Public key cryptography (asymmetric cryptography) solved the fundamental problem of secure communication: how do two parties who have never met establish a secure channel without a pre-existing shared secret?
Before 1976, all encryption was symmetric — both parties needed the same key. Distributing that key securely was the unsolved problem. Diffie and Hellman’s breakthrough (and independently, RSA in 1977) introduced key pairs: a public key anyone can have, and a private key only the owner possesses. This single invention enabled: HTTPS, digital signatures, SSH, email encryption, cryptocurrency, code signing, and the entire PKI ecosystem.
The Core Idea
In symmetric cryptography, one key does everything:
Key → Encrypt → Ciphertext → Same Key → Decrypt → Plaintext
Problem: How do you share the key securely in the first place?In public key cryptography, two mathematically linked keys divide the work:
Public Key → Encrypt → Ciphertext → Private Key → Decrypt → Plaintext
Private Key → Sign → Signature → Public Key → Verify → Valid/InvalidThe breakthrough: The public key can be published openly (on a website, in a certificate, in a key server). Anyone can encrypt a message for you using your public key. Only you can decrypt it with your private key. No secret needs to be shared in advance.
The Three Operations
1. Encryption (Confidentiality)
Send a secret message to someone without a pre-shared key:
Alice wants to send Bob a secret:
1. Alice gets Bob's public key (from his certificate, website, key server)
2. Alice encrypts: ciphertext = Encrypt(message, Bob_public_key)
3. Alice sends ciphertext over any channel (even insecure)
4. Bob decrypts: message = Decrypt(ciphertext, Bob_private_key)
Eavesdropper has: Bob's public key + ciphertext
Eavesdropper can decrypt: NO (needs Bob's private key)2. Digital Signatures (Authenticity + Integrity)
Prove you wrote something and it hasn’t been modified:
Bob wants to prove he authored a document:
1. Bob computes: hash = SHA-256(document)
2. Bob signs: signature = Sign(hash, Bob_private_key)
3. Bob publishes: document + signature
Anyone verifies:
1. Compute: hash = SHA-256(document)
2. Verify: Verify(signature, Bob_public_key) == hash?
3. If yes: Bob signed it (authenticity) and it's unmodified (integrity)
Forger needs: Bob's private key (which only Bob has)3. Key Exchange (Establish Shared Secret)
Two parties derive a shared secret over an insecure channel:
Diffie-Hellman / ECDHE:
1. Alice generates ephemeral key pair (a, A=a×G)
2. Bob generates ephemeral key pair (b, B=b×G)
3. They exchange public values A and B (over insecure channel)
4. Alice computes: shared_secret = a × B
5. Bob computes: shared_secret = b × A
6. Both have the same shared secret (used for symmetric encryption)
Eavesdropper has: A and B (public values)
Eavesdropper can compute shared secret: NO (discrete log problem)Where Public Key Cryptography Is Used
TLS/HTTPS (Every Web Connection)
Every time you visit https://anything:
1. Server presents certificate (contains server's PUBLIC key)
2. Server proves identity by signing handshake (PRIVATE key)
3. Client and server perform ECDHE key exchange (public key math)
4. Shared secret derived → symmetric keys → AES encrypts all data
Public key crypto: authenticates server + establishes shared secret
Symmetric crypto: encrypts the actual data (faster)SSH (Remote Server Access)
ssh user@server:
1. Server presents host key (server's public key — you verify via known_hosts)
2. Client presents its public key (from authorized_keys on server)
3. Client proves identity by signing challenge (private key)
4. Key exchange establishes encrypted session
Public key crypto: authenticates both sides
Symmetric crypto: encrypts the sessionEmail Encryption (S/MIME, PGP)
Sending encrypted email:
1. Get recipient's public key (from certificate or key server)
2. Encrypt email with recipient's public key
3. Only recipient can decrypt (with their private key)
Signing email:
1. Sign with your private key
2. Recipients verify with your public key
3. Proves: you sent it, and it wasn't modifiedCode Signing
Publisher signs software:
1. Hash the binary: hash = SHA-256(software.exe)
2. Sign: signature = Sign(hash, publisher_private_key)
3. Distribute: software.exe + signature + certificate
User verifies:
1. Check certificate chains to trusted root
2. Verify signature with publisher's public key
3. If valid: software is authentic and unmodifiedCryptocurrency (Bitcoin, Ethereum)
Your wallet:
- Private key: controls your funds (spend)
- Public key: derives your address (receive)
- Transaction: signed with private key (proves you authorized the transfer)
- Network verifies: signature valid with your public key
Lose private key = lose all funds (no recovery, no "forgot password")The Math Behind It
RSA (Factoring Problem)
Security relies on: given n = p × q (product of two large primes), finding p and q is computationally infeasible.
