DEV Community: Shreehari Menon

What is Post-Quantum Cryptography? The Internet’s New Armor

Shreehari Menon — Fri, 03 Apr 2026 03:31:01 +0000

Today’s cryptographic locks are strong - but not future-proof. Explore how Post-Quantum Cryptography is building the next generation of digital vaults.

1. Introduction: The Obsolete Vault

Imagine you are the chief security architect for a global bank. For the last thirty years, you have stored all the bank’s assets inside massive steel vaults. These vaults are mathematically guaranteed to withstand lockpicks, blowtorches, and dynamite. They have never been breached.

Then, you read a theoretical physics paper. It proves that a new tool - a focused plasma laser - could slice through your steel vaults in a matter of minutes.

The plasma laser hasn’t been built yet. The prototypes are currently the size of a warehouse and can barely cut through tin foil. It might take scientists ten or fifteen years to build a working, portable version of this laser.

What do you do? Do you wait fifteen years to upgrade your security?

Of course not. By the time the laser is built, the bank robbers will already have it. Furthermore, bank robbers are already stealing your locked steel boxes today, hiding them in warehouses, and waiting for the day they can buy the laser to open them.

You must start replacing every vault door in your bank today with a new, laser-proof material.

This is the exact situation the digital world faces right now. The “steel vaults” are our current cryptographic algorithms (RSA and ECC). The “plasma laser” is the impending Quantum Computer. And the “laser-proof material” we are scrambling to deploy is called Post-Quantum Cryptography (PQC).

Today, we will demystify PQC, explain what it is (and what it isn’t), and explore how the software engineering world is preparing for the largest security upgrade in human history.

2. Demystifying the Biggest Myth

Before we define what Post-Quantum Cryptography is, we must explicitly define what it is not. This is the single biggest point of confusion for junior developers and engineering students.

Myth: “Post-Quantum Cryptography means using a quantum computer to encrypt data.”

Fact: Post-Quantum Cryptography is just regular software running on regular computers.

There are two distinct fields that sound similar but are entirely different:

Quantum Cryptography (Hardware): This involves using actual quantum physics (like shooting individual photons of light through fiber-optic cables) to securely transmit keys. This is known as Quantum Key Distribution (QKD). It requires highly specialized, incredibly expensive hardware.
Post-Quantum Cryptography (Software): This is just new mathematics. It is a new set of algorithms written in standard programming languages (like C, Rust, or Python). You compile this code, and it runs on the normal silicon CPU inside your current laptop, iPhone, or web server.

As a software developer, you will not need a quantum computer on your desk to write Post-Quantum code. PQC is simply an upgrade to our current mathematical libraries. It is classical code designed to withstand a quantum attack.

Post-Quantum Cryptography doesn’t require quantum physics. It is traditional software running on traditional devices, using smarter math.

3. What Actually Makes Math “Quantum-Safe”?

Earlier, we saw that all Asymmetric encryption relies on a Trapdoor Function - a math puzzle that is easy to do, but virtually impossible to reverse without a secret key.

Our current trapdoors are based on factoring prime numbers (RSA) or drawing lines through curves (ECC). We also learned that Shor’s Algorithm gives quantum computers a magical “shortcut” to solve these specific puzzles instantly, bypassing the need to guess.

Therefore, Post-Quantum Cryptography is simply the global search for new mathematical trapdoors that have no quantum shortcuts.

For an algorithm to be considered “Post-Quantum,” it must meet one strict requirement: Brute force must be the only way to break it, even if you own a quantum computer.

If a quantum computer is forced to guess the answer one by one, rather than using a clever mathematical shortcut, it will take billions of years to break the lock, just like a classical computer.

The Analogy: The Sudoku vs. The Labyrinth

Current Crypto (RSA/ECC) is like a Sudoku puzzle: To a classical computer, it looks incredibly difficult. But a quantum computer possesses a mathematical formula that instantly solves any Sudoku puzzle without guessing.
Post-Quantum Crypto is like a massive, multidimensional Labyrinth: Even with a quantum computer’s immense processing power and wave-interference tricks, there is no mathematical formula to instantly find the center. The quantum computer is forced to wander the maze and check every single path, which takes too long to be a threat.

4. The “Goldilocks” Engineering Problem

If we just need harder math problems, why didn’t we upgrade years ago? Because cryptography engineers face an incredibly difficult balancing act. We call it the Goldilocks problem.

To create a viable PQC algorithm for the internet, the math must be:

Hard for Classical Computers: Hackers using normal laptops shouldn’t be able to break it.
Hard for Quantum Computers: Hackers using futuristic quantum machines shouldn’t be able to break it.
Easy for Your Smartphone: Here is the catch! The math must be light enough that a cheap, battery-powered Android phone can calculate the forward direction of the trapdoor in milliseconds without draining the battery.

Finding a math problem that is simultaneously “impossible for a supercomputer to reverse” but “instant for a smartphone to create” is profoundly difficult.

To make matters worse, as we invent these new mathematical labyrinths, the keys (the Public and Private keys) tend to be much larger than the ones we use today. A standard ECC key today is a tiny 256 bits. Some of the new PQC keys are tens of thousands of bits long.

Engineers are currently fighting to optimize these algorithms so they don’t clog up the internet’s bandwidth.

PQC algorithms must perfectly balance extreme security against futuristic threats while remaining lightweight enough for everyday consumer devices.

5. PQC is Already Here: Real-World Applications

You might think that PQC is just a theoretical academic exercise happening in university laboratories. It is not. The transition has already begun, and you are likely using PQC today without even realizing it.

Because of the “Store Now, Decrypt Later” threat - where hackers save your encrypted data today to crack it tomorrow, major technology companies are actively deploying Post-Quantum algorithms right now.

Here is how PQC is impacting the real world today:

Secure Messaging (Signal & Apple): In late 2023, the Signal messaging app upgraded its protocol (the “PQXDH” protocol) to include Post-Quantum cryptography. In early 2024, Apple followed suit, upgrading iMessage with a new protocol called “PQ3.” Even if a quantum computer is built in 2035, it will not be able to read the iMessages you send today.
Web Browsing (Google Chrome & Cloudflare): If you use Google Chrome to visit a website hosted by Cloudflare, your browser is likely performing a “Hybrid” TLS Handshake. It uses both our current math (ECC) and a new Post-Quantum math algorithm simultaneously to exchange keys.
National Security: The United States government has issued mandates requiring all federal agencies to migrate their critical systems to Post-Quantum Cryptography by the early 2030s.

The code is being written, the libraries are being updated, and the new vault doors are being installed while the bank is still open.

