A Method for Obtaining Digital Signatures and Public-Key Cryptosystems An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be "signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in "electronic mail" and "electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret prime numbers p and q. Decryption is similar;only a different, secret, power d is used, where e * d = 1 (mod(p-1) * (q-1)). the security of the system rests in part on the difficulty of factoring the published divisor, n. CACM February, 1978 Rivest, R. Shamir, A. Adleman, L. digital signatures, public-key cryptosystems, privacy, authentication, security, factorization, prime number, electronic mail, message-passing, electronic funds transfer, cryptography. 2.12 3.15 3.50 3.81 5.25 CA780202 JB March 28, 1978 4:40 PM 3021 4 3021 3158 4 3021 3021 5 3021 3021 5 3021 3021 5 3021 3038 5 3021 3111 5 3021 3177 5 3021 3021 6 3021 3021 6 3021 3021 6 3021