Library
Back to reading

5.11.4 How Does Public-Key Cryptography Work?

  1. What Is Public-Key Cryptography?
  2. Why Was Public-Key Cryptography Revolutionary?
  3. How Does Public-Key Encryption Work?
  4. Why Can't Someone Derive the Private Key?
  5. Does Public-Key Cryptography Encrypt Large Files?
  6. What Is a Session Key?
  7. What Is Key Exchange?
  8. How Does Diffie–Hellman Work?
  9. What Is RSA?
  10. What Is Elliptic Curve Cryptography?
  11. What Is a Digital Certificate?
  12. What Is a Certificate Authority?
  13. Where Is Public-Key Cryptography Used?
  14. What Are the Limitations of Public-Key Cryptography?
  15. Why Is Quantum Computing a Challenge?
  16. Why Is Public-Key Cryptography Important?

Description

Discover how public-key cryptography revolutionized secure communications by allowing encryption without first sharing a secret key. Learn how RSA, elliptic-curve cryptography (ECC), and Diffie–Hellman key exchange make secure Internet communications possible.

Introduction

For thousands of years, every practical encryption system shared one significant weakness: before two people could communicate securely, they first had to exchange a secret key. This requirement was often more difficult than protecting the message itself. If an attacker intercepted the key, every subsequent message could be read.

This problem became increasingly important with the growth of computer networks. How could two people who had never met securely exchange an encryption key across the Internet—a network that anyone could potentially monitor?

The answer arrived in the 1970s with the invention of public-key cryptography. Rather than sharing a single secret key, each user possesses two mathematically related keys: a public key, which anyone may know, and a private key, which remains secret.

This innovation transformed communications security. It enabled secure web browsing, Internet banking, secure email, virtual private networks (VPNs), digital certificates, and electronic commerce. Today, public-key cryptography forms one of the cornerstones of modern information security.

What Is Public-Key Cryptography?

Public-key cryptography is a method of encryption in which each user possesses two different keys:

The two keys are mathematically related, but knowledge of the public key does not enable an attacker to determine the private key within any practical amount of time.

Information encrypted with one key can be decrypted only with the other.

Because the two keys perform different functions, the system is known as asymmetric cryptography.

Why Was Public-Key Cryptography Revolutionary?

Before public-key cryptography, secure communication required both users to possess the same secret key.

Suppose Alice wished to communicate securely with Bob. Before sending the first encrypted message, Alice somehow had to deliver the secret key to Bob without anyone else obtaining it.

This is known as the key distribution problem. As communication networks expanded, managing millions of secret keys became increasingly impractical. Public-key cryptography solved this problem by allowing the encryption key itself to be public.

Only the corresponding private key can recover the original information.

How Does Public-Key Encryption Work?

Suppose Alice wishes to send a confidential message to Bob.

Bob first generates a pair of keys:

Bob publishes the public key on a website or through a directory while carefully protecting the private key. Alice obtains Bob's public key and encrypts her message. The resulting ciphertext can safely travel across the Internet. Even if an attacker intercepts the message, it cannot be decrypted without Bob's private key. When Bob receives the message, he uses his private key to recover the original plaintext.

At no point was a secret encryption key transmitted.

Why Can't Someone Derive the Private Key?

The security of public-key cryptography depends upon mathematical problems that are believed to be computationally infeasible to solve.

Although the public and private keys are mathematically related, the relationship is deliberately constructed so that deriving the private key from the public key would require an impractical amount of computation. For example:

No efficient classical algorithms are currently known for solving these problems when sufficiently large keys are used.

Does Public-Key Cryptography Encrypt Large Files?

It can, but it rarely does.

Public-key algorithms require considerably more computation than symmetric algorithms such as AES. Encrypting a large video file or database using RSA would be unnecessarily slow. Instead, public-key cryptography is normally used only to establish a temporary session key. Once that key has been exchanged securely, a high-speed symmetric cipher encrypts the actual information.

This approach combines security with efficiency.

What Is a Session Key?

A session key is a temporary symmetric encryption key generated for a single communication session.

