How Asymmetric Encryption Works — Public Keys, Private Keys, and Trust
Symmetric encryption requires both parties to share the same key secretly. Asymmetric encryption solves this with a radical idea: two keys. A public key that anyone can have, and a private key that only you have. Data encrypted with the public key can only be decrypted with the private key. Data encrypted with the private key can only be decrypted with the public key.
This was invented in 1976 by Whitfield Diffie and Martin Hellman — one of the most important discoveries in the history of computing. Before this, secure communication required a secure channel to exchange keys. After this, secure communication could happen between complete strangers.
How Does It Work?
The core idea: certain mathematical operations are easy to do forward but computationally infeasible to reverse.
RSA (Rivest-Shamir-Adleman, 1978) — based on the difficulty of factoring large numbers. Multiplying two large primes is easy. Factoring the result back into the two primes is hard. The public key is the product. The private key is the primes. Encrypting uses the product. Decrypting requires knowing the factors.
Elliptic Curve Cryptography (ECC) — based on the difficulty of the elliptic curve discrete logarithm problem. Given a point on a curve and a scalar multiple of that point, finding the scalar is hard. ECC achieves the same security as RSA with much smaller keys:
| Security level | RSA key size | ECC key size |
|---|---|---|
| 128-bit | 3,072 bits | 256 bits |
| 192-bit | 7,680 bits | 384 bits |
| 256-bit | 15,360 bits | 512 bits |
256-bit ECC ≈ 3,072-bit RSA in security, but operations are faster and keys are smaller. This is why modern systems prefer ECC. TLS 1.3 uses elliptic curves by default.
What Can You Do with Two Keys?
Encryption — anyone encrypts with your public key. Only you decrypt with your private key. Used for sending secrets to someone. In practice, this is too slow for bulk data, so it's used to encrypt a symmetric key, which encrypts the actual data (hybrid encryption).
Signatures — you sign with your private key. Anyone verifies with your public key. This proves the message came from you and wasn't modified. Covered in detail in How Digital Signatures Work.
Key exchange — two parties each have a key pair. Through a protocol like Diffie-Hellman, they derive a shared symmetric key without ever transmitting it. Covered in How Key Exchange Works.
Why Can't You Derive the Private Key?
The security rests on mathematical problems that are easy in one direction and hard in the other:
RSA: given two 1,024-digit primes, their product is computed in microseconds. Given the product, finding the primes takes longer than the age of the universe with the best known algorithms. The largest RSA number factored (RSA-250, 829 bits) took 2,700 CPU-years in 2020. RSA-2048 (2,048 bits) is astronomically harder.
ECC: given a point P on an elliptic curve and a number k, computing kP (add P to itself k times) is fast. Given P and kP, finding k requires searching an impossibly large space. For a 256-bit curve, this means checking ~2^128 possibilities.
Both problems are in the class "easy forward, hard backward." If a quantum computer large enough to run Shor's algorithm is built, both RSA and ECC would be broken — which is why post-quantum cryptography is being developed.
Where Is Asymmetric Encryption Used?
TLS handshake — the server presents its certificate (containing its public key). The client uses this to authenticate the server and establish a shared symmetric key. The key exchange uses ECDHE (Elliptic Curve Diffie-Hellman Ephemeral).
SSH — when you ssh user@server, the server proves its identity with its host key (asymmetric). You authenticate with your SSH key pair. The session is then encrypted with a symmetric key.
Certificates — a Certificate Authority signs a certificate using its private key. Your browser verifies the signature using the CA's public key (pre-installed in your OS).
PGP / GPG — encrypt emails with the recipient's public key. Sign messages with your private key. The original use case for public-key cryptography.
Cryptocurrency — your wallet address is derived from your public key. Transactions are signed with your private key. Anyone can verify the signature with the public key.
Code signing — Apple, Google, and Microsoft require apps to be signed with the developer's private key. The OS verifies the signature with the public key before running the app.
The Key Management Problem
Asymmetric encryption solves key distribution but introduces key management:
How do you trust a public key? If someone gives you their public key, how do you know it's really theirs? An attacker could substitute their own public key. This is the problem certificates and Certificate Authorities solve — a trusted third party vouches for the binding between identity and public key.
How do you protect the private key? If your private key is compromised, all security is lost. Private keys are stored in secure hardware (HSMs, TPMs, Secure Enclave), encrypted at rest, and never transmitted. Losing control of a private key is a security incident.
How do you revoke a key? If a private key is compromised, how do you tell the world to stop trusting the corresponding public key? Certificate Revocation Lists (CRLs) and OCSP solve this for certificates. SSH has authorized_keys that can be edited. PGP has revocation certificates.
Next Steps
- How Digital Signatures Work — using private keys to prove authorship and integrity.
- How Key Exchange Works — Diffie-Hellman and how TLS establishes shared secrets.
- How Certificates Work — how public keys are bound to identities.
Prerequisites
References
Referenced by
- How Key Exchange Works — Sharing Secrets Over Insecure Channels
- How Digital Signatures Work — Proving Authorship and Integrity
- Cryptography FAQ
- How Symmetric Encryption Works — One Key, Two Operations
- What is a Private Key
- What is Elliptic Curve Cryptography
- What is a Public Key
- What is RSA
- Hardware Offloading, Zero Trust, and Post-Quantum Networking