The Math of Cryptography
The Algorithms Protecting the Global Network
1. RSA: The Power of Primes
RSA (Rivest-Shamir-Adleman) is based on the difficulty of Integer Factorization. It is easy to multiply two large prime numbers $p$ and $q$ to get $N$. It is extremely hard for a computer to take $N$ and find $p$ and $q$ if they are hundreds of digits long.
However, RSA is vulnerable if implemented without Padding. Simple RSA (textbook RSA) is deterministic, meaning the same message always produces the same ciphertext. Modern implementations use OAEP (Optimal Asymmetric Encryption Padding) to add randomness.
RSA Public-Key Exchange
Alice (Client)
Step 0: Idle
Click Next Step to begin the RSA exchange process.
Bob (Server)
2. Elliptic Curve Cryptography (ECC)
ECC is the modern replacement for RSA. Instead of using large numbers, it uses the geometry of an algebraic curve over a finite field.
Because the math of ECC is much more complex for a computer to "reverse engineer," we can use much smaller keys. A 256-bit ECC key provides the same security as a 3072-bit RSA key.
There are two primary families of curves used in infrastructure today:
- Weierstraß Curves (NIST P-256): The standard for decades.
- Montgomery/Edwards Curves (Curve25519/Ed25519): Used in modern protocols like WireGuard and SSH.
3. Diffie-Hellman Key Exchange
How do you and a website agree on a password without an eavesdropper seeing it?
- You both agree on a public number (the Generator).
- You both pick a secret number.
- You mix your secret with the public number and send the result to the other person.
- Even if an attacker sees the "mix," they cannot un-mix it to find your secrets.