticated mechanism.
The key management challenge is quantified by the formula for the number of keys required for n parties to communicate privately: n(n-1)/2. For 1,000 parties, this is 499,500 symmetric keys — clearly unmanageable.
Major symmetric algorithms: AES (Advanced Encryption Standard) — the current standard for symmetric encryption, with key lengths of 128, 192, or 256 bits. 3DES (Triple DES) — deprecated but may appear in legacy scenarios. ChaCha20 — a modern stream cipher used in TLS 1.3. RC4 — deprecated, known-vulnerable stream cipher.
For the exam: symmetric = fast = used for bulk data encryption. The fundamental challenge is key distribution at scale.
Asymmetric Cryptography
Asymmetric cryptography uses a mathematically related key pair: a public key and a private key. Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa.
The public key can be freely distributed without compromising security. Anyone can use it to encrypt a message that only the private key holder can decrypt. This solves the key distribution problem of symmetric cryptography: parties who have never met can establish encrypted communication by exchanging public keys.
Weaknesses: computationally expensive — orders of magnitude slower than symmetric encryption for bulk data. Not practical for encrypting large amounts of data directly.
This is why cryptography in practice uses a hybrid approach: asymmetric cryptography is used to securely exchange a symmetric key, and that symmetric key is then used to encrypt the actual data. TLS uses exactly this approach: the asymmetric handshake establishes a session key, and the session key is used for the bulk of the encrypted communication.
Key use rule for asymmetric cryptography: to encrypt a message for someone, use their public key. They decrypt with their private key. To digitally sign a message, use your own private key. Anyone with your public key can verify the signature. This is the reverse of encryption.
Major asymmetric algorithms: RSA (Rivest-Shamir-Adleman) — widely used for key exchange and digital signatures, based on the difficulty of factoring large integers. Diffie-Hellman Key Exchange (DH) — allows two parties to establish a shared secret over an insecure channel. Elliptic Curve Cryptography (ECC) — discussed below.
Elliptic Curve Cryptography (ECC)
ECC is an asymmetric cryptographic approach based on the mathematical properties of elliptic curves over finite fields. The key advantage of ECC over RSA is that it achieves equivalent security with significantly smaller key sizes.
A 256-bit ECC key provides approximately the same security as a 3,072-bit RSA key. Smaller keys mean faster computation, lower memory requirements, and lower power consumption — making ECC ideal for mobile devices, IoT devices, and performance-sensitive environments.
ECC is now preferred over RSA for new implementations in most contexts. ECDSA (Elliptic Curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman) are the primary ECC-based protocols. TLS 1.3 mandates ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) for key exchange.
For the exam: ECC provides the same security as RSA with smaller keys. It is preferred for resource-constrained environments and is the modern replacement for RSA in many contexts.
Public Key Infrastructure (PKI)
PKI is the system of policies, processes, and technologies that manages the creation, distribution, storage, revocation, and use of digital certificates. It solves the critical trust problem of asymmetric cryptography: how can you trust that a public key actually belongs to who it claims to?
Without PKI, an attacker could present a fraudulent public key and intercept communications (a man-in-the-middle attack). PKI addresses this by binding public keys to verified identities through digitally signed certificates.
Key PKI components:
Certification Authority (CA): the trusted entity that issues digital certificates. The CA signs each certificate with its own private key, creating a verifiable chain of trust. CAs can be public (trusted by browsers and operating systems by default — e.g., DigiCert, Let's Encrypt) or private (internal CAs for enterprise environments).
Registration Authority (RA): an entity that verifies the identity of certificate requestors on behalf of the CA. The RA handles the vetting process; the CA issues the certificate. In some implementations, the RA and CA functions are combined.
Certificate Revocation List (CRL): a list of certificates that have been revoked before their expiry date — due to key compromise, change of ownership, or policy violation. Clients check the CRL to verify that a certificate has not been revoked. CRLs have scalability limitations because they can become very large and must be downloaded periodically.
