Public key cryptography — invented by Whitfield Diffie and Martin Hellman in 1976, and independently by Ralph Merkle — solved a problem that had seemed insurmountable: how do two parties establish a shared secret over an insecure channel without meeting in person first? Before this breakthrough, secure communication required the prior exchange of secret keys — a chicken-and-egg problem for strangers who had never met. Today, every HTTPS connection, every encrypted message, and every secure login depends on the insight Diffie and Hellman published nearly 50 years ago.
The Key Pair Concept
A key pair consists of two mathematically related keys: a public key (shareable with anyone) and a private key (kept secret). The relationship is asymmetric: a message encrypted with the public key can only be decrypted with the corresponding private key. This asymmetry is based on mathematical problems that are "easy" in one direction and "hard" in the other — for RSA, the problem is that multiplying two large prime numbers is fast, but factoring their product back into the primes is computationally infeasible for numbers of sufficient size.
The practical implication: you publish your public key. Anyone who wants to send you a secret message encrypts it with your public key. Only you, with your private key, can decrypt it. Even the person who sent the message cannot decrypt it after sending — they only have your public key, not your private key. This enables secure one-way communication to any party whose public key you have.
The Diffie-Hellman Exchange
The Diffie-Hellman protocol solves the symmetric key establishment problem. The classic analogy: Alice and Bob each choose a secret color. They agree on a common public color. Each mixes their secret color with the public color and sends the mixture to the other. Each then mixes the received mixture with their secret color — and both arrive at the same final color. An observer sees only the common color and the two mixtures, and cannot reconstruct the final color without knowing one of the secret colors. In the mathematical version, colors are numbers and mixing is modular exponentiation — but the insight is identical.
Elliptic Curve Cryptography
Modern implementations increasingly use Elliptic Curve Cryptography (ECC) rather than RSA, for a practical reason: ECC achieves equivalent security with much smaller key sizes. A 256-bit ECC key provides roughly the same security as a 3072-bit RSA key — meaning faster operations, less bandwidth, and lower computational cost. The Signal Protocol uses Curve25519, an elliptic curve designed by Daniel Bernstein for both security and implementation simplicity. This is why your end-to-end encrypted messages can be secured on a smartphone with a battery impact too small to measure.