Continue your mission
Public key cryptography is the technology that makes private communication, digital identity, and trust on the internet possible. From RSA in 1977 through elliptic curve cryptography, PGP, SSL/TLS, Let's Encrypt, and the first post-quantum standards in 2024, the history of public key cryptography is the history of how the internet learned to keep secrets.
Public key cryptography, also called asymmetric cryptography, is a class of cryptographic systems that use mathematically related key pairs: a public key, which can be freely distributed, and a private key, which is kept secret. The central property that makes the system useful is asymmetry: a message encrypted with the public key can only be decrypted with the corresponding private key, and a message signed with the private key can be verified by anyone who holds the public key.
This asymmetry solves two foundational problems in digital security. First, it solves the key distribution problem: parties who have never communicated can exchange encrypted messages without sharing a secret in advance (the recipient's public key is available to anyone, but only the recipient can decrypt what is encrypted with it). Second, it enables digital signatures: a signature created with a private key can be verified against the corresponding public key, proving authorship in a way that cannot be forged by anyone who does not hold the private key.
Every secure website, every email signature, every software update, every code signing certificate, and every cryptocurrency transaction relies on public key cryptography. This article traces the development from RSA through ECC, the political battles over PGP, the commercialization of the web, and the first post-quantum standards now replacing classical algorithms in cryptographic infrastructure.
This is DPS territory: the Data Protection and Sovereignty domain, guided by the Sovereign Data Protocol. SDP's cryptographic lifecycle management requires understanding not only what algorithms exist but where each is in its lifetime, which are approaching deprecation, and what the post-quantum migration path looks like for each use case.
---
The Conceptual Foundation (1976)
The conceptual breakthrough came first. Whitfield Diffie and Martin Hellman's 1976 paper "New Directions in Cryptography" introduced the idea that asymmetric key relationships were theoretically possible and useful. Diffie and Hellman described the public key concept clearly but did not publish a practical public key encryption or digital signature scheme. They noted that such schemes should exist if the mathematical foundations could be found.
The paper also revealed, retroactively in 1997, that British GCHQ engineers had reached equivalent conclusions independently. James Ellis described non-secret encryption in a classified 1969 paper. Clifford Cocks invented what is essentially RSA in a classified 1973 note. These discoveries were not published for nearly three decades.
RSA (1977-1978)
Ron Rivest, Adi Shamir, and Leonard Adleman at MIT responded to Diffie and Hellman's conceptual challenge within a year. Working through the theoretical space of hard mathematical problems that could support asymmetric key relationships, they arrived at the integer factorization problem: the product of two large prime numbers is easy to compute, but factoring the product back into its component primes is computationally hard for large enough primes.
The RSA algorithm, published in Communications of the ACM in 1978, uses this property directly. The public key consists of a modulus n (the product of two large primes p and q) and an exponent e. The private key consists of a different exponent d calculated from p, q, and e. Encryption raises the plaintext to the power e modulo n. Decryption raises the ciphertext to the power d modulo n. The security of RSA rests on the difficulty of factoring n to recover p and q, without which computing d from e and n is infeasible.
RSA was revolutionary because it was the first practical public key algorithm. It provided both encryption and digital signatures. Its security assumption (integer factorization hardness) was well-understood and could be related to centuries of mathematical study.
Key size has been the central evolving parameter of RSA security. The minimum recommended key size has grown from 512 bits (broken in 1999 for less than $1,000 in computation) to 1024 bits (deprecated by NIST in 2013, practically breakable by nation-state adversaries) to 2048 bits (current minimum for most applications) to 4096 bits for long-lived high-value keys. Each increase reflects the growth of computational power available to attackers.
Elliptic Curve Cryptography (1985)
In 1985, Neal Koblitz (University of Washington) and Victor Miller (IBM) independently proposed using elliptic curves over finite fields as the mathematical foundation for public key cryptography. Elliptic curve cryptography (ECC) provides equivalent security to RSA with dramatically shorter keys: a 256-bit ECC key provides roughly the security of a 3072-bit RSA key. The reduction in key size translates to faster computation, lower memory requirements, and reduced bandwidth for key material.