Online Certificate Status Protocol (OCSP): a more efficient alternative to CRLs that allows clients to check the revocation status of a specific certificate in real time by querying the CA's OCSP responder. OCSP stapling improves performance by having the server cache and present the OCSP response directly.
Certificate hierarchy and trust chains: most PKI deployments use a hierarchical trust model. A Root CA (whose certificate is self-signed and pre-installed in browsers/OS) issues certificates to Intermediate CAs, which issue certificates to end entities (servers, users). This hierarchy limits the damage if an intermediate CA is compromised: only certificates issued by that CA are affected, not the entire PKI.
For the exam: PKI binds public keys to verified identities through certificate chains. CA issues. RA vets. CRL and OCSP handle revocation. Understand the trust chain from root CA through intermediates to end-entity certificates.
Quantum Key Distribution and Post-Quantum Cryptography
Quantum computing represents a significant long-term threat to current cryptographic standards. The CISSP 2024 exam has added quantum-related cryptographic concepts.
Shor's algorithm, when run on a sufficiently powerful quantum computer, can factor large integers efficiently — breaking RSA. It can also solve the discrete logarithm problem — breaking DH and ECC. In theory, a quantum computer running Shor's algorithm would render current asymmetric cryptography insecure.
Grover's algorithm provides a quadratic speedup for searching unsorted databases. Applied to symmetric cryptography, it effectively halves the key strength: a 256-bit AES key would have the security equivalent of a 128-bit key against a quantum attacker. The practical response is to double key lengths for symmetric algorithms.
Quantum Key Distribution (QKD) uses quantum mechanical properties to distribute cryptographic keys in a way that is theoretically impossible to intercept without detection. Any eavesdropping on a QKD channel disturbs the quantum states being transmitted, producing detectable anomalies. QKD provides information-theoretic security — security that does not depend on computational hardness assumptions. Its current limitations are short transmission distances and high infrastructure costs.
Post-quantum cryptography (PQC) refers to classical (non-quantum) algorithms that are believed to be resistant to attacks by quantum computers. NIST standardised the first post-quantum algorithms in 2024: CRYSTALS-Kyber (for key encapsulation) and CRYSTALS-Dilithium (for digital signatures).
For the exam: Shor's algorithm breaks RSA and ECC. Grover's algorithm weakens symmetric keys (double key lengths to compensate). QKD provides quantum-safe key distribution using quantum mechanical properties. Post-quantum cryptography is the long-term solution.
Key Lifecycle Management
Cryptographic keys are only as secure as their management. Key lifecycle management covers: generation, distribution, storage, use, rotation, escrow, and destruction.
Generation: keys should be generated using a certified random number generator with sufficient entropy. Predictable key generation is a critical vulnerability.
Distribution: symmetric keys should be distributed through a secure channel (encrypted with asymmetric cryptography or via a secure out-of-band mechanism). Asymmetric public keys should be distributed through PKI certificates.
Storage: private keys and symmetric keys must be stored securely — ideally in a Hardware Security Module (HSM) that prevents key extraction.
Rotation: keys should be rotated periodically to limit the damage from undetected compromise. Shorter rotation periods reduce exposure.
Escrow: in some contexts, keys must be escrowed (held by a trusted third party) to allow lawful access to encrypted data if the key holder is unavailable. Key escrow is controversial and requires careful governance.
Destruction: at end of life, keys must be securely destroyed. For cryptographic erasure to be effective, the key must be truly irrecoverable.
Exam Tip
Asymmetric crypto: public key encrypts, private key decrypts. Digital signatures reverse this: private key signs, public key verifies. The exam tests this distinction frequently. Also know the hybrid model: asymmetric for key exchange, symmetric for bulk encryption. PKI solves the trust problem by binding public keys to verified identities through CA-signed certificates.
// PRACTICE_THIS_DOMAIN
Test your knowledge on Security Architecture and Engineering
AI-generated practice questions mapped to this domain. Get instant explanations and track your progress.