This is the most important idea in the entire track, and for a century of cryptography it seemed impossible. Symmetric encryption left us trapped: you cannot share a secret key with a stranger over a network you do not trust. The breakthrough was to split the key into two matched halves — a public key anyone may use to lock a message to you, and a private key only you hold to unlock it. A stranger can now send you a secret with nothing arranged in advance, and the key-explosion problem dissolves. This module makes it real: you will follow a tiny version with actual numbers, then type into a working public-key system — encrypting with a public key, decrypting with a private one, and watching the wrong key fail. It is the idea that made the secure internet, and digital finance, possible.
Module 03 left us trapped. Symmetric encryption is fast and strong, but it depends on both parties already sharing a secret key — and there is no safe way to get that key to a stranger over an untrusted network, because protecting the key would itself require a key you have not yet shared. For most of the history of cryptography this looked like an iron law: secure communication requires a pre-shared secret, so strangers cannot communicate securely out of nowhere.
Then, in the 1970s, came an idea so counterintuitive that it genuinely startled the experts: what if a key did not have to be a single shared secret at all? What if it came in two matched halves — one you could publish to the entire world, and one you alone keep — arranged so that what one half locks, only the other half can unlock? This is public-key cryptography (also called asymmetric cryptography, because the two keys are different), and it quietly dissolves the impossible problem. It is the single most important idea in this track, the foundation of every secure web connection, of card security, and of Bitcoin, and the rest of the module is devoted to making it intuitive and then real.
The leap is worth stating plainly before we build it. In symmetric encryption there is one key, and it must be kept secret by everyone who holds it. In public-key cryptography there are two keys per person — a public key that you hand out freely, print on your website, shout from the rooftops; and a private key that you guard and never share with anyone. They are mathematically linked as a pair, generated together, but — and this is the magic — knowing the public key does not let anyone figure out the private key. You can give the whole world your public key and remain perfectly secure, because the secret half never travels anywhere.
A key splits into two matched halves: a public key you share with everyone, and a private key you alone keep. What one locks, only the other unlocks, yet knowing the public key does not reveal the private key. Because the secret half never has to travel, two strangers can communicate securely with nothing arranged in advance — dissolving the key distribution problem that trapped symmetric encryption.
Here is the picture that makes it click. Forget keys for a moment and think of a padlock — the kind you can snap shut with a click but need a key to open. Now imagine you manufacture thousands of copies of your open padlock and scatter them everywhere: you mail them to friends, leave them in shops, post them online. Anyone in the world can pick one up. But you keep the one and only key that opens them, and you never let it out of your hands.
Now anyone who wants to send you something secret does this: they put it in a box, grab one of your open padlocks, and snap it shut. Snapping the padlock shut is easy — anyone can do it, no key required. But once it clicks closed, only your key can open it — not even the person who locked it can reopen it. They send you the locked box across a city of strangers, and none of them, not even the sender, can get inside. You receive it and open it with your private key.
That is public-key cryptography exactly. The open padlock is your public key — you give it to everyone, and anyone can use it to "lock" (encrypt) a message to you. The key that opens it is your private key — you alone hold it, and only it can "unlock" (decrypt) those messages. The breakthrough is the asymmetry: locking and unlocking are different actions needing different keys, so the ability to lock (public) can be shared with the whole world while the ability to unlock (private) stays with you. The secret half never travels, so there is nothing for an eavesdropper to intercept. The key distribution problem — how to share a secret with a stranger — simply evaporates, because you never had to share the secret at all.
Your public key is an open padlock you hand out freely; your private key is the one key that opens those padlocks, which you alone keep. Anyone can lock a message to you (encrypt with your public key), but only you can unlock it (decrypt with your private key) — not even the sender can reopen it. Locking and unlocking are different actions with different keys, so the secret half never travels.
