In 1976, Whitfield Diffie and Martin Hellman at Stanford published New Directions in Cryptography, demonstrating a way for two parties who had never met to establish a shared secret over a public, monitored channel. Their Diffie-Hellman key exchange lets Alice and Bob derive the same secret number even though Eve, listening to every message, cannot. A year later in 1977, Rivest, Shamir, and Adleman at MIT published RSA, the first practical realization of public-key encryption, in which Alice can publish a public key anyone can use to encrypt messages to her while only Alice (with the private key) can decrypt. For three thousand years of cryptographic history secure communication had required pre-shared secrets; public-key cryptography removed this constraint. The entire architecture of the modern internet rests on this 1970s mathematical idea.
Public-key cryptography rests on trapdoor functions that are easy to compute forward but hard to invert without a secret. RSA uses the believed hardness of factoring large integers (given primes p and q, the product N = p·q is easy to compute but recovering p and q from N is intractable for N of ~2048 bits or more). Diffie-Hellman uses the believed hardness of the discrete logarithm problem. Elliptic-curve cryptography (ECC) uses the same discrete-log problem in the algebraic group of points on an elliptic curve, with much smaller key sizes for equivalent security (256-bit ECC ≈ 3072-bit RSA). The critical phrase is believed hard: none of these problems is proved to be hard. If P = NP, all public-key cryptography breaks. The two main components of any public-key system are encryption/decryption and digital signatures. Public-key systems are orders of magnitude slower than symmetric ciphers, so production systems use hybrid cryptography: public-key crypto only to establish a session key, then fast symmetric crypto for the data. Public-key crypto solves the key-distribution problem but introduces a trust problem (how does Alice know the public key labelled "Bob" really belongs to Bob?). Modern internet trust rests on a hierarchical Public Key Infrastructure of Certificate Authorities, itself a complex and historically vulnerable system. The quantum threat is real: in 1994 Peter Shor showed that a sufficiently large quantum computer could factor integers in polynomial time, directly threatening RSA, Diffie-Hellman, and ECC. NIST has been running a post-quantum cryptography standardisation process since 2016, with first standards finalized in 2024 (CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium for signatures, both lattice-based).
HTTPS uses TLS, which uses public-key crypto for the initial handshake and symmetric crypto for the data. Signal protocol and its descendants (used by WhatsApp, iMessage's optional end-to-end mode) provide end-to-end encrypted messaging that even the platform operator cannot read. Cryptocurrencies use digital signatures (typically secp256k1 ECDSA) to prove ownership of funds, and every iPhone app, every macOS app, every Linux package, every Windows driver is cryptographically signed before users install it. Zero-knowledge proofs (Goldwasser, Micali, Rackoff 1985) extend public-key cryptography to a remarkable capability — proving you know something without revealing what it is — with applications in privacy-preserving cryptocurrency (Zcash) and zk-rollups in Ethereum scaling. Post-quantum migration is now beginning, and will be one of the largest cryptographic transitions in internet history.