PKI - Public and Private key pairs

PKI - Public and Private key pairs

Last updated:

PKI or, public-key infrastructure, is a mathematical way of securing communication between two ends.

The reliability of this method rests on some properties of prime numbers.

Prime numbers are just integer numbers that have no smaller number that divides them, producing another integer, e.g.: 13 or 7 or 23.

It just so happens that nobody has yet created an effective factorization (or factoring) algorithm that, given a large number a, quickly outputs the list of numbers that divide a. For example, such algorithm would, if given 24 as input, output the list of numbers that divide 24: 1, 2, 3, 4, 6, 8, 12, 24. There are, of course, some algorithms to do this but most of them aren't very fast and take waaay too much time (decades) to factorize a number with, for example, 200 digits.

So some computer scientists have noticed that this could be used to encrypt data being sent over a network.

That's where the concepts of public key and private key come into play.

Since large number are very hard to factorize, you could choose two very large (100 digits or more) prime numbers and multiply them together, yielding a (roughly) 200-digit number.

Generating large primes and performing multiplication, albeit with large numbers, is relatively straightforward.

Having the two (large) prime numbers and the (even larger) product of both, you could now create an encrypting mechanism whereby the product would be a lock and the two prime numbers a key.

As is the case with real-life locks and keys, your house isn't rendered less secure because your front door lock is exposed to everyone. Only by having a key can you enter your house.

That's exactly what happens when you use a PKI to secure communication between two parties. The difference is that the lock is called public key and the key you would use to open your home's door private key.

The public key (product of the two primes) can be used to verify that you have the correct primes that, when multiplied, yield that product. However, due to practical difficulties mentioned earlier in factorizing a large number, the public key can't be used to derive the private key, rendering the method safe.

N.B.: this is an oversimplified explanation of a PKI. Although qualitatively correct, there are many technical details that were left out.