Asymmetric or public-key cryptography differs from conventional cryptography in that key material is bound to a single user. The key material is divided into two components:
Each key generates a function used to transform text. The private key generates a private transformation function, and the public key generates a public transformation function. The functions are inversely related, i.e., if one function is used to encrypt a message, the other is used to decrypt the message. The order in which the transformation functions are invoked is irrelevant. Note that since the key material is used to generate the transformation functions, the terms private key and public key not only reference the key values, but also the transformation functions. For example, the phrase, ``the message is encrypted using the message recipient's public key'', means the recipient's public key transformation function is invoked using the recipient's public key value and the message as inputs, and a ciphertext representation of the message is generated as output.
The advantage of a public-key system is that two users can communicate securely without exchanging secret keys. For example, assume an originator needs to send a message to a recipient, and secrecy is required for the message. The originator encrypts the message using the recipient's public key. Only the recipient's private key can be used to decrypt the message. This is due to the computational infeasibility of inverting the public key transformation function. In other words, without the recipient's private key, it is computationally infeasible for the interceptor to transform the ciphertext into its original plaintext. Note that with a public-key system, while the secrecy of the public-key is not important (in fact, it is intended to be ``public''), the integrity of the public-key and the ability to bind a public-key to its owner is crucial to its proper functioning.
One disadvantage of a public-key system is that it is inefficient compared to its conventional counterpart. The mathematical computations used to encrypt data require more time, and depending on the algorithm, the ciphertext may be much larger than the plaintext. Thus, the current use of public-key cryptography to encrypt large messages is impractical.
A second disadvantage of a public-key system is that an encrypted message can only be sent to a single recipient. Since a recipient's public key must be used to encrypt the message, sending to a list of recipient's is not feasible using a public-key approach.
Although public-key cryptography, by itself, is inefficient for providing message secrecy, it is well suited for providing authentication, integrity, and non-repudiation services. All these services are realized by the digital signature.