The padlock is a metaphor; the real thing is built from arithmetic. You do not need the full mathematics — but seeing a tiny, real example with actual numbers turns the magic into something concrete. The most famous public-key method is called RSA, and at its heart is a simple, lopsided fact about numbers: multiplying two large prime numbers together is easy, but taking the result and figuring out which two primes were multiplied is extraordinarily hard. That asymmetry — easy one way, near-impossible to reverse — is what makes the two keys work.
Let us build a working key pair from tiny primes you can check by hand. (Real RSA uses primes hundreds of digits long; we use single digits so the arithmetic stays visible.)
| step | value | what it is |
|---|---|---|
| pick two primes | p = 5, q = 11 | kept secret |
| multiply them | n = 5 × 11 = 55 | public (the "modulus") |
| a helper number | (5−1)(11−1) = 40 | used to build the keys |
| pick a public exponent | e = 3 | the public key is (e=3, n=55) |
| compute its partner | d = 27 | the private key is (d=27, n=55) |
Now watch the two keys work as opposites. To encrypt the number 7, raise it to the public exponent and take the remainder mod 55: 7³ = 343, and 343 mod 55 = 13. The ciphertext is 13. To decrypt, raise 13 to the private exponent and take the remainder mod 55: 13²⁷ mod 55 comes back to exactly 7. Anyone who knows your public key (3, 55) can turn 7 into 13, but only someone with the private key (27, 55) can turn 13 back into 7 — and finding d=27 from the public numbers required knowing the secret primes 5 and 11. With single-digit primes that is trivial to crack; with primes hundreds of digits long it is, as far as anyone knows, effectively impossible, even for every computer on earth working together. That single gap between easy-forward and impossibly-hard-backward is the whole foundation.
RSA rests on a lopsided fact: multiplying two big primes is easy, but factoring the result back into those primes is effectively impossible. The public key and private key are built from that pair of primes so that one encrypts and the other decrypts. Publishing the public key reveals the product, not the primes — so no one can derive your private key, even knowing exactly how RSA works.
Now use a real one. Below is a genuine RSA key pair — slightly bigger than the toy so it can encrypt ordinary text, but still small enough to show every number. The public key (e = 17, n = 3233) is shown openly, as a public key should be; the private key (d = 2753, n = 3233) is what only the recipient holds. Type a message: each character is turned into a number and encrypted with the public key into a string of ciphertext numbers. Then the recipient decrypts with the private key and the message returns. This is real modular exponentiation, computed live — the same operation, just with tiny numbers.
Three things are worth noticing as you play. First, the public key did the encrypting — it is fine for everyone to have it, because it can only lock, never unlock. Second, only the correct private key brings the message back; tick the wrong-key box and the output collapses into nonsense, exactly as it should. Third, and most important: the sender never needed any secret from the recipient. They used the freely published public key. No shared secret was arranged in advance — which is precisely the thing symmetric encryption could not do. You have just watched the key distribution problem be solved.
Step back and see the trapped problem from Module 03 simply melt away. There, to send a secret you first had to somehow share a secret key — but sharing it over an untrusted network exposed it, and you were stuck. Public-key cryptography breaks the loop because nothing secret ever has to travel.
Here is the whole exchange with a stranger, start to finish, with no prior contact. You publish your public key openly — on your website, in a directory, anywhere. A stranger anywhere in the world who wants to send you a confidential message grabs your public key, encrypts with it, and sends you the ciphertext. You decrypt it with your private key, which never left your possession. An eavesdropper watching the entire conversation sees your public key (which is meant to be public and helps them not at all) and the ciphertext (which only your private key can open). At no point did a secret cross the network. The thing that made symmetric encryption impossible between strangers — having to share a secret first — is simply gone.
This is the hinge on which the secure internet turns. When your browser first connects to your bank — two strangers, no prior shared secret — public-key cryptography is what lets them establish a secure channel from scratch, over the open network, with an eavesdropper watching. Without this idea there would be no online banking, no e-commerce, no secure web at all. The thing that seemed like an iron law for a century — that secure communication requires prior contact — turned out to be false, and its falseness is the foundation of digital finance.
