Public key cryptography (also known as asymmetric cryptography) is a cryptographic system that uses mathematically linked key pairs: a public key that can be freely distributed and a private key that must remain secret to its owner. Data encrypted with a public key can only be decrypted by the corresponding private key, and a message signed with a private key can be verified by anyone holding the public key. This system, introduced by Diffie and Hellman in 1976 and implemented by RSA in 1977, underpins secure internet communication, digital signatures, and certificate authorities.
Encrypt: c = m^e mod n; Decrypt: m = c^d mod n (RSA)
LaTeX: c \equiv m^e \pmod{n}, \quad m \equiv c^d \pmod{n}
| Symbol | Meaning | Unit |
|---|---|---|
| m | Original plaintext message (as integer) | none |
| c | Ciphertext (encrypted message) | none |
| e | Public exponent (part of public key) | none |
| d | Private exponent (part of private key) | none |
| n | Modulus (product of two large primes p × q) | none |
Problem
Using a small RSA example with p = 3, q = 11, e = 7: encrypt the message m = 2.
Solution
Step 1: Calculate n = p × q = 3 × 11 = 33. Step 2: Calculate φ(n) = (p-1)(q-1) = 2 × 10 = 20. Step 3: Verify e is coprime to φ(n): gcd(7, 20) = 1. ✓ Step 4: Encrypt: c = m^e mod n = 2^7 mod 33 = 128 mod 33. 128 ÷ 33 = 3 remainder 29, so 128 mod 33 = 29. Step 5: Ciphertext c = 29. Decryption check: d × e ≡ 1 (mod 20); d = 3 since 3×7 = 21 ≡ 1 (mod 20). m = c^d mod n = 29^3 mod 33 = 24389 mod 33 = 2. ✓
Answer
Ciphertext c = 29; decrypts back to m = 2 confirming correctness
| Algorithm | Key Size (bits) | Security Basis | Common Use |
|---|---|---|---|
| RSA | 2048–4096 | Integer factorisation | TLS, digital signatures |
| ECC (ECDSA) | 256–521 | Elliptic curve discrete log | Bitcoin, TLS, mobile |
| Diffie-Hellman | 2048+ | Discrete logarithm | Key exchange |
| DSA | 1024–3072 | Discrete logarithm | Digital signatures |
| Ed25519 | 256 | Edwards curve | SSH keys, modern TLS |
Wikimedia Commons, CC BY-SA
Encryption is the process of converting plaintext (readable data) into ciphertext (scrambled data) using a cryptographic algorithm and a key, so that only authorised parties with the corresponding decryption key can read the original message. Symmetric encryption uses the same key for encryption and decryption (e.g., AES), while asymmetric encryption uses a public-private key pair (e.g., RSA). Encryption is fundamental to securing data in transit (HTTPS, VPN) and data at rest (encrypted hard drives, databases).
TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are cryptographic protocols designed to provide secure communication over a computer network, most commonly the internet. TLS establishes an encrypted channel between two parties through a handshake process that authenticates the server (and optionally the client) using digital certificates, negotiates encryption algorithms, and exchanges session keys via public key cryptography. It is the security layer behind HTTPS, securing web browsing, email, messaging, and VoIP communications.
A firewall is a network security system — implemented in hardware, software, or both — that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between trusted internal networks and untrusted external networks (such as the internet), blocking or permitting traffic according to policies defined by an administrator. Modern firewalls have evolved from simple packet filters to stateful inspection firewalls and next-generation firewalls (NGFW) capable of deep packet inspection, application awareness, and intrusion prevention.
The concept was first publicly described by Whitfield Diffie and Martin Hellman in "New Directions in Cryptography" (1976). "Public" derives from Latin publicus (of the people); "Key" is metaphorical, from the idea of a cryptographic lock. The RSA algorithm was subsequently developed by Rivest, Shamir, and Adleman (1977), whose initials form the acronym.