6. The Referee: The NIST Standardization Process

You might be wondering: Who decides which new mathematical maze we all use? If Apple invents their own math, and Google invents different math, the internet will fracture. Devices won’t be able to talk to each other securely.

To prevent this, the National Institute of Standards and Technology (NIST) in the United States stepped in to act as the global referee. In 2016, NIST announced a worldwide competition. They asked the smartest mathematicians and cryptographers on Earth to submit their best Post-Quantum algorithms.

Over the course of eight years, these algorithms were subjected to brutal, global peer review. Hackers and academics spent years trying to crack each other’s submissions. Some algorithms were broken in days; others survived for years before a fatal flaw was found.

Finally, in August 2024, NIST published the very first official, standardized Post-Quantum algorithms for the world to use. We will explore these specific algorithms in upcoming articles.

Summary

What it is: Post-Quantum Cryptography (PQC) consists of new mathematical algorithms designed to be secure against both classical and quantum computers.
What it is not: It does not require quantum hardware. It is standard software running on standard silicon chips.
The Goal: To find new “Trapdoor functions” (mathematical mazes) that lack the specific shortcuts that quantum computers exploit.
The Challenge: Balancing unbreakable security with keys that are small and fast enough to run on everyday devices.
The Reality: It is already being deployed today in Google Chrome, Apple iMessage, and Signal to protect data from the “Store Now, Decrypt Later” threat.

What’s Next?

We now know why we need PQC and the basic philosophy behind it. But as developers, we need to understand how the mechanics actually change.

If we are throwing away prime numbers and elliptic curves, what exactly are we replacing them with?

In the next article, How PQC Differs from Classical Cryptography , we will do a side-by-side comparison. We will look at how the architecture of a secure connection changes when we introduce these massive new mathematical puzzle pieces, and what that means for network speed, key sizes, and everyday software development.

The Quantum Threat: How Quantum Computers Will Break Modern Cryptography

Shreehari Menon — Fri, 27 Mar 2026 07:00:16 +0000

A simple, visual guide to qubits, interference, and Shor’s Algorithm - and why the encryption protecting the internet won’t survive.

1. Introduction: The Candle and the Lightbulb

When people hear the term “Quantum Computer” they usually imagine a machine that looks and acts just like their current laptop, only a billion times faster. They imagine a super-powered processor that can play video games at infinite frame rates or download the entire internet in a second.

This is the biggest misconception in modern technology.

A quantum computer is not a “faster” normal computer. It is an entirely different type of machine.

Think of it this way: You cannot build a lightbulb simply by building a bigger, better candle. A candle and a lightbulb both produce light, but the underlying physics they use to generate that light are completely different. A lightbulb can do things a candle could never do, like flash thousands of times a second to transmit data.

Similarly, a quantum computer uses a fundamentally different set of rules to process information. For watching YouTube or typing a Word document, a quantum computer would actually be terrible. But for a very specific set of mathematical problems - specifically, the math problems that protect the entire internet (RSA and ECC) - quantum computers are the ultimate weapon.

Today, we are going to look under the hood of the quantum threat. We will skip the confusing physics equations and use simple analogies to understand exactly how these machines work and why they spell the end of classical cryptography.

2. The Core Difference: Bits vs. Qubits

To understand quantum computing, we have to start at the absolute foundation of how computers store data.

The Classical Bit (The Light Switch)

Every computer you have ever used - from your smartphone to the massive servers at Google - runs on Bits. A bit is like a simple light switch. It has exactly two states: it is either Off (0) or On (1). Every photo, video, and text message is just millions of these 0's and 1's strung together.

If a classical computer wants to solve a maze, it must act like a person walking through it. It checks one path (a specific combination of 0s and 1s), hits a dead end, resets, and tries the next path. It is incredibly fast, but it only ever exists in one state at a time.

The Qubit (The Spinning Coin)

Quantum computers do not use bits; they use Qubits (Quantum Bits).

Instead of a light switch, imagine a coin.

If you place a coin flat on a table, it is either Heads (1) or Tails (0). That is a classical bit.
Now, imagine you flick the coin so it is spinning rapidly on the table.

While the coin is spinning, is it Heads or Tails? It is neither, and yet it is a combination of both. It exists in a fluid state of probability. Only when you slap your hand down on the coin to stop it does it collapse into a definite Heads (1) or Tails (0).

In quantum computing, this “spinning coin” state is called Superposition. A qubit in superposition is not just a 0 or a 1; it holds the possibility of being both simultaneously until the exact moment you measure it.

Classical bits are strictly 0 or 1. Qubits, while “spinning” in superposition, hold the probability of being both at the same time.

3. The Magic of Scaling: Exponential Power

A single spinning coin isn’t very impressive. But what happens when you link them together?

In classical computers, if you add more bits, the power grows linearly.

2 bits can represent one of 4 possible states (00, 01, 10, 11) at any given moment.
3 bits can represent one of 8 possible states.

In a quantum computer, qubits can be mathematically linked together through a phenomenon called Entanglement. When qubits are entangled in superposition, they hold all possible states simultaneously.

2 qubits in superposition hold 4 states at once.
3 qubits hold 8 states at once.
300 qubits hold more states simultaneously than there are atoms in the observable universe.

This means a relatively small quantum computer can hold and manipulate a staggering amount of complex data in its “spinning” state - a feat that the world’s largest classical supercomputer could not achieve even if it were the size of a galaxy.

Every time you add a single qubit, the processing capacity of the machine doubles. The power scales exponentially.

4. The Biggest Myth: “Trying Every Password at Once”

Here is where most people get quantum computing wrong.

Because a quantum computer can hold millions of combinations simultaneously, people assume it cracks passwords by just “trying every combination at once” and picking the right one.

This is mathematically false.

Think back to the spinning coin. While it is spinning, it holds all possibilities. But to get an answer out of the computer, you have to “slap your hand down” and measure it. When you stop the spin, the superposition collapses, and the machine spits out a single, random combination. If you just measured it immediately, it would give you garbage.

So, how does it actually solve a problem? It uses Interference.

The Noise-Canceling Headphone Analogy

Have you ever used noise-canceling headphones on an airplane? They don’t block sound physically. They listen to the roar of the airplane engine, create an exact opposite sound wave, and play it into your ear. The two waves collide and cancel each other out, leaving silence. This is called Destructive Interference.

Conversely, if two waves peak at the same time, they amplify each other. This is Constructive Interference.