Key generation: choose p, q (large primes) → compute n = p×q
Public key: (n, e=65537)
Private key: (n, d) where e×d ≡ 1 mod φ(n)
Encrypt: c = m^e mod n
Decrypt: m = c^d mod n
Breaking RSA = factoring n (best known: sub-exponential, but still infeasible for 2048+ bits)ECC (Elliptic Curve Discrete Logarithm)
Security relies on: given Q = k×G (point multiplication on an elliptic curve), finding k from Q and G is computationally infeasible.
Key generation: choose random k (private key), compute Q = k×G (public key)
G is a known generator point on the curve
Signing (ECDSA): uses k to produce signature (r, s)
Verification: uses Q to check signature validity
Breaking ECC = solving ECDLP (fully exponential — harder than factoring)Why ECC Is Replacing RSA
| Security Level | RSA Key Size | ECC Key Size | Ratio |
|---|---|---|---|
| 128-bit | 3072 bits (384 bytes) | 256 bits (32 bytes) | 12:1 |
| 192-bit | 7680 bits (960 bytes) | 384 bits (48 bytes) | 20:1 |
| 256-bit | 15360 bits (1920 bytes) | 521 bits (66 bytes) | 29:1 |
ECC achieves the same security with dramatically smaller keys → faster operations, less bandwidth, better for constrained devices.
Public Key Cryptography vs Symmetric Cryptography
| Dimension | Public Key (Asymmetric) | Symmetric |
|---|---|---|
| Keys | Key pair (public + private) | Single shared key |
| Speed | Slow (100-1000x slower) | Fast (GB/s with AES-NI) |
| Key distribution | No problem (public key is public) | Must share key securely first |
| Use case | Key exchange, signatures, authentication | Bulk data encryption |
| Examples | RSA, ECC, Ed25519, X25519 | AES-256, ChaCha20 |
| In TLS | Handshake (authenticate + key exchange) | Data transfer (encrypt payload) |
In practice, both are always used together:
- Public key crypto establishes the connection (handshake)
- Symmetric crypto encrypts the data (fast, efficient)
This is called hybrid encryption — and it’s how every TLS connection works.
The Quantum Threat
Both RSA and ECC are vulnerable to quantum computers:
- Shor’s algorithm factors large numbers (breaks RSA) and solves discrete logarithms (breaks ECC) in polynomial time
- A sufficiently large quantum computer would break all current public key cryptography
Timeline: Estimated 2030-2040 for cryptographically-relevant quantum computers.
Solution: Post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) based on different mathematical problems (lattices, hashes) that resist quantum attacks. These are standardized (FIPS 203, 204, 205) and being deployed in hybrid mode alongside classical algorithms.
Symmetric crypto (AES-256) is NOT affected — Grover’s algorithm only halves the effective key length (256 → 128 bits, still secure).
FAQ
Q: If the public key is public, can’t anyone decrypt my messages? A: No. The public key ENCRYPTS. Only the matching private key DECRYPTS. Having the public key lets you encrypt messages FOR the key owner — it doesn’t let you decrypt messages FROM them.
Q: What’s the difference between public key cryptography and PKI? A: Public key cryptography is the math (algorithms, key pairs, operations). PKI (Public Key Infrastructure) is the system that manages public keys at scale — Certificate Authorities that vouch for identities, certificates that bind public keys to names, trust stores that define who to trust.
Q: Why can’t I just use public key crypto for everything (skip symmetric)? A: Performance. RSA encryption is ~1000x slower than AES. Encrypting a 1GB file with RSA would take minutes; AES does it in 0.2 seconds. Public key crypto is used to exchange a symmetric key, then symmetric crypto does the heavy lifting.
Q: Is public key cryptography breakable? A: With current (classical) computers: no, not for properly-sized keys (RSA-2048+, ECC P-256+). With future quantum computers: yes (Shor’s algorithm). This is why post-quantum algorithms are being standardized and deployed now.
Q: How do I know a public key actually belongs to who it claims? A: That’s what certificates solve. A Certificate Authority verifies the identity and signs the public key. When you receive a certificate, you verify the CA’s signature (using the CA’s public key, which is in your trust store). This chain of signatures IS the trust model.