Public-key cryptography
Overview
Public-key cryptography, also known as asymmetric cryptography, is a cryptographic system that uses pairs of keys: a public key that can be disseminated widely and a private key known only to the owner. It solves the key distribution problem inherent in symmetric-key cryptography, where both parties must share a secret key in advance.
In a typical use, anyone can encrypt a message with the recipient's public key, but only the recipient can decrypt it with their private key. Public-key systems also enable digital signatures, where a message signed with a private key can be verified by anyone with the corresponding public key, providing authentication and non‑repudiation.
History
The concept was first publicly proposed by Whitfield Diffie and Martin Hellman in their 1976 paper "New Directions in Cryptography". They introduced the Diffie–Hellman key exchange protocol, which allows two parties to securely agree on a shared secret over an insecure channel. Independently, Ralph Merkle also contributed early ideas.
Earlier classified work had been done at the UK's Government Communications Headquarters (GCHQ) by James H. Ellis (1969), Clifford Cocks (1973), and Malcolm J. Williamson (1974). Their inventions—including a key‑exchange scheme similar to Diffie–Hellman and a trapdoor one‑way function similar to RSA—remained secret for decades.
The first widely deployed public-key algorithm was RSA, invented by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977. Other important algorithms include ElGamal encryption (1985) and those based on elliptic-curve cryptography (1985).
Features
- Key distribution: Only the public key needs to be shared, often via a public key infrastructure (PKI) and digital certificates.
- Authentication: Digital signatures prove the identity of the signer.
- Non‑repudiation: The signer cannot later deny having signed a message (when a trusted timestamp is used).
- Confidentiality: Encryption ensures that only the intended recipient can read the message.
Public-key algorithms are generally slower than symmetric algorithms, so they are often used to exchange a temporary session key for symmetric-key encryption.
Applications
Public-key cryptography is fundamental to Transport Layer Security (TLS) for secure web browsing, Pretty Good Privacy (PGP) for email encryption, SSH for secure remote login, and blockchain technologies such as Bitcoin.