James O'Connell, PhD

The magic of public key cryptography

Written by

james

in

I find public key cryptography fascinating. It’s stunningly simple but incredibly secure against current compute technology.

Basic idea

The fundamental concept of public key cryptography is based on a few (usually very large) numbers. A public key is simply one of these numbers; a private key is another. However, the main difference is that the private key is kept secret, whereas the public key is distributed to anyone.

The public key can be used to encrypt data, which can then be securely transmitted to someone. In my eyes, the interesting part is that once encrypted, most of the encrypted data is discarded before being transmitted; this is why reversing the encryption algorithm isn’t possible. Even if an eavesdropper captures the transmitted data, it’s not feasible to decrypt. Upon receipt of the encrypted data, the intended recipient can use the private key to decrypt and read the data.

A simple example

While computers use extremely large numbers for encryption, a basic example can be shown with small (human-understandable) numbers. This will use RSA encryption with a public key of 11 and a private key of 7 under modulo/base 10. These numbers have certain relations to one another and are computed in a certain way, but we won’t go over that here. Note again that the private key is known only to the recipient of the data.

Encryption

Let’s say you want to transmit a single number (0-9) to me. You choose a number, say, 8, and encrypt it using the following equation.

Encrypted data=Plaintext datapublic key(mod (base))\text{Encrypted data} = \text{Plaintext data}^\text{public key} \text{(mod (base))}

While that looks a little complicated, it’s rather simple. We take the plaintext data (8), raise it to the power of the public key (11), then take the modulo with the base (10). The module operation simply means we divide by the base, then take the remainder. Therefore,

Encrypted data=811(mod 10)=8,589,934,592(mod 10)=2\text{Encrypted data} = 8^{11} \text{(mod 10)} = 8,589,934,592 \text{(mod 10)} = 2

Therefore, the encrypted data is simply the number 2. Again, what makes this interesting is that we have discarded 8,589,934,590, meaning the exponentiation is not feasible to reverse.

Decryption

Once I received your message of 2, I can decrypt it with the private key. All I need to do is run the same operation you did, but with the private key instead:

Decrypted data=27(mod 10)=128(mod 10)=8\text{Decrypted data} = 2^7 \text{(mod 10)} = 128 \text{(mod 10)} = 8

We can see we’ve obtained the original data. One thing that makes this algorithm even better is that the mathematical operations are computationally cheap and very simple to implement. The difficulty comes with finding pairs of public and private keys, but the actual encryption and decryption are very easy to compute. Additionally, for many applications, the keys only need to be computed once and can be used many times.

Eavesdropping

A bad actor could fairly easily intercept your message of 2. However, they are unable to work out what the original data was without trial-and-erroring a bunch of options. This example is just using the digits 0-9, so this brute force approach is pretty simple: The eavesdropper can simply run the (public) encryption algorithm on every digit and find out which one results in 2.

That being said, modern encryption algorithms use ridiculously large numbers (for human brains), and trial-and-error is basically impossible. With modern algorithms, it’s generally thought that brute forcing a decryption would take billions of years or more, and therefore they are considered safe.

I will note here that with the early signs of quantum computing, it is possible these algorithms may be brute forced more easily in the future, but many smart people are working on this and finding solutions. Additionally, quantum computers are very much not ready for any task, so most people need not worry about it right now.

Cryptographic signing

Another application of this idea is digital signing to cryptographically “prove” someone has signed a document. Put simply, I could come up with a pair of keys and distribute the public key while keeping the private key secret. To digitally sign something, I could encrypt a message of something like “I am the real James and the 2026 rental contract was signed on Jan 3, 2026”. Once encrypted, I could attach the encrypted message to the document.

The document with the encrypted message could be distributed along with the public key (which is known to come from me). Any recipient could easily run the encryption algorithm with the public key on the encrypted message, and would obtain the original message stating “I am the real James…”, indicating I have cryptographically signed it.

Of course, there is more to this algorithm to increase its security, but the basic idea is nice and simple. A bad actor (without access to the private key) cannot come up with encrypted data that would lead to the same message, so it’s secure and reliable.

Conclusion

Public key cryptography has been around for decades and will likely be around for many more due to its combination of security and simplicity. There have been updates to the algorithms over the years, but they are usually related to the length of the keys; the process remains the same. Public key cryptography is a wonderful mathematical tool giving robust security and allowing the modern internet to exist.

More posts