In encryption, how is it you can decrypt with a private key what was encrypted with a public key, or decrypt with a public key what was encrypted with a private key, but not private-to-private or public-to-public?

797 views

I am having a complete mental block understanding decryption with public and private keys. In my head, I am (apparently) falsely equating decryption to using a *Little Orphan Annie* decoder ring like in the movie *A Christmas Story*.

If a block of data was encrypted with a key, I can’t understand how a another key that is completely different is able to decrypt that data. I know there’s a fair bit of complex math involved, but if you multiple X by Y to get Z, then the only way to get X back from Z is to divide by Y.

* data->public key->encrypted->private key->data
* data->private key->encrypted->public key->data
* data->public key->encrypted->public key->error
* data->private key->encrypted->private key->error

In: 2

11 Answers

Anonymous 0 Comments

Although a lot of answers are very valid, they don’t seem to be ELI5. So I’m going to try to explain this in a hopefully simple way.
There are different asymmetric (ie one key to encrypt, and another to decrypt) algorithms. The fundamental thing about them is they there is a relationship between the two keys, but that you can only calculate one from the other, and not the other way around.

A famous example is RSA. The fundament is this:
* take two prime numbers, p and q. The pair (p,q) is your private key
* the public key is what you get when you multiply both keys, so p*q=r, and r would be your public key
* the relationship between those two, (p,q) on one hand, and r on the other, is that you use one to encrypt, and the other to decrypt. This is accomplished through complicated math functions, including powers and modulus and so on, as explained before
* any computer can compute p*q
* however, given a large enough p and q, it is impossible to factor r into the 2 prime numbers p and q (and because they’re prime, it’s the only way they can be factored) in a reasonable time frame

Other public key systems use graphs, eg 3 (or 4 or 5 I don’t remember exactly) define an elliptic curve, but given the curve, you don’t know the points that where originally used (this algorithm is aptly called “Elliptic curves”).

You are viewing 1 out of 11 answers, click here to view all answers.