All encryption systems invented before 1970 had one thing in common: They were symmetric. In other words, the keys for encryption and decryption were the same, so a person in possession of the key could either send or receive messages. But in the early 1970s, Whitfield Diffie of Stanford University realized that for some applications this two-way capability was superfluous. If the message traffic is one-way, then the encoding and decoding keys can be different, thus providing an extra level of security.

Together with Martin Hellman of Stanford, Diffie sketched out how such a system would work. The magic ingredient was a “one-way function,” a mathematical operation that is easy to do in one direction but virtually impossible to reverse without additional information. First, each message recipient (say, Alice) chooses a “private key” that she will use to decode messages. (The system should offer a huge number of possibilities, so that Alice can pick a key more or less at random.) Then she uses the “one-way function” to work out the corresponding encoding key. This is a “public key,” which she can share with the whole world, and anyone can use it to send an encrypted message to her. However, only Alice can decrypt the message. There is only one decrypting key that will work (her private key), and no one else can figure it out because that would require them to reverse the one-way function.

This simple realization, that cryptosystems did not have to be symmetric, led to a new era in cryptography. It took away the cloak and dagger. Anyone can use public-key cryptography, not just spies and spy agencies. As Diffie has pointed out, in these systems you don’t need to trust or even know the people you are communicating with; you only need to trust the system itself. This makes public-key cryptography perfect for the world of electronic commerce.

Figure 1 shows how public-key cryptography works in a typical commercial situation. Alice, a banking customer, wants to instruct Bob, her banker, to transfer funds from one of her accounts to another. She scrambles the message using Bob’s public key before sending it to him. Because Bob is the only person with the private key capable of reversing that function, Alice knows that no eavesdropper can read her message.

But how does Bob know the message really came from Alice? Before Alice encrypts her message to Bob for transmission, she creates an ingenious construct called a “digital signature.” To do this she first uses a second one-way mathematical function called a “hash” to scramble and greatly shorten the message she intends to send, including the date. (The hash is different from her private key; it is a cipher without a back door, which no one, even Alice, can unscramble.) She then encrypts this already scrambled “hashed” message, this time using her private key. The final product of this two-step process is Alice’s digital signature. She appends what is now a string of gibberish (her digital signature) to her plaintext message. Finally, she encrypts the whole thing with Bob’s public key and sends it to him electronically.

Bob decrypts Alice’s message using his private key. At the end of the message (“Please transfer $500 from my savings account to my checking account.”), Bob sees a string of gibberish—Alice’s digital signature—and knows that if the message really came from Alice, he can reverse the effects of Alice’s private key by applying her public key to the signature. What then pops out is the gibberish “hash” of the message. As the hash is a one-way function, for all practical purposes, it is impossible to extract any meaning from the hashed data. But Bob can also hash the message he has already decrypted, using the same hashing function Alice used, and produce his own string of gibberish. If the two strings agree, he knows the message that he decrypted is authentic and came from Alice. The “double gobbledygook” nature of Alice’s digital signature prevents Bob from forging Alice’s signature in the future, even though he can produce the same gibberish she did. Since her digital signature is inextricably connected to this particular message and the time it was sent, knowing how to produce it will not help Bob at all if he tries to pass himself off as Alice on another occasion.

Of course, Bob and Alice do not need to be mathematical wizards to do all this; it can all be automated in Alice’s ATM card and Bob’s computer. Similar exchanges of information now go on all the time even in places you would never expect.

It is worth noting that conventional “symmetric” cryptography has not been made obsolete by public-key cryptography. In fact, the two usually work hand in hand. A common application of public-key encryption occurs today on secure websites using just such a combination. When a secure session is initiated between two computers, one of them creates a symmetric key, encodes it via public-key encryption, and sends it to the other. They then use symmetric-key encryption for the rest of the session, because this is faster. After each session is completed the symmetric key is discarded and a new one is generated for the next session.