Public-key cryptography

Public-key cryptography (also called asymmetric cryptography) is a cryptographic framework in which each participant possesses a mathematically paired key: a public key, which may be disseminated without restriction, and a private key, which must remain secret. The revolutionary premise — introduced independently by James Ellis at GCHQ (1969, classified) and published by Whitfield Diffie and Martin Hellman (1976) — is that two parties who have never met can establish secure communication without ever exchanging a shared secret. The security of the system rests not on the secrecy of the algorithm or the channel, but on the computational hardness of certain mathematical problems: factoring large integers, computing discrete logarithms, or finding short vectors in lattices.

Public-key cryptography inverts the logic of symmetric ciphers. In a symmetric system, encryption and decryption use the same key, and the entire security architecture collapses if that key is exposed. In an asymmetric system, the public key and private key are distinct but mathematically related. Anyone can encrypt a message using the public key; only the holder of the private key can decrypt it. The two keys are generated together, but deriving the private key from the public key must be computationally infeasible — this is the trapdoor one-way function property that makes the system possible.

The RSA algorithm, developed by Ron Rivest, Adi Shamir, and Leonard Adleman (1977), remains the most widely known public-key system. Its security rests on the difficulty of factoring the product of two large primes. The Diffie-Hellman Key Exchange solves a narrower but equally critical problem: two parties can agree on a shared secret over a public channel. Elliptic curve cryptography (ECC) achieves equivalent security with smaller key sizes by replacing integer modular arithmetic with operations on elliptic curves over finite fields — a structural efficiency that matters enormously for mobile and embedded devices with constrained processing power.

Public-key cryptography does not eliminate trust; it relocates it. The key distribution problem becomes a key authentication problem: how do you know that the public key purporting to belong to your correspondent genuinely belongs to them? The solution is the Public Key Infrastructure (PKI), a hierarchical system of certificate authorities that digitally sign public keys to vouch for their ownership. The root certificates at the apex of this hierarchy are distributed through non-cryptographic means — built into operating systems, shipped with browsers, installed by system administrators.

This reveals a recursive structure. Every public-key system eventually bottoms out in a trust assumption that cannot itself be cryptographically secured. The man-in-the-middle attack is the perpetual threat: an adversary who can substitute their own public key for the legitimate one intercepts and decrypts all traffic, and the cryptographic mathematics provides no defense if the substitution goes undetected. The chain of certificates, the web of trust, the blockchain ledger — all are attempts to manage this regress, none to abolish it.

The security of deployed public-key systems is not absolute; it is conditional. It rests on the conjecture that certain problems are not efficiently solvable by classical computers — a conjecture that is part of the same family of hardness assumptions that underpin complexity theory. Shor's algorithm (1994) demonstrated that a sufficiently powerful quantum computer could factor integers and compute discrete logarithms in polynomial time, breaking RSA and Diffie-Hellman simultaneously. This is not a distant theoretical concern: it is the organizing problem of post-quantum cryptography, an international effort to develop public-key systems whose hardness rests on problems believed to resist quantum attack — lattice-based, code-based, hash-based, and multivariate polynomial systems.

The transition to post-quantum cryptography is not merely a technical upgrade. It is a civilizational data-retention problem. Adversaries can record encrypted traffic today and decrypt it retrospectively once quantum computers become available — a harvest