In contrast to symmetric encryption, asymmetric encryption is relatively new, having been invented, published and thereby made publicly available only in the late 1970s. Asymmetric algorithms became commonly known when Drs. Whitfield Diffie and Martin Hellman released a paper in 1976 called “New Directions in Cryptography.” The Diffie-Hellman paper described the concept of using two different keys (a key pair) to perform the cryptographic operations — the essence of asymmetric cryptography. The pair of keys used in asymmetric cryptography are mathematically related and must always be used as a pair. One key will not work without the other key also being used. The key pair consists of a private key, which the owner of the key pair MUST keep private; and a public key, which is computed from the private key and can be shared with anyone the owner wishes to share it with. Asymmetric cryptography uses what is known as a trapdoor function, meaning that while it may be easy to compute a value in one direction, reversing the process is extremely difficult if not mathematically impossible to do. The mathematics used in creating the key pair makes it simple to calculate the value of the public key if a person knows the value of the private key, but the reverse (i.e., to determine the value of the private key based on the value of the public key) is something we call computationally infeasible — it would take more processing time, on more CPUs and GPUs (graphics processor units) running in parallel, to be confident of making that “lucky guess” at going backward through the trapdoor, so to speak, and cracking the private key based only on the public key. Even Kerckhoffs’s Principle (covered in module 5) doesn’t make these cryptographic attacks any easier! Modern attacks have been done using botnet systems in which CPUs and GPUs become part of a massively parallel attack on such cryptosystems. Trapdoor functions were one of the “new directions” in the Diffie-Hellman paper; the other was using these functions to compute a symmetric session key on demand, without requiring the sender and recipient to first exchange a secret value such as a symmetric encryption key. Suddenly, the key distribution and management problem became much, much simpler. Let’s take a closer look at these ideas and see how they gave rise to public key cryptography as an infrastructure (which we call PKI for short), the widespread use of digital signatures, and a host of other ideas vital to the safe and reliable use of e-business of all forms.