A quantum computer acts like a giant set of noise-canceling headphones for mathematics. When a quantum programmer writes an algorithm, they choreograph the spinning qubits so that:

All the wrong answers create waves that crash into each other and cancel out (Destructive Interference).
The correct answer creates waves that align and amplify (Constructive Interference).

By the time you “slap your hand down” to measure the qubits, all the wrong possibilities have been silenced, and the only possibility left standing is the correct answer.

Quantum algorithms use interference to silence incorrect answers and amplify the correct one before the measurement happens.

5. Why This Breaks Cryptography (Shor’s Algorithm)

Now, let’s connect this back to cryptography. Why is this specific “noise-canceling” machine so dangerous to the internet?

Earlier, we had learned that RSA encryption relies on multiplying two giant prime numbers. Factoring that massive number back into its original primes is a nightmare for classical computers because there is no clear pattern; a classical computer just has to guess over and over.

However, mathematicians discovered that factoring prime numbers is fundamentally tied to finding hidden, repeating patterns (called “periods”) in massive datasets.

Classical computers are terrible at finding hidden patterns in a sea of noise. But quantum computers, using the wave interference we just described, are the ultimate pattern-finding machines.

In 1994, Peter Shor wrote a quantum algorithm that uses interference to amplify the exact hidden pattern that reveals the prime numbers of an RSA key.

A classical computer would take 300 trillion years to guess the primes.
A quantum computer running Shor’s Algorithm sets up the waves, lets them interfere, and outputs the exact prime numbers in a few minutes.

Once it has the prime numbers, it has your Private Key. Once it has your Private Key, your cryptography is broken.

6. The Reality Check: Where Are We Now?

If quantum computers are so powerful, why hasn’t the internet collapsed yet?

Because building a quantum computer is one of the hardest engineering challenges in human history. Qubits are incredibly fragile “divas.”

For a qubit to stay in that magical “spinning coin” state (Superposition), it must be isolated from the entire universe. A microscopic fluctuation in temperature, a stray magnetic field, or even a tiny vibration can cause the qubit to accidentally collapse and lose its data. This fatal error is called Decoherence.

To prevent this, quantum processors are suspended inside massive golden chandeliers (called dilution refrigerators) that cool the chip to a fraction of a degree above absolute zero - colder than deep space.

Currently, we can build quantum computers with a few hundred “noisy” qubits. But to run Shor’s algorithm and break a modern 2048-bit RSA key, experts estimate we will need a machine with millions of highly stable, error-corrected qubits.

We are not there yet. Most experts predict we are anywhere from 10 to 15 years away from a machine capable of breaking the internet (often called “Q-Day”). But as we learned last week, because hackers are stealing and storing encrypted data today, the clock has already run out.

Summary

Qubits vs. Bits: Classical bits are strictly 0 or 1. Qubits can exist in a fluid state of both 0 and 1 simultaneously (Superposition).
Entanglement: Linking qubits allows their computing power to scale exponentially, handling massive amounts of complex data at once.
Interference: Quantum computers don’t just “guess everything at once.” They use wave interference to cancel out wrong answers and amplify the correct one.
The Cryptography Killer: Shor’s Algorithm uses this interference to perfectly isolate the hidden math patterns behind RSA and ECC, breaking them in minutes.
The Engineering Hurdle: Qubits are fragile. Building a large-scale, error-free quantum computer requires extreme cooling and isolation, keeping us safe… for now.

What’s Next:

Now that you know how classical cryptography works and why it is fundamentally broken by quantum physics.

It’s time to fight back.

In the upcoming articles, let’s explore Post-Quantum Cryptography. We will introduce the brilliant new mathematical concepts that scientists have designed to replace RSA and ECC. We will look at math puzzles so complex and chaotic that even a fully armed quantum computer gets lost trying to solve them.

Why Current Cryptography Will Eventually Break

Shreehari Menon — Fri, 20 Mar 2026 05:59:10 +0000

Store Now, Decrypt Later: The Silent Countdown to Cryptographic Collapse

1. Introduction: The Invisible Vacuum Cleaner

Right now, as you read this article, vast amounts of encrypted internet traffic may be secretly recorded and stored in massive data centers around the world.

Intelligence agencies and state-sponsored hackers could be actively intercepting secure communications: military blueprints, diplomatic cables, corporate trade secrets, and even private citizens’ encrypted messaging backups.

But there is a catch: they cannot read any of it. The data is secured using the robust RSA and ECC algorithms that we had discussed in our previous articles. To these hackers, the data is currently just a useless, garbled mess of ciphertext.

So, why are they spending billions of dollars to store exabytes of unreadable data?

Because they are playing a long game called “Store Now, Decrypt Later” (SNDL), also known as “Harvest Now, Decrypt Later”. They know a technological earthquake is coming. They are betting that within the next decade or two, a machine will be built that can shatter RSA and ECC instantly. When that day comes, they will simply open their vaults, run the decryption program, and read all the secrets of the past twenty years.

Today, we are going to explore exactly why our current cryptographic shields have an expiration date, how the math is going to be beaten, and why the tech industry is racing against the clock to replace it.

2. The Illusion of “Unbreakable”

To understand why our cryptography will break, we first need to confront an uncomfortable truth: RSA and ECC are not perfectly secure.

In cryptography, there is a difference between being Information-Theoretically Secure (mathematically impossible to break, no matter how much computing power you have) and being Computationally Secure.

Almost the entire modern internet is only computationally secure. This means the lock can be picked; it just takes a ridiculously long time.

RSA relies on the extreme difficulty of factoring massive prime numbers.

ECC relies on the extreme difficulty of reverse-engineering a point bouncing around an elliptic curve.

These algorithms rely on the assumption that a hacker must use Brute Force. Brute force means guessing the answer, checking if it works, and trying again if it fails.

Because classical computers (the laptops, servers, and supercomputers we use today) process tasks sequentially - one after another - brute-forcing a 2048-bit RSA key would require a supercomputer to guess millions of times a second for a period longer than the age of the universe.

Therefore, we deemed them “unbreakable.” We assumed the rules of computing would never change.

3. The Math Shortcut: Shor’s Algorithm

In 1994, a mathematician named Peter Shor published a research paper that sent shockwaves through the intelligence and cryptographic communities.

Peter Williston Shor (born August 14, 1959) is an American theoretical computer scientist known for his work on quantum computation

Shor didn’t build a new computer. He just wrote an algorithm on a piece of paper. He proved mathematically that if a specific type of machine could ever be built, it wouldn’t need to use “Brute Force” to break RSA and ECC.

Instead of guessing millions of times, Shor’s algorithm acts like a mathematical shortcut. It exploits the underlying structure of prime numbers and elliptic curves to find the Private Key in just a few logical steps.