ECC's efficiency advantages made it the preferred choice for resource-constrained environments: mobile devices, embedded systems, and protocols where key exchange overhead matters. It became the foundation for elliptic curve Diffie-Hellman (ECDH) for key exchange and the Elliptic Curve Digital Signature Algorithm (ECDSA) for signatures.
Modern TLS prefers ECDH over classical Diffie-Hellman. Bitcoin uses ECDSA with the secp256k1 curve. The Signal Protocol uses Curve25519 (a specific high-efficiency elliptic curve) for its key exchange operations. ECC is now the dominant form of public key cryptography in new deployments.
PGP and the Crypto Wars (1991)
Phil Zimmermann, an American software engineer and privacy advocate, released Pretty Good Privacy (PGP) in 1991. PGP used RSA (and later other public key algorithms) to provide email encryption and digital signatures accessible to ordinary users. Zimmermann released PGP as free software on the internet, making strong encryption available to anyone with a computer.
The U.S. government's response was a criminal investigation. Under export control regulations in force at the time, cryptographic software was classified as a munition under the International Traffic in Arms Regulations (ITAR). Exporting strong encryption software without a license was illegal, and releasing PGP on the internet effectively made it available globally. The government investigated Zimmermann for three years.
The PGP investigation was not an isolated event. It occurred during what historians of cryptography call the "Crypto Wars" of the 1990s: a sustained conflict between the government's interest in maintaining access to encrypted communications (for law enforcement and intelligence purposes) and the cryptographic community's and privacy advocates' insistence on the public's right to strong encryption.
The government attempted to require use of the Clipper Chip (1993), an NSA-designed encryption standard with a built-in key escrow mechanism that gave government agencies access to encrypted communications. The proposal was widely rejected by the technical community, and it ultimately failed.
The investigation against Zimmermann was dropped in 1996. In the same period, export controls on cryptography were progressively relaxed, recognizing that internet commerce depended on encryption that could not be kept from global use. Zimmermann later said he had released PGP specifically because he anticipated that legislation might ban strong encryption before a grassroots distribution made that politically impossible.
PGP enabled a generation of human rights activists, journalists, and dissidents to communicate with reasonable security. It also introduced the "web of trust" model: rather than relying on centralized certificate authorities, PGP users vouch for each other's key ownership, creating a decentralized chain of trust based on peer verification.
SSL and the Commercial Web (1995)
Netscape Communications created the Secure Sockets Layer (SSL) protocol in 1994-1995 for a specific purpose: securing credit card transactions over the web. The commercialization of the internet required a mechanism for private communication between browsers and servers, and a mechanism for users to verify that the server they were connecting to was actually the entity it claimed to be.
SSL used RSA for key exchange and authentication, combined with symmetric encryption (initially RC4 or DES) for bulk data encryption. The server presented a certificate (a public key signed by a trusted Certificate Authority) proving its identity. The browser verified the certificate against pre-installed CA roots. This became the trust model for the entire web.
TLS (Transport Layer Security) succeeded SSL and is the current standard. TLS 1.0 (1999), TLS 1.1 (2006), TLS 1.2 (2008), and TLS 1.3 (2018) each addressed security issues found in predecessor versions. TLS 1.3 made breaking changes: it mandated forward secrecy, removed support for known-weak cipher suites (including RC4, DES, 3DES, and various export-grade suites), and simplified the handshake.
Let's Encrypt and the HTTPS Transition (2015)
In 2015, the Internet Security Research Group launched Let's Encrypt, a free, automated, open Certificate Authority. Before Let's Encrypt, obtaining a TLS certificate required payment (typically $50-$200 per year), manual verification processes, and non-trivial configuration work. The cost and friction kept HTTPS adoption low: in 2015, only about 30 percent of web traffic was encrypted over HTTPS.
Let's Encrypt automated the entire certificate issuance and renewal process through the ACME protocol, making HTTPS effectively free and operationally trivial. Adoption accelerated sharply. By 2023, more than 95 percent of web traffic was encrypted. Let's Encrypt issued more than three billion certificates. The CA ecosystem, which had been a bottleneck and cost center for web security, was disrupted by automation that removed both the cost and the friction.
