Understanding Public Key Cryptography

Oluwatosin Serah
Oluwatosin Serah
Technical Writer
Learn how public key cryptography secures data, authenticates users, and protects online transactions.

Before diving into public key cryptography, let's cover some basic concepts.What is cryptography? Traditionally, cryptography involves securing communication so that only the intended recipients can understand the message. Imagine in ancient times, a king sending secret messages through a trusted messenger. The messenger might use a coded language that only the king and the recipient understand which ensures that even if the message is intercepted, it cannot be understood by anyone else. Cryptography has evolved significantly since then, but the core idea remains the same: protecting information.

The term "cryptography" comes from two Greek words: "crypt," meaning "secret," and "graphy," meaning "writing." So, cryptography in greek literally means "secret writing." It is the practice of securing messages so that only the intended recipient can read and understand them, ensuring the privacy and integrity of the information. 

However, the study of cryptography encompasses more than just secret writing, which is referred to as encryption. Cryptography can also be used to prove knowledge of a secret without revealing that secret, such as with zero-knowledge proofs or digital signatures, or to verify the authenticity of data through digital fingerprints, also known as "hashes." We will explore these concepts in more detail soon.

Types of Cryptography

Symmetric Cryptography

Symmetric cryptography, also known as secret-key cryptography, uses the same key for both encryption and decryption. This means that both the sender and the receiver must have access to the same secret key, which must be kept confidential.

How It works:

  • Encryption: The plaintext (original message) is converted into ciphertext (encrypted message) using a secret key.

  • Decryption: The ciphertext is converted back into plaintext using the same secret key.

An example is AES (Advanced Encryption Standard) widely used for securing sensitive data. It operates on fixed block sizes (128 bits) and supports key sizes of 128, 192, and 256 bits. AES is used in various applications, including VPNs, encrypted file storage, and secure communications.

Asymmetric Cryptography

Asymmetric cryptography, also known as public-key cryptography, uses a pair of keys: a public key for encryption and a private key for decryption. 

How It works:

  • Key Generation: A pair of keys (public and private) is generated.

  • Encryption: Anyone can use the recipient's public key to encrypt a message.

  • Decryption: Only the recipient can decrypt the message using their private key.

An example is RSA (Rivest-Shamir-Adleman) which is a widely used asymmetric encryption algorithm that relies on the mathematical properties of prime numbers. RSA is used in secure web browsing (SSL/TLS), email encryption (PGP), and digital signatures.

Hash Functions

Hash functions requires putting in an arbitrary length of  a text/data and getting a fixed length(based on the algorithm used). A cryptographic hash function is a one-way function, meaning for a given value, the fixed length output will always be the same, and you cannot recover the value by decrypting the fixed-length output. 

Here’s how It works:

  • Hashing: Data is processed through a hash function to produce a hash value (or digest).

  • Verification: The hash value can be used to verify data integrity by comparing it with the hash value of the original data.

SHA-256 (Secure Hash Algorithm 256-bit) which Bitcoin uses is an example, it produces a 256-bit hash value. Here is an example of a SHA algorithm calculator you can explore.

Public Key Cryptography

Now that we have an understanding of the different types of cryptography, let's get into public key cryptography in more detail. Public key cryptography relies on unique keys generated based on mathematical functions that are easy to compute but difficult to reverse. This characteristic underpins the security of digital secrets and digital signatures.

Examples of Mathematical Functions

Prime Factorization: Multiplying two large prime numbers is easy, but finding the prime factors of a given product is challenging. For example, given the number 10,007,593, determining its prime factors is much harder than multiplying the primes to produce this number.

Elliptic Curve Arithmetic: This involves performing calculations on an elliptic curve. While multiplying points on the curve is straightforward, dividing or finding the discrete logarithm (which is the inverse operation) is extremely difficult. This difficulty makes elliptic curve cryptography (ECC) very secure. ECC is widely used in modern systems, including Ethereum.

In public key cryptography, keys come in pairs: a private key and a public key. Think of the public key as a bank account number, and the private key as the secret PIN. The public key identifies the account, while the private key grants control over it.

In systems like Ethereum:

  • Public key is used to generate an Ethereum address, similar to a beneficiary account in a bank transfer.

  • Private key controls the account, providing the ability to sign transactions.

Ethereum addresses can represent both externally owned accounts (EOAs) backed by private keys and contract addresses not backed by private keys.

