Public Key Cryptography

Public key cryptography (also called asymmetric cryptography) is the mathematical foundation that makes blockchain, digital signatures, secure internet communications, and content authenticity possible. Unlike symmetric encryption where both parties share a single secret key, public key cryptography uses a mathematically linked key pair: a public key that can be shared openly and a private key that must be kept secret. Data encrypted with one key can only be decrypted with the other.

The concept was first published by Whitfield Diffie and Martin Hellman in 1976, and independently developed by Ralph Merkle. The RSA algorithm (Rivest, Shamir, Adleman) followed in 1977 and became the dominant implementation for decades. Modern systems increasingly use elliptic curve cryptography (ECC), which achieves equivalent security with much smaller key sizes — Bitcoin and Ethereum both use the secp256k1 elliptic curve, and newer systems adopt Ed25519 for its speed and security properties.

The applications are ubiquitous. Digital signatures use a private key to sign data and a public key to verify the signature — this is how blockchain transactions are authenticated without any central authority. Every Bitcoin transaction is a signed message proving the owner of a private key authorized the transfer. TLS/SSL (the lock icon in your browser) uses public key cryptography to establish encrypted channels for virtually all internet traffic. End-to-end encryption in messaging apps like Signal uses key pairs so that only the intended recipient can read messages.

In the context of Web3 and decentralization, public key cryptography enables trustless systems — you can verify a transaction or message came from a specific key holder without trusting any intermediary. Smart contracts execute based on cryptographic proofs. Self-sovereign identity systems use key pairs to let individuals control their own credentials. Zero-knowledge proofs extend these cryptographic primitives to prove statements without revealing underlying data.

The technology also underpins emerging content authenticity standards. The C2PA specification uses public key cryptography to sign media at the point of capture — a camera or software tool embeds a cryptographic signature that proves the content hasn't been tampered with and traces its origin. This "prove it's real" approach is becoming critical as deepfakes and synthetic media erode trust in digital content.

Post-quantum cryptography represents the next frontier. Quantum computers could theoretically break RSA and ECC using Shor's algorithm. NIST finalized its first post-quantum cryptographic standards in 2024 (CRYSTALS-Kyber for encryption, CRYSTALS-Dilithium for signatures), and migration to quantum-resistant algorithms is underway across critical infrastructure — though the timeline for quantum threats to current cryptography remains debated.