What is a Trapdoor Function?

A trapdoor function is also known as TOWF - trapdoor one-way function and constitutes a fundamental cornerstone in modern cryptography, especially for digital signatures and public key encryption schemes. The landmark paper of Diffie and Hellman introduced the notion of trapdoor functions when putting forward the concept of public-key cryptography.

Distinction between the one-way and trapdoor functions

Let's highlight the distinction between the one-way and trapdoor functions:

A one-way function is considered an operation that is easy to compute in one direction but hard to be calculated oppositely. Therefore, given a value xx it is easy to calculatef(x)f(x). However, inversely if we have the value off(x)f(x), it is challenging to compute the value ofxx or requires a long time.

A trapdoor function includes a back door (trapdoor). This back door represents additional secret information allowing smooth calculation of the inverse of a one-way function.

Trapdoor functions are widely used in modern encryption algorithms, identity management, and authenticated transfers.

The following figure exhibits a trapdoor function:

Trapdoor function
Trapdoor function

Examples

Let's look into the following examples to better grasp the concepts:

One-Way function

Consider the following real-world example of a one-way function using the secrets library in Python: A pseudorandom generator producing an output derived from an input that is hard to compute. 

import secrets
output = secrets.randbits(175)
print(output)

Let us explain the code widget above:

  • Line 1: Import the secrests library.

  • Line 2: Invoke the function randbits that returns an integer value with k random bits based on the input specified.

  • Line 3: Display the output generated.

Trapdoor function

Consider the following example of a trapdoor function using the rsa library in Python:

Given a piece of data and a public key, we may produce the resulting hashed value. However, using the resulting hashed value and the public key, we cannot derive the original statement unless we have the trapdoor that is the "private key."

import rsa
 
#Generate The Public And Private Keys
public_Key, private_Key = rsa.newkeys(512)
data = "I like Educative Answers"
 
encData = rsa.encrypt(data.encode(), public_Key)
 
print("Data:", data)
print("Data Encrypted:", encData)
decData = rsa.decrypt(encData, private_Key).decode()
 
print("Data Decrypted:", decData)

Let us explain the code widget above:

  • Line 1: Import the rsa library.

  • Line 4: Invoke the function newkeys that produces public and private keys based on a key length specified as a parameter.

  • Line 6: Initialize the data to encrypt.

  • Line 8: Encrypt the data with the public key.

  • Line 10 - 11: Display the original and encrypted data.

  • Line 13: Decrypt the data with the private key previously generated.

  • Line 15: Print out the decrypted data.

Free Resources

Copyright ©2026 Educative, Inc. All rights reserved