The Analogy: The Maze and the GPS

Imagine you are dropped into a massive, complex maze.

The Classical Computer (Brute Force): You have to walk down a path. If you hit a dead end, you walk all the way back, make a chalk mark, and try the next path. You do this sequentially. It takes years to map the whole maze and find the exit.
Shor’s Algorithm: It doesn’t walk the maze. It mathematically lifts you into the air, gives you a GPS satellite view of the entire maze at once, and instantly highlights the single correct path to the exit.

Shor proved that the “unbreakable” math of RSA and ECC was actually quite fragile if you looked at it from a different dimension. There was only one problem: the machine required to run Shor’s algorithm didn’t exist in 1994. It required a Quantum Computer.

We will explore what a quantum computer actually is in the next article, but for now, just know that it is a machine capable of running Shor’s mathematical shortcut.

Shor’s Algorithm doesn’t guess the password; it calculates it directly by exploiting the math behind RSA and ECC.

4. The Cryptographic Fallout: What Survives?

When a cryptographically relevant quantum computer is finally built and turned on, the internet will not instantly explode. However, the fundamental tools we rely on will be cleanly divided into two categories: Broken and Safe.

The Casualties (What Breaks)

Everything relying on Asymmetric Cryptography (Public/Private Keys) will fail completely.

RSA: Broken.
ECC (Elliptic Curves): Broken.
Digital Signatures: Broken.
TLS Handshakes: Broken.

The Real-World Impact: If Digital Signatures are broken, a hacker could forge Apple’s signature, send a malicious software update to your iPhone, and your phone would happily install it, thinking it came directly from Apple headquarters. Hackers could forge banking certificates, rendering the “Green Padlock” in your browser meaningless. Furthermore, the entire architecture of blockchains and cryptocurrencies like Bitcoin would collapse, as the digital signatures proving ownership of wallets could be easily forged.

The Survivors (What Stays Safe)

Surprisingly, Symmetric Cryptography (like AES) and Hashing (like SHA-256) will largely survive the quantum revolution.

While quantum computers have another algorithm ( Grover’s Algorithm ) that can speed up the brute-forcing of Symmetric keys, it is not an instant shortcut like Shor’s. It merely halves the effectiveness of the key.

The Real-World Fix: To protect Symmetric encryption and Hashing against quantum computers, all developers have to do is double the key size.

We upgrade our AES encryption from 128-bit keys to 256-bit keys.
We upgrade our Hashing from SHA-256 to SHA-384 or SHA-512.

Once we double the sizes, our Symmetric tools are safe from quantum threats. The real crisis lies entirely in Asymmetric cryptography.

The Quantum threat specifically targets how we share keys and prove identity, not how we encrypt bulk data.

5. The “Y2Q” Problem: Why We Must Act Now

If a large-scale quantum computer hasn’t been perfected yet, why are software engineers, banks, and governments panicking about it today? Why not wait until the machine is built?

This deadline is often referred to as Y2Q (Years to Quantum). We must act now because of three colliding timelines:

The SNDL Threat (Data Shelf-Life): As mentioned in the introduction, hackers are storing data today. If you are encrypting medical records or military secrets today, that data needs to remain secret for 25 to 50 years. If a quantum computer is built in 15 years, your data will be exposed before its secret shelf-life expires.
Embedded Hardcoded Systems: Think about satellites launched into space, smart grids, or modern cars. Many of these IoT (Internet of Things) devices have RSA or ECC cryptography hardcoded into their silicon chips. They cannot be easily updated with a software patch. We must start manufacturing them with quantum-safe chips now before they are deployed into the field for twenty-year lifespans.
The Migration Marathon: Upgrading the entire internet is like rebuilding an airplane while it is in flight. The last major cryptographic upgrade took the industry nearly two decades to fully implement.

If we wait for the quantum computer to be built before we start migrating, we will be decades too late.

Summary

Store Now, Decrypt Later: Adversaries are archiving encrypted data today to decrypt it when quantum tech matures.
Classical Security: RSA and ECC are secure today only because classical computers must “brute force” the answer, which takes millions of years.
Shor’s Algorithm: A mathematical shortcut discovered in 1994 that allows quantum computers to crack RSA and ECC in minutes without guessing.
The Fallout: Asymmetric cryptography (RSA/ECC) will be completely broken. Symmetric cryptography (AES) and Hashing remain mostly safe if we use larger keys.
The Urgency: Because infrastructure takes decades to upgrade, and data must be kept secret for decades, engineers must begin migrating to Post-Quantum cryptography immediately.

What’s Next?

We keep blaming this looming catastrophe on “Quantum Computers.” But what exactly are they? Do they just have faster processors? Do they have more RAM?

In the upcoming article, we will briefly lift the veil on the machines themselves. We will completely skip the confusing physics equations and use simple analogies to explain exactly what makes a quantum bit (qubit) different from a regular bit, and why they are the perfect weapon for destroying RSA.

ECC Explained: The Geometry Powering Modern Digital Security

Shreehari Menon — Fri, 13 Mar 2026 06:25:11 +0000

The Lightweight Encryption Revolution Enabling Faster, Safer Digital Communication

1. Introduction: The Smartphone Battery Crisis

Earlier, we explored the mathematical magic of RSA. For decades, RSA was the undisputed king of internet security. Whenever your computer needed to securely swap a password or verify a digital certificate, it relied on the difficulty of factoring massive prime numbers.

But by the late 2000s, a new problem emerged: the smartphone revolution.

RSA works brilliantly on desktop computers plugged into a wall. However, as we learned, to keep hackers at bay, RSA keys had to grow larger and larger. By 2010, a standard RSA key was 2048 bits long - a number so massive it would take pages to write out.

Asking a tiny, battery-powered 3G smartphone to perform complex “clock math” with 2048-bit numbers every time it loaded a secure website was a disaster. It drained batteries, slowed down web browsing, and required too much memory. The tech industry desperately needed a new cryptographic tool. They needed an algorithm that provided the exact same unbreakable “Asymmetric” (Public/Private Key) security as RSA, but was radically lighter, faster, and more efficient.

The answer wasn’t found in prime numbers. It was found in geometry.

It is called Elliptic Curve Cryptography (ECC), and today, it is the technology secretly securing your iMessages, your Bitcoin wallet, and almost every modern website you visit.

2. Moving from Numbers to Shapes

To understand ECC, we have to stop thinking about multiplying numbers (like we did in RSA) and start thinking about drawing lines on a graph.