Post-Quantum Cryptography (2016-2024)
Shor's algorithm, published by Peter Shor in 1994, is a quantum algorithm that efficiently solves both the integer factorization problem (breaking RSA) and the discrete logarithm problem (breaking Diffie-Hellman and ECDH). A quantum computer with sufficient qubits running Shor's algorithm could break the public key cryptography underlying TLS, SSH, code signing, and every other RSA or ECC application.
The timeline for such a quantum computer is uncertain. Current quantum computers are far from the scale required to threaten 2048-bit RSA. Expert estimates for cryptographically relevant quantum computers range from a decade to several decades. However, the "harvest now, decrypt later" threat model is not speculative: adversaries can capture encrypted traffic today and decrypt it when quantum computing becomes available. Data requiring decades of confidentiality (state secrets, medical records, long-term financial data) is potentially threatened by traffic being recorded today.
NIST launched the Post-Quantum Cryptography Standardization competition in 2016, following the open competition model established by the AES process. After eight years of public cryptanalysis of dozens of candidates, NIST published the first post-quantum cryptography standards in 2024: FIPS 203 (CRYSTALS-Kyber, for key encapsulation, replacing ECDH), FIPS 204 (CRYSTALS-Dilithium, for digital signatures, replacing ECDSA and RSA signatures), and FIPS 205 (SPHINCS+, an additional signature scheme). These are based on lattice problems and hash functions rather than integer factorization or discrete logarithms, and are believed to be resistant to quantum attack.
---
Public key cryptography is infrastructure. It is the reason that internet commerce exists, that private communication is technically possible at scale, and that digital identity (the ability to verify who you are communicating with) can be established between strangers. Compromising the public key infrastructure underlying TLS would compromise the confidentiality and integrity of most internet communication.
The post-quantum transition is the most significant cryptographic transition since the AES competition. It affects everything: TLS certificates, code signing, SSH keys, encrypted storage systems, VPN infrastructure, and any protocol that uses RSA or elliptic curve cryptography for key exchange or signatures. The planning horizon for this transition is measured in years, and organizations that have not begun inventory and migration planning are already behind the curve for data with long-term confidentiality requirements.
---
Digital Signatures
A digital signature uses a private key to produce a verifiable value. The signing operation hashes the message and applies an asymmetric operation to the hash using the private key. Verification applies the inverse operation using the public key. Digital signatures provide authentication (the signer holds the private key), integrity (modification invalidates the signature), and non-repudiation.
Certificate Chains and PKI
TLS trust relies on Public Key Infrastructure (PKI): a hierarchy of Certificate Authorities (CAs) issuing certificates that bind public keys to identities. Root CA certificates are pre-installed in browsers and operating systems. End-entity TLS certificates chain up through intermediate CAs to the root. The browser verifies every signature in the chain before trusting the connection. Certificate Transparency (CT) logs, now required for all publicly trusted TLS certificates, provide an append-only public record of all issued certificates, enabling detection of fraudulent issuance by any CA in the trusted set.
---
CDA's Sovereign Data Protocol (SDP) governs cryptographic lifecycle management across the DPS domain. RSA-1024 is deprecated; any existing use is a posture gap. RSA-2048 is the current minimum but is on the deprecation planning horizon. Long-lived infrastructure should use RSA-4096 or migrate to post-quantum alternatives ahead of the mid-2030s quantum planning horizon. ECC (Curve25519 and P-256) is preferred for new deployments where performance matters.
Post-quantum migration planning should begin now for data requiring decades of confidentiality. The migration requires inventory of cryptographic dependencies (TLS certificates, code signing, VPN configurations, key management infrastructure), assessment of hybrid classical/post-quantum migration paths, and prioritization by data sensitivity and confidentiality lifetime.
The PGP story offers a standing organizational principle: encryption rights must be defended proactively. Policy debates about key escrow and backdoors recur in every generation. The technical community's record of resisting encryption weakening has directly preserved the security of global internet infrastructure.
---
---
CDA Theater missions that address topics covered in this article.
The Enigma machine was an electro-mechanical cipher device used primarily by Nazi Germany during World War II to encrypt military communications.
On November 2, 1988, a Cornell University graduate student named Robert Tappan Morris released a self-replicating computer program onto the ARPANET, the research network that would become the public internet.
Malware is any software designed to disrupt, damage, or gain unauthorized access to a computer system.
Written by Evan Morgan
Found an issue? Help improve this article.