Recap of Public-Key Encryption

Let’s have a look at a summary of the chapter.

We'll cover the following


In this chapter, we investigated public-key encryption. We looked at the general problem of designing a public-key cryptosystem and then studied two public-key cryptosystems in some detail. We also looked at how the properties of public-key cryptosystems are most effectively harnessed in applications.

The main issues we covered were the following:

  • Public-key cryptosystems provide the potential for two entities who do not share a symmetric key to employ cryptography to secure the data they exchange.

  • Public-key encryption requires the use of a trapdoor one-way function.

  • RSA is a well-respected and widely deployed public-key cryptosystem with security based on the belief that factoring in large numbers is difficult.

  • ElGamal is a public-key cryptosystem with security based on the belief that solving the discrete logarithm problem is difficult.

  • Variants of ElGamal based on elliptic curves offer the significant benefit that keys are shorter than in either RSA or basic ElGamal.

  • Public-key cryptosystems are less efficient to operate than most symmetric cryptosystems. As a result, public-key encryption is usually employed in a hybrid encryption process, which exchanges a symmetric key used for bulk data encryption.

The significant advantages to applications made possible by public-key cryptosystems led to a revolution in cryptography in the mid-1970s with a further boom in interest following the development of the Internet in the 1990s. However, the public-key cryptosystems in current use are not secure against an adversary with a quantum computer. As a result, there is considerable interest in developing new post-quantum public-key cryptosystems, and developments in this area can be expected.

Public-key cryptography, to an extent, ‘solves’ the problem of symmetric key establishment. However, it replaces this problem with that of authenticating public keys. None of the advantages of public-key cryptosystems can be fully exploited unless we have some level of assurance that public keys are indeed associated with the entities to which we believe they belong.

Get hands-on with 1200+ tech skills courses.