Categories

# Asymmetric keys

Perhaps the most ingenious and influential development in modern cryptography is the asymmetric key pair, also referred to as public-private key pairs. The basic idea is that two keys are generated, one for encrypting and one for decrypting. The encryption key is safe to distribute, the decryption key is kept private.

This innovation was pioneered in the late 1970s by two programmers and a mathematician, who gave their initials to the groundbreaking crypto system they invented: RSA. (An interesting side note: A similar system was invented several years earlier by a British intelligence mathematician, but the invention was kept secret and the system deemed impractical at the time given the limitations of computer systems.)

RSA and other asymmetric key systems take the idea of the one-way function a big step forward by creating two keys that work in an asymmetric fashion: The first key is used to create encrypted messages (the public key) and the second is used to decrypt them (the private key). See Figure 1.

### Figure 1. Public-private keys

The math behind this trick is not simple. In fact, for a time, the researchers involved held serious doubts as to whether it was even possible in theory. Today public-private key cryptography underlies much of modern internet security infrastructure, including the “transport layer” security used by SSL/TLS, digital signatures, and cryptocurrencies like Bitcoin.

It’s important to note that asymmetric keys do not create impossible-to-crack systems. But so long as the private key is kept private, it is practically impossible to break the encryption. Besides numerous in-the-wild exploits (including random number attacks, timing attacks, and others) that have been brought to light, the security of even the most secure public-private key pair is based on how long it would take to reverse the process of factoring the numbers involved.

This may not seem very secure, but to quote Brett Slatkin’s article on public key crypto math, “even fancy solutions on the fastest computer on Earth would take until the end of the universe” to crack modern asymmetric encryption. Barring the introduction of practical quantum computing, which would make cracking RSA-like encryption a polynomial time solvable problem (not necessarily a distant possibility), modern algorithms are considered viable for practical applications.

In current applications, asymmetric keys are often used as a kind of handshake to establish a secure channel for the exchange of symmetric keys. (This is what is happening when your browser is “negotiating TLS.”) Because symmetric keys are in practice much faster, the server and client verify each other via asymmetric keys, then hand over symmetric keys for use in further communication. This communication is then safe from eavesdropping or manipulation even over non-confidential channels.