How Cryptography Secures Digital Communication and Online Transactions

Every HTTPS Request You Make Relies on 2,000-Year-Old Mathematics

Every time a browser displays a padlock icon, a chain of mathematical operations is running invisibly. A typical TLS handshake — the process that secures an HTTPS connection — involves modular arithmetic, prime factorization problems, and elliptic curve operations, all completing in under 100 milliseconds. The mathematics behind these operations was formalized centuries before computers existed. The applications emerged only when processing power caught up with the theory.

Cryptography is the science of securing information by transforming it into an unreadable form for unauthorized parties. It is not just about encryption — it encompasses authentication, integrity verification, and non-repudiation. Modern digital infrastructure would be impossible without it.

Symmetric vs. Asymmetric: The Two Pillars of Modern Cryptography

Two fundamentally different approaches to encryption coexist in every secure internet connection.

Symmetric key encryption uses the same key to encrypt and decrypt. Both sender and receiver must possess the key beforehand. The challenge is key distribution: how do you securely share a key before you have a secure channel?

Asymmetric (public-key) cryptography solves this by using mathematically linked key pairs. One key — the public key — can be freely shared. The other — the private key — is kept secret. Messages encrypted with the public key can only be decrypted with the corresponding private key. This eliminates the key distribution problem entirely.

The Mathematics of RSA

RSA — named for Rivest, Shamir, and Adleman, who published it in 1977 — relies on the practical difficulty of factoring large integers.

Key generation works as follows: choose two large prime numbers, p and q. Compute n = p × q. The security of RSA depends on the fact that given n, recovering p and q is computationally infeasible when n is sufficiently large. With a 2,048-bit RSA key, n has approximately 617 decimal digits. The best known factoring algorithms on classical computers would require more time than the age of the universe to factor such a number.

Encryption: a message m is encrypted as c = m^e mod n, where e is the public exponent. Decryption requires the private key d, and computes m = c^d mod n. The relationship between e and d relies on Euler's theorem — specifically that e × d ≡ 1 (mod φ(n)), where φ(n) = (p-1)(q-1). Only someone who knows p and q can compute φ(n), and thus only they can compute d.

Elliptic Curve Cryptography: Smaller Keys, Equal Security

RSA requires very large key sizes to maintain security. Elliptic curve cryptography (ECC) achieves the same security with much smaller keys, making it preferable for constrained devices and modern TLS connections.

An elliptic curve is a set of points satisfying the equation y² = x³ + ax + b over a finite field. These points can be added together using specific geometric rules, forming a mathematical group. The hard problem underlying ECC is the elliptic curve discrete logarithm problem: given points P and Q on the curve where Q = k × P, finding the integer k is computationally infeasible for sufficiently large curves.

• A 256-bit ECC key provides security equivalent to a 3,072-bit RSA key.
• 256-bit ECC requires roughly 40× less processing power than equivalent RSA.
• NIST P-256, Curve25519, and secp256k1 (used in Bitcoin) are the most widely deployed curves.

Hash Functions: Digital Fingerprints

Cryptographic hash functions are one-way mathematical transformations that take input of any length and produce a fixed-size output, called a digest or hash. SHA-256, for example, produces a 256-bit output regardless of whether the input is one byte or one gigabyte.

Three properties make them cryptographically useful:

• Pre-image resistance: Given a hash h, it is computationally infeasible to find any input m such that hash(m) = h.
• Second pre-image resistance: Given m, it is infeasible to find m' ≠ m such that hash(m) = hash(m').
• Collision resistance: It is infeasible to find any two inputs m and m' such that hash(m) = hash(m').

Digital Signatures: Proving Authenticity

A digital signature scheme combines public-key cryptography with hash functions to provide authentication and non-repudiation. The signer computes a hash of the message, then encrypts that hash with their private key. The recipient decrypts the signature using the signer's public key and verifies the hash matches the message. Only the private key holder could have produced the signature.

How TLS Puts It All Together

A modern TLS 1.3 handshake combines all these primitives:

• The client and server agree on cipher suites and exchange ephemeral Diffie-Hellman (or ECDH) public values.
• Each computes a shared secret using their own private key and the other party's public key — a shared secret that neither ever transmitted.
• The server's identity is authenticated via a certificate chain signed by a trusted Certificate Authority.
• All subsequent data is encrypted with symmetric AES-GCM using session keys derived from the shared secret.

The entire handshake takes one round-trip. The asymmetric operations establish a shared secret securely; the symmetric cipher handles the bulk data efficiently. This hybrid architecture is why modern encrypted connections are fast.

The Threat on the Horizon: Quantum Computing

Shor's algorithm, discovered in 1994, can factor large integers and solve the discrete logarithm problem in polynomial time on a quantum computer. This would break RSA, Diffie-Hellman, and ECC entirely. NIST finalized the first post-quantum cryptography standards in 2024 — ML-KEM (formerly CRYSTALS-Kyber) and ML-DSA (formerly CRYSTALS-Dilithium) — based on the hardness of lattice problems, which have no known efficient quantum algorithm. The migration to post-quantum cryptography is one of the most significant infrastructure upgrades the internet will undergo in the coming decade.