RSA
/ˌɑːr-ɛs-ˈeɪ/
n. “Keys, math, and a little bit of trust.”
RSA is one of the most well-known public-key cryptosystems, named after its inventors Rivest, Shamir, and Adleman. Introduced in 1977, it allows secure communication over insecure channels without requiring the sender and receiver to share a secret key in advance. Instead, RSA uses a pair of mathematically linked keys: a public key for encryption and a private key for decryption.
At its core, RSA relies on the practical difficulty of factoring large numbers into their prime components. The public key consists of a modulus (the product of two large primes) and an exponent, while the private key includes information derived from the same primes. Encrypting a message with the public key ensures that only someone with the private key can decrypt it, preserving confidentiality. This asymmetry also enables digital signatures: signing a message with a private key allows anyone with the public key to verify its authenticity.
Example usage: When you connect to a secure website, your browser and the server often use RSA during the TLS handshake to exchange a symmetric session key. Even though the data itself will later be encrypted using a fast symmetric cipher like AES or GCM, RSA ensures that only the intended recipient can establish the shared key, preventing eavesdroppers from intercepting it.
Over the years, the recommended key sizes for RSA have grown due to advances in computing power. A 1024-bit key, once considered secure, is now deemed vulnerable to sophisticated attacks, whereas 2048-bit and larger keys remain widely trusted. Its security is not absolute but relies on the infeasibility of factoring massive numbers with current technology.
Beyond encryption, RSA forms the backbone of many digital signature systems, code-signing tools, and secure email protocols like PGP. It is often used alongside cryptographic hashes like SHA256 or MD5 to ensure both the integrity and authenticity of messages. For instance, a document can be hashed, and the hash encrypted with the sender’s private key to create a signature. Recipients can then decrypt with the sender’s public key and compare the hash, verifying that the document hasn’t been altered.
While modern alternatives like elliptic-curve cryptography (ECC) offer smaller keys and faster computation, RSA remains a foundational cryptographic method. Its legacy is not only technical but cultural: the algorithm helped launch the era of public-key cryptography, showing that secure communication could be achieved without pre-shared secrets.
Understanding RSA also contextualizes many concepts in cryptography, from HMAC to secure key exchange, bridging the gap between theoretical mathematics and practical cybersecurity. It proves that with primes, exponents, and a touch of mathematical elegance, trust can be built even over untrusted networks.