Listen Search Library

Follow the threads

Every story connects to a hundred more

Browse all topics
Featured
Recently added

Browse all categories
For you

All answer pages

All entries
RSS feed

Terms of service·Privacy policy

2026 HearLore

Preview of HearLore

Free to follow every thread. No paywall, no dead ends.

Listen Search Library

Public-key cryptography | HearLore

Adapted from Public-key cryptography, licensed under CC BY-SA 4.0. Modified for audio. This HearLore entry is also licensed under CC BY-SA 4.0.

— Ch. 1 · Foundations And Mechanics —

Public-key cryptography.

~4 min read · Ch. 1 of 6

An unpredictable number, typically large and random, begins the generation of an acceptable pair of keys for any asymmetric key algorithm. This mathematical process relies on one-way functions to create security. A public key can be distributed openly without compromising safety. The corresponding private key must remain secret from all other parties. If a private key becomes known to anyone else, the entire system's security fails. Anyone with the public key can encrypt a message or verify a signature. Only the holder of the paired private key can decrypt such messages or generate valid signatures. For example, Alice signs a message with her private key. Bob uses Alice's public key to verify that she sent it and that no modifications occurred during transmission.

Classified British Discoveries

James H. Ellis conceived non-secret encryption in 1970 while working at the UK Government Communications Headquarters. He could see no way to implement his idea at that time. Clifford Cocks implemented what is now known as RSA encryption in 1973. Malcolm J. Williamson developed the Diffie-Hellman key exchange scheme in 1974. These discoveries were passed to the US National Security Agency but remained unrealized due to limited computing power. The British government did not publicly acknowledge these research findings until 1997. Ralph Benjamin stated that these discoveries were declassified only after decades of secrecy. This classified history runs parallel to independent public developments occurring elsewhere.

Continue Browsing

Anonymity networks Banking technology Cryptographic protocols Cryptographic software Network architecture Public key infrastructure

Common questions

When did James H. Ellis conceive non-secret encryption?

James H. Ellis conceived non-secret encryption in 1970 while working at the UK Government Communications Headquarters.

Who implemented RSA encryption and when was it created?

Clifford Cocks implemented what is now known as RSA encryption in 1973.

What year did Whitfield Diffie and Martin Hellman publish their asymmetric key cryptosystem?

Whitfield Diffie and Martin Hellman published an asymmetric key cryptosystem in 1976.

How many years passed before the British government publicly acknowledged cryptographic research findings from the 1970s?

The British government did not publicly acknowledge these research findings until 1997, decades after the initial discoveries were made.

Which organizations use hybrid cryptosystems to combine public-key and symmetric cryptography?

PGP, SSH, and the SSL/TLS family of schemes utilize this procedure called hybrid cryptosystems because they combine both methods.

See all questions about Public-key cryptography →

In this section

Loading sources

All sources

Public Discovery And Publication

Whitfield Diffie and Martin Hellman published an asymmetric key cryptosystem in 1976. They disclosed a method of public key agreement influenced by Ralph Merkle's work on public key distribution. Their method used exponentiation in a finite field and became known as Diffie-Hellman key exchange. Ron Rivest, Adi Shamir, and Leonard Adleman independently invented a generalization of Cocks's scheme in 1977. All three authors worked at MIT during this period. They published their work in 1978 within Martin Gardner's Scientific American column. The algorithm came to be known as RSA from their initials. A description appeared in the Mathematical Games column of the August 1977 issue of Scientific American. This publication made asymmetric encryption a relatively new field despite cryptography dating back over two thousand years.

Hybrid System Architecture

Asymmetric key algorithms are nearly always much more computationally intensive than symmetric ones. It is common to use a public-private asymmetric key-exchange algorithm to encrypt and exchange a symmetric key. This symmetric key then transmits data using symmetric-key cryptography for higher throughput. PGP, SSH, and the SSL/TLS family of schemes utilize this procedure. These systems are called hybrid cryptosystems because they combine both methods. The initial asymmetric cryptography-based key exchange shares a server-generated symmetric key from server to client. This process avoids requiring that a symmetric key be pre-shared manually on printed paper or discs transported by courier. The result provides higher data throughput of symmetric key cryptography over asymmetric key cryptography for the remainder of the shared connection.

Infrastructure And Trust Models

A Public Key Infrastructure involves roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates. One or more third parties known as certificate authorities certify ownership of key pairs. TLS relies upon this infrastructure model. Web browsers contain a long list of self-signed identity certificates from PKI providers. These check the bona fides of the certificate authority before checking potential communicators' certificates. An attacker who subverts one of those certificate authorities could mount a man-in-the-middle attack easily. A decentralized approach uses individual endorsements of links between a user and their public key. PGP uses this web of trust approach in addition to lookup in the domain name system. DKIM for digitally signing emails also utilizes this method.

Security Vulnerabilities And Attacks

The chief security risk is that the private key of a pair becomes known to an unauthorized party. All security of messages encrypted with this private key will then be lost. Some studies noted risks when private key control is delegated to third parties. Research on Uruguay's implementation under Law 18.600 found centralized key custody may weaken private-key secrecy. This increases exposure to man-in-the-middle attacks and raises concerns about legal non-repudiation. Quantum computing threatens many asymmetric key algorithms considered vulnerable to new attacks. Side-channel exploits can simplify the search for a secret key by exploiting information leakage. A communication is particularly unsafe when interceptions cannot be prevented or monitored by the sender. Capturing the public key would only require searching for it as it gets sent through communications hardware controlled by an attacker.