Imagine you take a bunch of cocoa and a bunch of flour and mix them together in a bowl, and then give the bowl to someone else and ask them to separate the cocoa and flour. Could they do it? In principle, sure. They could get out a magnifying glass and some fine tools, and then go through and separate the mixture little by little. But it would take a *very* long time to do this.

Suppose however that you–and only you–have a special machine that can separate cocoa and flour really quickly. What you now have are the tools for something that’s basically how the most widely used public-key encryption protocol, RSA, works. You can ask someone else to take a bunch of cocoa and flour (the “message”), mix it together (“encrypt” it) and then send it to you. If anyone else intercepted the mixture, yes, they could in principle separate (“decrypt”) the mixture, but the amount of time it would take to do so would likely be prohibitive. Thus, only you, who has the special separation machine, can actually decrypt the message in practice.

RSA public-key encryption works very similarly. I first create a decryption function. I then reverse (or “invert”) that decryption function to get an encryption function, so that if a message is first passed through the encryption function, and then the result is passed through the decryption function, you get the original message back.

In principle, the encryption function could itself be inverted to get the original decryption function, in which case if you know the encryption function then you can also figure out the decryption function. But it turns out (and this is the real genius of this system) that there are ways to do this where the initial inversion (decryption function -> encryption function) is way, *way* easier than going in the opposite direction (encryption function -> decryption function). As a result, if I gave you the encryption function only, then given an infinite amount of time you could definitely recover the decryption function, but you simply won’t be able to do it within a time frame that’s practically useful (e.g., it might take 5000 years).

So what I can do is create a decryption function, invert it to get the associated encryption function, and then send the *encryption function only* to the partner I want to receive a secret message from. My partner can then encrypt their message using that function and send it to me. If that encrypted message gets intercepted by someone, then even though they may have also intercepted the encryption function, since they can’t in practice invert it to get the decryption function, they won’t be able to decrypt the secret message.