Asymmetric Encryption
Asymmetric encryption uses mathematically linked key pairs — anything encrypted with the public key can only be decrypted with the private key — solving the key distribution problem that symmetric encryption cannot.
Asymmetric encryption is the breakthrough that made secure internet communication between strangers possible. It underlies HTTPS, SSH, Bitcoin addresses, and every digital certificate. Without it, there's no way for your browser to establish a private channel with a server it has never met before.
The Intuition
In 1976, Whitfield Diffie and Martin Hellman published a paper that changed cryptography forever. They described a system where two people who have never met — and share no secrets — can establish a private communication channel over a public network.
The trick: mathematically linked key pairs. What one key locks, only the other can unlock. You publish your public key to the world. Anyone uses it to encrypt a message to you. Only your private key decrypts it. The private key never leaves your device. Strangers can now communicate securely without ever having shared a secret beforehand.
See it concretely
Imagine a city-wide padlock scheme. You manufacture thousands of identical open padlocks (your public key) and distribute them to everyone. Anyone can take a padlock, snap it shut over a box containing a message to you, and send it back.
Only you have the key that opens all those padlocks (your private key). Not even the person who sent the box can reopen it — once the padlock is snapped shut, only the key works. The padlocks are visible everywhere on street corners. That's fine. The key stays in your pocket.
Tempting — but wrong
The precise version
RSA (Rivest–Shamir–Adleman):
Choose large primes p, q. Compute n = p·q (modulus) and φ(n) = (p−1)(q−1).
Choose public exponent e (typically 65537). Compute private exponent d where e·d ≡ 1 (mod φ(n)).
Public key: (e, n). Private key: (d, n).
Encrypt: C = Mᵉ mod n. Decrypt: M = Cᵈ mod n.
Security relies on the hardness of factoring n back into p and q. For 2048-bit n, the best known algorithms (GNFS) require sub-exponential but still astronomical time.
Modern systems increasingly prefer ECDH (Elliptic Curve Diffie-Hellman) — same security as RSA-3072 with a 256-bit key, because the elliptic curve discrete log problem is harder than integer factorization.
C = M^e \bmod n, \quad M = C^d \bmod nCheck your understanding
Why is asymmetric encryption used for key exchange rather than bulk data?
Click to reveal answer
If you encrypt data with your private key, what does that prove?
Click to reveal answer
Why is ECDH replacing RSA in modern protocols?
Click to reveal answer
- I understand how key pairs work and why the public key is safe to share
- I can explain why HTTPS uses both asymmetric and symmetric encryption
- I know the difference between RSA and ECDH
HTTPS uses both asymmetric and symmetric encryption. What role does each play?