An Elliptic Curve is a specific type of mathematical curve. If you graph it on a piece of paper, it looks a bit like a sideways bell or a lasso resting on its side.

While the exact algebraic equation ( y² = x³ + ax + b ) isn’t important for us, one visual property of this curve is absolutely critical: Horizontal Symmetry.

If you draw a horizontal line right through the middle of the curve (the x-axis), the top half of the curve is a perfect mirror image of the bottom half. If you find a point on the top of the curve and drop a line straight down, you will always hit another perfectly matching point on the bottom of the curve.

This simple property of symmetry is the engine that drives modern cryptography.

An Elliptic Curve is perfectly symmetrical. Every point on the top has a mirror counterpart directly below it.

3. The ECC Trapdoor: A Game of Cosmic Billiards

Remember our golden rule from last week: All Asymmetric cryptography requires a Trapdoor Function - a process that is very easy to do in one direction, but mathematically impossible to reverse without a secret key.

In RSA, the trapdoor was multiplying prime numbers (easy to multiply, hard to factor). In ECC, the trapdoor is a geometric game of billiards. Cryptographers call it “Point Addition,” but it is much easier to understand visually.

How to Play Elliptic Billiards

Imagine the curve is the bumper of a strangely shaped billiard table.

The Starting Point: We all agree on a starting dot on the curve. Let’s call it Point A.
The Shot: You take a pool cue and hit the ball from Point A. It travels in a perfectly straight line along a tangent until it smacks into the edge of the curve at a new spot.
The Reflection (Symmetry): Because of the curve’s magical mirror property, the ball immediately drops straight down (or straight up) to rest on the mirror-image point on the opposite side of the curve. We will call this resting spot Point B.
Repeat: Now, you line up a shot from Point A to Point B. The ball travels in a straight line, hits the curve, reflects vertically, and lands at Point C.

You can repeat this process as many times as you want. Shoot, hit the curve, reflect. Shoot, hit the curve, reflect. The ball bounces wildly all over the graph.

The Trapdoor: The “Discrete Logarithm” Problem

Here is where the brilliant security of ECC comes in.

Forward Direction (Easy): If a computer knows the starting point, and I tell it to “bounce the ball 5 million times,” the computer can calculate exactly where the ball will end up in a fraction of a millisecond.
Reverse Direction (Impossible): Imagine I walk into the room after you’ve finished playing. I see the starting point, and I see the ball resting at its final point. I ask you: “How many times did you bounce the ball to get there?”

There is no mathematical formula to figure that out. The only way I can find the answer is to grab a pool cue, start at the beginning, and manually recreate every single bounce, counting them one by one until I hit your final spot.

If you bounced the ball a small number of times, I could figure it out. But what if you bounced it a number of times equal to the number of atoms in the universe? It would take my supercomputers millions of years to count the bounces.

This irreversible geometric puzzle is known as the Elliptic Curve Discrete Logarithm Problem (ECDLP).

“Adding” points on a curve: Draw a line through two points, find where it hits the curve, and reflect it. Repeat this millions of times, and the path becomes impossible to reverse-engineer.

4. Generating Keys: Lighter, Faster, Stronger

Now that we understand the trapdoor, generating our Public and Private Keys is incredibly simple.

The Private Key: This is your secret. Your Private Key is simply the number of times you bounced the ball. It is just a massive, random number (e.g: 9,482,103,456…). You keep this safely hidden on your device.
The Public Key: This is what you share with the world. Your Public Key is simply the final resting coordinate of the ball on the graph (e.g: X = 45, Y = 89 ).

You can publish that final coordinate on the internet. Hackers can stare at it all day long, but because of the trapdoor, they cannot reverse-engineer the coordinate to figure out your secret number of bounces.

The Massive Advantage of ECC: Key Size

Why did this save the smartphone? Because the “Billiard Bounce” math is significantly harder to reverse-engineer than RSA’s “Prime Number” math.

Because the math is harder to crack, we don’t need giant keys to be safe.

To get a baseline level of modern security using RSA , you need a key that is 3072 bits long.
To get the exact same level of unbreakable security using ECC , you only need a key that is 256 bits long.

ECC keys are roughly 10 times smaller than RSA keys.

Smaller keys mean less data to transmit over Wi-Fi, dramatically less CPU power required to lock and unlock messages, and significantly longer battery life for mobile devices and IoT (Internet of Things) sensors.

5. Where You Will See ECC Today

Because of its elegance and efficiency, ECC has quietly taken over the digital world over the last decade. As a developer, you will encounter it constantly:

Cryptocurrency: Bitcoin and Ethereum do not use RSA. They exclusively use a specific elliptic curve called secp256k1 to generate your crypto wallet addresses and digitally sign your transactions.
Modern Web Browsing: When you perform a TLS Handshake to securely browse a website, modern servers strongly prefer an algorithm called ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) to swap symmetric keys instantly.
Secure Messaging: Apps like Signal, WhatsApp, and Apple’s iMessage use Elliptic Curves to verify identities and establish End-to-End Encryption on your phone without draining your battery.

6. The Impending Catch

ECC is a masterpiece of modern mathematics. It is elegant, fast, and currently unbreakable by any traditional supercomputer on Earth.

However, there is a dark cloud on the horizon.

Remember how we said ECC is mathematically harder to crack than RSA? That is only true for classical computers - the laptops, servers, and smartphones we use today.

As we will explore soon, the world’s leading physicists and engineers are currently building Quantum Computers. These futuristic machines operate on entirely different laws of physics.

Unfortunately for us, the very thing that makes ECC so great - its tiny, efficient 256-bit key size - makes it a massive vulnerability against quantum machines. An algorithm called Shor’s Algorithm can solve the Elliptic Curve “billiard puzzle” almost effortlessly. In fact, experts predict that a quantum computer will be able to break ECC easier and faster than it can break the bulky, old-school RSA keys.

The ultimate shield we built for the mobile era is fundamentally vulnerable to the next era of computing.

Summary

The Problem: RSA keys grew too large and computationally heavy for modern smartphones and IoT devices.
The Solution: Elliptic Curve Cryptography (ECC) uses the geometry of symmetric curves instead of prime numbers.
The Trapdoor: Bouncing a point around an elliptic curve (Point Addition) is easy to calculate forward, but impossible to trace backward to find the number of bounces.
The Keys: The Private Key is the number of bounces. The Public Key is the final coordinate on the graph.
The Benefit: A 256-bit ECC key offers the same security as a 3072-bit RSA key, saving massive amounts of battery and processing power.
The Reality: It is the standard for Bitcoin, Apple iMessage, and modern HTTPS.

