The Lock That Locks Itself

A normal lock uses one key: the key that locks is the key that unlocks. Public-key cryptography breaks that symmetry. You get two keys, a matched pair — and what one of them locks, only the other can open. Publish one to the whole world, keep the other secret, and now anyone can send you a message no one but you can read. Below is a real, working version of the math (RSA), shrunk to toy size so you can watch every number — including the moment you break it.

It sounds impossible the first time you hear it: if the locking key is public, why can't everyone just run it backwards to unlock? The honest answer is the whole subject. The two keys are tied together by a piece of arithmetic that is easy to do forwards and monstrously hard to undo — easy to multiply two big prime numbers, brutally hard to take the product apart again. Don't take that on faith. Make a keypair, use it, then try to break it yourself and watch the difficulty grow.

1. Make a matched pair of keys

RSA builds both keys out of two secret prime numbers. Pick a size and generate a fresh pair — the public key public is (n, e), safe to hand out; the private key private is d, the one thing you never reveal.

Public key — give it away

n =
e =

Private key — keep it secret

d =

⚠ These keys are toy-sized on purpose — small enough that you can read every digit and break them in a moment below. Real RSA keys are 2048–4096 bits (over 600 decimal digits). Nothing here is secure; that's the point — you're meant to see the machinery, not hide behind it.

2. Lock with public, unlock with private

Type a message. We encrypt each byte with the public key — c = mᵉ mod n — turning it into numbers anyone could compute but no one can read. Then the private key undoes it — m = cᵈ mod n — and your words come back.

Encrypted with the public key (one number per byte):

Decrypted with the private key:

…and if an eavesdropper tries the public key to decrypt (the only key they have)?

3. Run it the other way — signatures

The pair works in both directions. Lock something with your private key and anyone can check it with your public one. Only you could have made it, so it's a signature: proof a message is really from you, and hasn't been changed by a letter.

Signature (verifiable by anyone with the public key):

4. Why you can't run the public key backwards

Here is the wall the whole thing leans on. The public key gives away n. The private key d can be computed from n's two secret prime factors — so cracking RSA is exactly the problem of factoring n. Easy when n is small. Try it on the key you just made:

press “Break this key”

Trial division — testing every possible divisor — does about √n steps. Doubling the key's bit-length squares n and so doubles the exponent on the work. That's why a 40-bit toy key falls in a blink and a real one never does. The table is honest about the gap, and about the fact that real attackers use a far cleverer method than trial division:

The check — shown, not asserted

Every number on this page is produced by from-scratch RSA (modular exponentiation, the extended Euclidean algorithm for the private key, Miller–Rabin to find primes) running in your browser — no crypto library. Here it reproduces the canonical textbook worked example, live, right now:

Those are exactly the numbers in the RSA article's worked example (p=61, q=53, e=17). The reproducible verifier goes further — it confirms that every message round-trips (all 3,233 residues for that key), that a foreign private key recovers the message in 0 of 300 trials, that tampering with a signed message is caught in 300 of 300, and that factoring n recovers d exactly in 50 of 50 — then times trial division to show the work growing like √n.

Reproduce it all from a clean checkout: node research/public-key-cryptography/verify.mjs — and this very page is re-driven headless by verify-public-key-crypto.mjs.

Four things worth getting straight

The public key is meant to be public.

This is the part that breaks people's intuition. Handing out the locking key gives an attacker no shortcut to the unlocking key — recovering d from (n, e) means factoring n, and for a 2048-bit modulus no one on Earth can. So you can print your public key on a billboard. The whole edifice of secure websites, signed software, and encrypted messaging rests on publishing one half of the secret openly.

It is not just “a stronger password.”

A password is one shared secret both sides must know in advance. Public-key crypto's trick is that two strangers who have never met and share no secret can still set up a private channel — you encrypt to my published key without either of us agreeing on anything first. That's the problem symmetric ciphers and passwords can't solve on their own, and the reason this was a genuine breakthrough (Diffie–Hellman, 1976; RSA, 1977).

In practice it's only used to hand off a faster key.

RSA is slow and (as you saw) encrypts only small numbers. So real systems almost never encrypt your actual data with it. Instead they use public-key crypto once, to safely agree on a short random symmetric key, then switch to a fast cipher (like AES) for the real traffic. Public-key crypto's job is the handshake — solving “how do we share a secret over a wire everyone can see?” — not the haulage.

“Unbreakable” means “unbroken, so far, by the math we know.”

RSA's security is not proven — it rests on the belief that factoring is hard, a belief no one has overturned despite decades of trying. The best public attack (the general number field sieve) is far faster than the trial division above, yet still leaves 2048-bit keys out of reach: RSA-2048 has never been factored. A large enough quantum computer running Shor's algorithm would break it — which is exactly why “post-quantum” cryptography is being rolled out now. Honesty about what is assumed, versus proven, is the whole game.