Public Key Cryptography Explained

The security behind bitcoin transactions uses public key cryptography. You don’t have to be an expert mathematician or technical genius to understand how this works. Here’s the non-techy explanation.

Cryptography is the art of writing and solving codes. It’s used to keep things secret and secure.

Some kinds of cryptography are symmetric. The same method is used to secure something as is used to retrieve it again. For example: I have a box with a lock on it; anyone with the key can open it. I use a code to encrypt a message; anyone who knows the code can unencrypt it.

Public key cryptography is an asymmetric method of coding things. You don’t use the same thing to secure something as you do to retrieve it. I have a box but it has a special lock, that can be locked with one key, but needs a different key to unlock it. I keep the unlocking key private, but I make lots of copies of the locking key and spread them around to all my friends. Now if anyone wants to send me a private message, they can put it in the box and use the public key to lock it – but nobody can open the box and get the message out except me with my private key. Anyone who puts a message in the box knows that I am the only person who can unlock it.

It works the other way around too. I have another box which my private key can lock, and all of those public keys I have distributed can unlock. I put a message in the box and lock it, and ask someone to deliver it to one of my friends. My friend wants to be sure the message really is from me, and not from somebody pretending to be me, so he finds the public key I have sent him and uses it to unlock the box. That proves that I really did send it.

In the computing world it’s even easier than having boxes and keys. The keys are just very long numbers, great big strings of digits. You keep your private key in a text file on your computer, or in a special app. You use a bit of software magic to generate your public key from the private key. The public key is another very long number, and you can send it to anyone you deal with, by adding it to your email signature or putting it on your website.

The clever part is that the private key generates the public key, but the public key can’t be used to work out the private key.

So if anyone encrypts something using your public key, the only way to decrypt it is by using your private key – which only you have.

If you want to send a secret reply, you use their public key to encrypt the message, and only they can decrypt it with their private key.

If you encrypt something with your private key, anyone can decrypt it using your public key, but that serves to verify it really came from you – it’s been digitally signed. So in this case it’s not a secret message, but it’s a verified message.