Recall the second problem from Module 03: with shared secret keys, every pair of people needs its own key, so the number of keys explodes as the square of the group — a thousand people needed half a million keys. Public-key cryptography dissolves this too, and elegantly.
With public keys, each person needs just one key pair — one public key they publish and one private key they keep. To send a confidential message to anyone, you simply look up their public key and use it; you do not need a separate pre-arranged secret with each person. A thousand people need a thousand key pairs, not half a million shared secrets. The growth goes from explosive (squared) to merely linear (one per person), which is what makes secure communication possible at the scale of billions of people and machines.
Between solving key distribution and dissolving the key explosion, public-key cryptography removes both of the obstacles that made pure symmetric encryption unworkable at internet scale. That is why it deserves to be called the most important idea in the track: it did not just improve secure communication, it made secure communication between strangers possible at all.
Public-key cryptography solves key distribution (no secret ever travels) and dissolves key management (each person needs one key pair, not a shared secret with everyone). Key counts go from explosive to linear. The two obstacles that made symmetric encryption unworkable between strangers at scale both disappear with the same single idea.
Public-key cryptography sounds like it should simply replace symmetric encryption — but it does not, for one practical reason: it is slow. The mathematics that makes the two-key magic work is far heavier to compute than symmetric scrambling. Encrypting a large file or a continuous connection purely with public-key methods would be painfully inefficient. Symmetric encryption, recall, is extremely fast. So real systems use the two together, each for what it does best — an arrangement called hybrid encryption, and it is what actually happens every time you see the browser padlock.
The trick is elegant. When your browser connects to your bank, it does not encrypt the whole session with slow public-key crypto. Instead, it uses public-key cryptography once, at the very start, for the one thing only it can do: to safely agree on a fresh shared secret key with a party it has never met. Then both sides switch to fast symmetric encryption, using that freshly shared key, for the actual bulk of the conversation. Public-key cryptography solves the key distribution problem at the handshake; symmetric encryption does the fast heavy lifting thereafter. Each tool covers the other's weakness perfectly.
This is the resolution the last two modules were building toward. Symmetric encryption was fast but could not establish a shared key between strangers. Public-key encryption could establish that shared key but was too slow for bulk work. Put together, they give us exactly what digital finance needs: any two strangers, anywhere, can set up a fast, secure, confidential channel over the open internet, instantly, with no prior contact. A note on the real world: the RSA method we used is one foundation; modern systems increasingly use a different public-key family called elliptic-curve cryptography (ECC), which achieves the same two-key magic with much smaller keys and so is faster and lighter — and it is the mathematics behind Bitcoin's keys, which we reach later in the track. The idea is identical; only the underlying arithmetic differs.
We have used public-key cryptography in one direction: anyone locks with your public key, only you unlock with your private key. That direction gives confidentiality — secret messages to you. But the two keys are a matched pair, and a natural question is: what happens if you run it the other way — lock with your private key?
Think it through with the padlock. If something can be unlocked by your public key — which everyone has — then it is not secret at all; anyone can open it. So locking with your private key is useless for secrecy. But it does something else entirely, and something powerful: since only your private key could have locked it, the fact that your public key opens it proves the message came from you. No one else could have produced it, because no one else has your private key. You have not hidden the message — you have signed it.
This is the basis of the digital signature, the third of cryptography's three jobs — authenticity — and the subject of the next module. It is the same two-key idea, run in reverse: public-key cryptography forward gives confidentiality; run backward it gives proof of origin. Combine it with the hash from Module 02 — sign the fingerprint, not the whole document — and you get the unforgeable mathematical signature that authorizes a Bitcoin transaction, validates a software update, and proves who sent a financial instruction. The big idea of this module, it turns out, quietly solves not one but two of cryptography's three jobs. Module 05 builds the signature in full.
Six questions on public-key cryptography — the two-key idea, the padlock intuition, how it solves key distribution and management, and why it pairs with symmetric encryption. The questions test the concepts you just saw in action.