Digital Signatures

Digital signatures verify the authenticity and integrity of messages or documents. In Ethereum, the transaction details serve as the message. Using elliptic curve cryptography, a message can be combined with a private key to create a digital signature. This signature can only be produced with knowledge of the private key, ensuring its authenticity.

When an Ethereum transaction is sent, it includes a digital signature made with the private key linked to the Ethereum address. To verify it, the signature is checked against the transaction details and the Ethereum address. This proves the transaction is from someone with the private key, without revealing the key itself.

This method secures the transaction and guarantees its integrity, showing how effective public key cryptography is.

Private Key 

A private key in Ethereum is simply a random number. Ownership of this private key gives the user control over all funds and contracts associated with the corresponding Ethereum address. The private key creates signatures needed to spend ether and access contracts, proving ownership. It must always remain secret, as revealing it would give others control over the associated ether and contracts.

One way to generate a truly random private key is by tossing a a coin 256 times to create a binary sequence. This sequence forms the private key, from which the public key and address are derived. This process is offline and does not require any communication with the Ethereum network, ensuring that the number is unique and random.

The private key generation process should be truly random to ensure security. Using predictable methods or poor random number generators increases the risk of someone else guessing the private key.

Public Key and Address

An Ethereum public key is generated from the private key using elliptic curve cryptography. The public key is a point on an elliptic curve, consisting of two numbers (x and y coordinates). This generation process is one-way: while it's easy to calculate the public key from the private key, it's practically impossible to reverse the process and derive the private key from the public key.

The public key is calculated through elliptic curve multiplication, expressed as K = k * G, where:

  • k is the private key, 

  • G is a constant point called the generator point, and 

  • K is the resulting public key. 

This multiplication is a one-way function, meaning it cannot be reversed to find k (the private key) from K (the public key).

Address

An Ethereum address is a unique identifier derived from the public key using the Keccak-256 one-way hash function which ensures that the address is unique and securely linked to the public key, which in turn is derived from the private key. The address allows users to interact with the Ethereum network, send and receive ether, and execute smart contracts.

By understanding these processes, users can appreciate the security and robustness of Ethereum’s cryptographic foundations, ensuring that funds and contracts remain secure and controlled only by those who hold the corresponding private key.

Main Business Applications for Public-Key Cryptography

Digital Signatures

  • Purpose: Content is digitally signed with an individual’s private key.

  • Verification: The signature is verified using the individual’s public key.

Encryption

  • Purpose: Content is encrypted using an individual’s public key.

  • Decryption: Only the individual’s private key can decrypt the content.

Security Benefits of Digital Signatures

Authentication: Since the unique private key was used, recipients can be confident that the individual signed the document.

Non-repudiation: The individual cannot deny signing the document as only they have access to the private key used.

Integrity: Verifies that the document or message has not been altered since the signature was applied. Even minor changes would cause the verification to fail.

Security Benefits of Encryption

Confidentiality: Ensures that only the intended recipient can decrypt and view the content encrypted with the public key.

Integrity: Confirms that the decrypted content matches the original encrypted message, ensuring no alterations during transmission. Even slight changes would cause the decryption process to fail.

Applications of Public Key Cryptography

Secure Websites

  • SSL/TLS: Public key cryptography secures data transmitted over the internet. Websites use SSL/TLS protocols to encrypt communications between the server and the client, ensuring that sensitive information such as passwords and credit card numbers remain confidential.

Email Encryption

  • PGP/GPG: Public key cryptography is used to encrypt and sign emails. PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) enable users to send secure emails by encrypting the email content with the recipient's public key, ensuring that only the recipient can decrypt and read it.

Cryptocurrencies

  • Bitcoin, Ethereum, e.t.c: Cryptocurrencies rely on public key cryptography to secure transactions. Each user has a public key that serves as their address and a private key that allows them to sign transactions. This ensures that only the owner of the private key can transfer funds from their account.

Conclusion

Public key cryptography is a fundamental technology that underpins the security of modern digital communications. By using mathematically linked key pairs, it enables secure data transmission, digital signatures, and authentication without the need to share private information. This ensures that sensitive data, from emails to cryptocurrency transactions, remains confidential and tamper-proof.

Understanding public key cryptography provides insights into how our digital world maintains security and privacy. As technology evolves, so will the cryptographic methods, continuing to protect our data and interactions.

References & Further Readings

Read more