What’s Next?

We have now covered the foundations of modern internet security. You understand Encryption, Hashing, Signatures, Certificates, RSA, and ECC.

But this entire foundation is built on a ticking time bomb.

In the next article we’ll explore - Why Current Cryptography Will Eventually Break. We will look at why RSA and ECC are living on borrowed time, explain the concept of “ Harvest Now, Decrypt Later ” and set the final stage before we officially dive into the Post-Quantum revolution.

RSA Explained: The Simple Math Behind Internet Security

Shreehari Menon — Fri, 06 Mar 2026 07:02:59 +0000

From prime numbers to public keys - how RSA enables secure logins, encrypted communication, and digital signatures.

1. Introduction: The Billion-Dollar Math Problem

Imagine you are a modern software developer. You sit down at your laptop, open your terminal, and type a simple command: sshuser@server.com. Instantly, you are securely logged into a server located halfway across the world. No one can spy on your connection, and the server knows exactly who you are without you ever having to type a password over the internet.

How did this happen? It happened because of a mathematical breakthrough that occurred over forty years ago.

Previously, we had learned about Asymmetric Encryption - the magical “Public Mailbox” system where you use a Public Key to lock a message and a completely different Private Key to unlock it. It solved the ultimate problem of the internet: allowing two strangers to share a secret without ever meeting in person.

But how do you actually build a Public and Private key? How can two digital keys be mathematically linked so that one locks and the other unlocks, without the Public Key accidentally revealing the Private Key?

In 1977, three brilliant researchers — Ron R ivest, Adi S hamir, and Leonard A dleman — published the answer. They named it RSA.

Today, RSA remains one of the most widely used cryptographic algorithms on the planet.

In this article, we will ignore the complex academic equations and just look at the simple, beautiful intuition behind how RSA works.

2. The Core Concept: The Trapdoor Function

To build a Public/Private key system, cryptographers needed to invent a very specific type of mathematical algorithm called a Trapdoor Function.

A Trapdoor Function is a math problem that is incredibly easy to calculate in one direction, but virtually impossible to reverse - unless you possess a secret piece of information (the trapdoor).

Imagine I hand you a bucket of yellow paint and a bucket of blue paint. I ask you to mix them together to create a specific shade of green.

Forward Direction (Easy): You pour some amount of yellow paint and some amount of blue paint into a bucket and stir them together. In a few seconds, you have a particular shade of green.

Reverse Direction (Hard): Now imagine I hand you only the final bucket of green paint and ask you to determine exactly how much yellow paint and how much blue paint were used to create that precise shade.

Was it 50% yellow and 50% blue? Was it 60% yellow and 40% blue?

Or some other exact combination?

Determining the precise original proportions just by looking at the final color becomes extremely difficult.

But what if you had a special chemical (the trapdoor) that could instantly reveal the exact proportions of yellow and blue used to create the shade? That secret chemical would make the impossible task suddenly easy.

That is the essence of a Trapdoor Function. In the digital world, RSA uses numbers instead of paint. Specifically, it uses Prime Numbers.

A Trapdoor Function is easy to compute forward, but impossible to reverse without a secret key.

3. The Secret Ingredients: Prime Numbers and Multiplication

A prime number is a number that can only be divided cleanly by 1 and itself (like 2, 3, 5, 7, 11, 13…). Prime numbers are the fundamental “atoms” of mathematics.

The entire security of RSA relies on one incredibly simple mathematical fact: Multiplying two prime numbers together is very easy, but factoring the result back into the original primes is brutally difficult.

Let’s look at an example:

The Easy Way (Multiplication): If I ask your computer to multiply 7 x 13 , it instantly tells you the answer is 91.
The Hard Way (Factoring): If I give you the number 3127 and ask, “Which two prime numbers did I multiply together to get this?” you will have to guess and check for a while. (The answer is 53 x 59 ).

Now, imagine we don’t use small numbers like 53. Imagine we use prime numbers that are 300 digits long.

If you multiply two 300-digit prime numbers together, a standard laptop can calculate the 600-digit answer in a fraction of a millisecond.

But if you give that 600-digit answer to a room full of supercomputers and ask them to find the original two prime numbers, it would take them millions of years of continuous guessing.

4. How RSA Generates Keys (Step-by-Step)

Here is how a developer’s computer uses this prime number math to generate a Public and Private Key. (We will use small variables to keep it simple).

Step 1: Pick the Secret Ingredients

Your computer secretly chooses two massive prime numbers. We will call them P and Q. (These are the yellow and blue paint - these must be kept absolutely secret. They are the trapdoor!)

Step 2: Create the Public Canvas

Your computer multiplies them together: N = P x Q. The resulting massive number N , is called the Modulo. (This is the green paint, you publish N to the world. It becomes the core part of your Public Key.)

Step 3: Derive the Locking and Unlocking Keys

Using some clever math (specifically, Euler’s Totient function, which we will skip for simplicity), your computer uses the secret primes ( P and Q ) to generate two more numbers:

e (The Public Exponent): This is used for encrypting.
d (The Private Exponent): This is used for decrypting.

The Final Result:

Your Public Key is made of the numbers (N and e). You send this to anyone who wants to talk to you.

Your Private Key is the number (d). You keep this hidden on your computer.

Because a hacker only knows N (the 600-digit number), they cannot figure out P and Q. Because they don’t know P and Q , they cannot calculate d (your Private Key). The math is locked!

The massive public number ’N’ is derived from ‘P’ and ‘Q’. But without knowing ‘P’ and ‘Q’, a hacker cannot build the Private Key.

5. Clock Math: How the Locking Actually Works

So, Bob has Alice’s Public Key ( N and e ). He wants to send her the secret number “ 7 ”. How does he scramble it?

RSA uses something called Modular Arithmetic , which is essentially “Clock Math”. If it is 10:00 AM, and you add 4 hours, it is not 14:00 AM. The clock “wraps around” at 12, so the answer is 2:00 PM. In clock math, we say the “modulo” is 12.

In RSA, the “clock size” is that massive public number N.

To Encrypt (Bob): Bob takes his message, raises it to the power of the public key ( e ), and wraps it around the massive clock ( N ). The message spins around the clock millions of times and lands on a random-looking number. That random number is the Ciphertext.

To Decrypt (Alice): Because the message was spun around the clock using the Public Key, it is trapped. The only mathematical way to unwind it is to spin it forward a very specific, massive number of times until it perfectly resets to the original message. That exact number of spins is the Private Key ( d ).

Alice applies her Private Key, the math unwinds, and the original message pops out!