Typically:

When the communication session ends, the session key is discarded. If another session begins later, a completely new session key is generated.

Using temporary session keys limits the consequences of any future compromise.

What Is Key Exchange?

Sometimes two users wish to establish a shared secret without directly transmitting that secret.

This process is known as key exchange. Unlike ordinary encryption, the objective is not to protect a message but to create a common secret that both parties can subsequently use for symmetric encryption.

One of the most widely used key-exchange methods is the Diffie–Hellman protocol.

How Does Diffie–Hellman Work?

The Diffie–Hellman algorithm allows two users to establish a common secret while communicating entirely over an insecure channel.

Although an eavesdropper observes every transmitted value, the mathematics prevents the shared secret from being reconstructed within practical time. Neither party ever transmits the actual secret key. Instead, each performs a series of mathematical operations that ultimately produce the same secret value independently.

Modern Internet protocols frequently use elliptic-curve versions of Diffie–Hellman because they provide equivalent security using much shorter keys.

What Is RSA?

RSA is one of the earliest and best-known public-key algorithms.

It was introduced in 1977 by:

RSA can be used for:

For many years it dominated secure Internet communications and remains widely used today.

What Is Elliptic Curve Cryptography?

Elliptic Curve Cryptography (ECC) is a newer family of public-key algorithms based on the mathematics of elliptic curves.

Compared with RSA, ECC provides similar levels of security while requiring much shorter keys. For example, a 256-bit ECC key provides security comparable to a 3072-bit RSA key. Smaller keys reduce:

ECC has therefore become particularly important for mobile devices and embedded systems.

What Is a Digital Certificate?

If anyone can publish a public key, how do we know it really belongs to the claimed owner?

The answer is a digital certificate. A digital certificate links:

Certificates are issued by trusted organizations known as Certificate Authorities (CAs).

When a web browser visits a secure website, it verifies the site's digital certificate before establishing an encrypted connection.

This process prevents attackers from impersonating legitimate websites.

What Is a Certificate Authority?

A Certificate Authority is an organization trusted to verify identities and issue digital certificates.

Examples include commercial certificate providers and national certification authorities. Operating systems and web browsers contain lists of trusted certificate authorities. When a certificate is presented, the browser verifies that it has been issued by one of these trusted organizations.

If verification succeeds, the encrypted session can begin.

Where Is Public-Key Cryptography Used?

Public-key cryptography underpins many technologies that people use every day.

Examples include:

Most users rely upon public-key cryptography hundreds of times each day without realizing it.

What Are the Limitations of Public-Key Cryptography?

Although extremely powerful, public-key cryptography has limitations.

It is:

Consequently, it is normally combined with symmetric encryption rather than replacing it entirely.

Why Is Quantum Computing a Challenge?

Many public-key algorithms rely upon mathematical problems that are believed to be difficult for classical computers.

Large-scale quantum computers could solve some of these problems efficiently using Shor's algorithm. If practical quantum computers become available, many existing public-key algorithms—including RSA and ECC—will require replacement.

For this reason, researchers around the world are developing post-quantum cryptographic algorithms that are believed to resist both classical and quantum attacks.

Why Is Public-Key Cryptography Important?

Public-key cryptography solved one of the most difficult problems in secure communications: the secure distribution of encryption keys. By allowing users to exchange information securely without first sharing a secret, it made global electronic commerce, secure Internet communications, and digital authentication practical.

Although modern communication systems combine public-key and symmetric encryption, the ability to establish trust between complete strangers remains one of the most remarkable achievements in the history of communications engineering.

Summary

Public-key cryptography uses mathematically related public and private keys to enable secure communication without first exchanging a secret key. The public key may be distributed openly, while the private key remains known only to its owner. Together they provide confidentiality, authentication, digital signatures, and secure key exchange.

Algorithms such as RSA, Diffie–Hellman, and Elliptic Curve Cryptography form the foundation of modern Internet security. Although slower than symmetric encryption, they solve the key-distribution problem that had limited secure communications for centuries and remain an essential component of virtually every secure communication system.

Back to reading

Return to Chapter 5 FAQ 5.11.4