Public-key systems

the principle of public-key encryption

The principle of asymmetric encryption (also called public-key encryption) first appeared in 1976, with the publication of a work about cryptography by Whitfield Diffie and Martin Hellman.

In an asymmetric cryptosystem (or public-key cryptosystem), keys exists in pairs:

  • A public key for encryption;
  • A secret key for decryption.

In a public-key encryption system, users choose a random key that only they know (this is the private key). From this key, they each automatically deduce an algorithm (this is the public key). Users exchange this public key over an insecure channel.

When a user wants to send a message to another user, he simply needs to encrypt the message to be sent using the recipient's public key (which he can find, for example, in a key server such as an LDAP directory). The latter will be capable of decrypting the message with his private key (that only he knows).

overview of a public-key encryption

This system is based on a function that is easy to compute in one direction (called a one-way trapdoor function) and is mathematically extremely hard to invert without the private key (called the trapdoor).

To put this in images, this means having a user randomly create a small metal key (the private key) and then produce a large number of padlocks (public keys) he keeps in a locker that can be accessed by anyone (the locker plays the role of an insecure channel). To send him a document, each user can take an (open) padlock, close a portfolio containing the document with this padlock, then send the portfolio to the owner of the public key (the padlock's owner). Only the owner will be capable of opening the portfolio with his private key.

Advantages and disadvantages

The problem of communicating the decryption key no longer exists, in that public keys can be sent freely. Public-key encryption therefore lets people exchange encrypted messages without having a shared secret.

On the other hand, the challenge involves making sure the public key you recover actually belongs to the person you want to send the encrypted information to!

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Public-key systems », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (

Subscribe To Our Newsletter!

The Best of CCM in Your Inbox

Subscribe To Our Newsletter!