6. Real-World Applications of RSA

Where will you, as an engineer, actually encounter RSA today?

SSH (Secure Shell): When developers connect to remote servers (like AWS or GitHub), they often generate an “RSA Keypair.” Your computer holds the Private Key, and you upload the Public Key to GitHub.
Digital Signatures: RSA can be used in reverse. If you encrypt a file’s hash with your Private Key, anyone can use your Public Key to verify that you signed it.
PGP (Pretty Good Privacy): Used for encrypting highly sensitive emails, often utilized by journalists and whistleblowers.

7. The Problem with RSA Today (Why it is Aging)

RSA is beautiful, brilliant, and has secured the internet for four decades. However, it has a growing problem: Speed and Size.

Remember, the entire security of RSA relies on the fact that standard computers cannot factor the giant number N back into P and Q. But computers are getting faster every single year.

In the 1990s, a 512-bit N was considered secure. By the 2000s, computers got faster, so we had to increase the key size to 1024 bits. Today, the standard is 2048 bits or even 4096 bits.

These keys are absolutely massive. Doing complex “clock math” with 4000-bit numbers requires a lot of CPU power. If every mobile phone had to do 4096-bit RSA math for every website it visited, battery life would drop. RSA is becoming too heavy for the modern, fast-paced mobile internet.

Furthermore, as we will discuss in upcoming articles, a Quantum Computer doesn’t need to guess. Through an algorithm called Shor’s Algorithm, a quantum computer can find the prime numbers P and Q almost instantly, completely destroying RSA.

Summary

RSA is an Asymmetric Encryption algorithm created in 1977.
It relies on a Trapdoor Function : easy to do one way, practically impossible to reverse without a secret.
The “Trapdoor” in RSA is Prime Number Factorization. Multiplying two giant primes ( P and Q ) is easy; figuring out what they were from the result ( N ) is nearly impossible for classical computers.
The Public Key ( N , e ) is used to spin a message around a mathematical clock.
The Private Key ( d ) is the exact mathematical step required to unwind the clock and reveal the message.
The Catch: As computers get faster, RSA keys must become larger, making the algorithm slower and heavier for modern devices.

What’s Next?

Engineers realized over a decade ago that RSA was getting too bulky. We needed an algorithm that provided the exact same Asymmetric “Public/Private Key” magic, but with much smaller, faster keys.

We found the answer by looking away from prime numbers and looking toward geometry.

In the next article we will explore the algorithm that currently secures your smartphone, modern web browsing, and cryptocurrencies like Bitcoin. We will see how drawing lines through curved graphs created a faster, leaner successor to RSA.

How Internet Security Works: TLS, HTTPS & Certificates

Shreehari Menon — Fri, 27 Feb 2026 09:26:17 +0000

The Invisible Handshake: How Your Browser Proves a Website Isn’t an Imposter

1. Introduction: The Postcard and the Imposter

Imagine you are sitting in an airport terminal, waiting for your flight. You connect to the free “Airport_Wi-Fi” network, open your browser, and type bank.com to check your account balance.

In the early days of the internet, the data you sent - like your username and password - traveled across the network exactly like a postcard in the mail. Anyone who handled the postcard along the way (the Wi-Fi router, the Internet Service Provider, or a hacker sitting two seats away) could flip it over and read your password in plain text. This was standard HTTP (Hypertext Transfer Protocol).

To fix this, engineers added encryption, creating HTTPS (Secure HTTP). Now, your postcard was placed inside an indestructible, locked steel box before it was sent over the Wi-Fi.

Problem solved, right? Not exactly.

As we learned previously, to lock that box, your browser needs the Bank’s Public Key. So, your browser asks the network: “Hey, who has the Public Key for bank.com?”

But what if a hacker is running a fake Wi-Fi router? The hacker replies, “I do! Here is the Public Key for bank.com.” Your browser, not knowing any better, uses the hacker’s key to lock the box containing your password. The hacker intercepts the box, opens it with their own Private Key, steals your password, and then forwards your request to the real bank so you never notice a thing.

This is called a Man-in-the-Middle (MITM) attack.

The encryption worked perfectly, but the identity was faked. How does your computer actually know that the Public Key it receives belongs to the real Bank and not an imposter?

This is the ultimate problem of internet security. Today, we will learn how the internet solves it using Digital Certificates , Certificate Authorities , and the TLS Handshake.

2. The Digital Passport: What is a Certificate?

To solve the imposter problem, we need a way to tie a Public Key to a real-world identity. In the physical world, if someone claims to be “John Smith,” you don’t just take their word for it. You ask to see their Passport or Driver’s License.

In the digital world, we use a Digital Certificate (often called an SSL/TLS Certificate).

A Digital Certificate is simply a tiny data file that binds a cryptographic Public Key to a specific organization or website. When you visit bank.com, the server doesn't just hand you a bare Public Key; it hands you its Digital Certificate.

What is inside a Digital Certificate?

If you click the little padlock icon next to the URL in your web browser, you can actually look at the website’s certificate. Inside, you will find:

Subject Identity: The domain name (www.bank.com) and sometimes the company name holding it.
The Public Key: The actual mathematical key used to encrypt data sent to the bank.
Validity Dates: An issue date and an expiration date (certificates expire to ensure security stays up-to-date).
The Issuer: The name of the organization that verified this information.
The Digital Signature: A cryptographic seal applied by the Issuer to prove the certificate hasn’t been forged.

A Digital Certificate binds a website’s identity to its Public Key, proving you are talking to the right server.

3. The VIP List: Certificate Authorities (CAs)

You might have spotted a logical flaw in the certificate system. If a hacker can create a fake Public Key, what stops them from just typing up a fake Digital Certificate to go with it?

If I print a piece of paper on my home printer that says “I am the President,” you wouldn’t believe it. But if the government prints me an official ID card with holograms and watermarks, you trust it.

The internet relies on such “Governments” called Certificate Authorities (CAs).

CAs are highly secure, globally trusted organizations (like DigiCert, GlobalSign, or Let’s Encrypt). Their entire business is verifying identities. If bank.com wants a certificate, they must apply to a CA. The CA investigates, verifies that the applicant actually owns the domain bank.com, and only then do they issue the Digital Certificate.

Crucially, the CA signs the certificate using the CA’s own Private Key.

The Root Store (The Browser’s VIP List):

How does your laptop know to trust DigiCert or Let’s Encrypt?

When you buy a computer or download a web browser (like Chrome, Firefox, or Safari), it comes pre-installed with a highly guarded list called a Root Store. This is a list of about 100 trusted Certificate Authorities and their Public Keys.

The Chain of Trust works like this:

Your browser connects to bank.com and receives a Certificate.
Your browser checks the Certificate’s signature. It says, “This was signed by DigiCert.”
Your browser checks its internal Root Store. “Is DigiCert on my pre-installed VIP list?”
Yes, it is. The browser uses DigiCert’s Public Key from the VIP list to verify the signature on the bank’s certificate.
Because the signature matches, your browser knows the Bank’s certificate is 100% authentic. The green padlock appears.

If a hacker presents a fake certificate, it won’t have a valid signature from a CA on your VIP list. Your browser will instantly throw up a massive, red warning screen: “Your connection is not private.”

Trust flows downward. Your browser trusts the CA, and the CA vouches for the website.

4. The TLS Handshake: Bringing It All Together

Now that we have solved the identity problem, how does the actual secure connection begin?

This process is called the TLS Handshake (Transport Layer Security). TLS is the modern, secure protocol that makes HTTPS possible. (You may also hear it referred to as SSL, which is an older, obsolete version of the same concept).

When you type https://bank.com and press enter, your computer and the server perform a high-speed cryptographic conversation in milliseconds. It utilizes every single tool we have learned about earlier.

Here is a simplified step-by-step of the TLS Handshake:

Step 1: The Client Hello

Your Browser: “Hi server! I want to connect securely. I know how to speak AES (Symmetric) and RSA (Asymmetric). Here is a random string of numbers to start.”

Step 2: The Server Hello & Certificate

The Server: “Hi browser! Let’s use AES and RSA. Here is my Digital Certificate, which contains my Public Key.”

Step 3: Verification & Key Exchange

Your Browser: (Checks the certificate against its Root Store VIP list. The signature matches. The identity is verified.) “Okay, you are definitely the real Bank. I am now going to generate a brand new, temporary Symmetric Key just for us to use today. I will lock this new key inside your Public Key and send it to you.”

Step 4: The Switch to Symmetric

The Server: (Receives the locked message and uses its highly guarded Private Key to unlock it). “I successfully decrypted your message. I now have the temporary Symmetric Key.”

Step 5: Secure Data Transfer

Both sides: Now that both the browser and the server share a fast, Symmetric key that no one else has, they abandon the slow Asymmetric math. They begin exchanging your passwords, account balances, and data at lightning speed, protected by Symmetric Encryption.

The TLS Handshake uses Asymmetric crypto to verify identity and securely swap a Symmetric key for fast communication.

5. Why TLS is the Ultimate Target for Quantum Computers

You have just learned the exact mechanism that secures trillions of dollars in global commerce, military communications, and private messaging every single day.

But as we conclude our foundation in modern cryptography, we must look at the horizon. Why are governments and tech giants panicking about Quantum Computers?

Look back at the TLS Handshake. It relies on Asymmetric Cryptography (like RSA or Elliptic Curves) in two absolutely critical places:

The Digital Signature: The CA uses Asymmetric math to sign the certificate.
The Key Exchange: Your browser uses the server’s Asymmetric Public Key to safely transmit the Symmetric session key.

Quantum computers are uniquely designed to break Asymmetric math. If a hacker gets a powerful quantum computer, they can mathematically reverse-engineer the Private Keys of the Certificate Authorities.

They could forge perfect, mathematically valid certificates for bank.com or google.com.
They could bypass the Root Store VIP list completely.
Your browser would see a green padlock, completely unaware that the TLS handshake is happening with a hacker’s server.

The entire chain of trust would instantly evaporate. This is the “Quantum Apocalypse” scenario that Post-Quantum Cryptography (PQC) is racing to prevent.

Summary

HTTP sends data in plain text. HTTPS secures it using the TLS protocol.
Man-in-the-Middle (MITM) Attacks happen when a hacker intercepts traffic and provides a fake Public Key.
Digital Certificates solve this by acting as a digital passport, binding a Public Key to a real-world identity.
Certificate Authorities (CAs) are trusted organizations that issue and digitally sign these certificates. Your browser trusts them via a pre-installed Root Store.
The TLS Handshake is the process where a browser and server verify identities (using Certificates) and securely agree on a fast Symmetric key to encrypt the session.

What’s Next?

Now that we have completed the foundations of modern internet security. You know the what and the why of Cryptography.

Next, we will be going to look under the hood at the how. Before we can understand how Post-Quantum algorithms work, we must briefly understand the classical algorithms they are replacing.

In the upcoming article, we will demystify the most famous cryptographic algorithm in the world. We will look at the simple, elegant math that powers those Public and Private keys — and see exactly why it works so beautifully today.

Symmetric vs. Asymmetric Encryption Explained

Shreehari Menon — Fri, 20 Feb 2026 05:18:09 +0000

From Secret Handshakes to Public Keys: Why the Internet Needs Both - and Why Quantum Computers Threaten Them

1. Introduction: The Impossible Handshake

Imagine you want to send a secret package to a friend who lives on the other side of the world. You have a diamond (the data), a virtually indestructible steel box (the cipher), and a high-security padlock (the key).

You put the diamond in the box, lock it with your padlock, and ship it. But then you realize a massive problem: How does your friend open it?

You have the only key. If you mail the key in a separate envelope, the mail carrier (or a thief) could intercept the envelope, copy the key, and lock the envelope back up. They would then have full access to your diamond when the box arrives.

This scenario represents the Key Distribution Problem, and it plagued cryptographers for thousands of years. For centuries, if generals wanted to communicate securely, they had to meet in person to exchange codebooks before going to war.

In the digital age, “meeting in person” is impossible. Your web browser needs to communicate securely with a bank server in Switzerland that you have never visited. How can you agree on a secret code without a hacker in the middle stealing it?

The answer lies in the two main families of cryptography: Symmetric and Asymmetric encryption.

Today, we will explore how they work, why they are different, and how the modern internet combines them to solve the “Impossible Handshake.”

2. Symmetric Encryption (The Secret Handshake)

“Symmetric” means “the same on both sides.” In this type of cryptography, the same key is used to lock (encrypt) and unlock (decrypt) the data.

This is the traditional form of cryptography, almost all historical encryption was symmetric.

How It Works :

Agreement: Alice and Bob agree on a secret key (e.g., “RedHorse99”).
Encryption: Alice uses “RedHorse99” to scramble her message.
Transmission: She sends the scrambled text to Bob.
Decryption: Bob uses the exact same key, “RedHorse99,” to unscramble it.

The Analogy: The Hotel Safe

Think of a hotel room safe. You type in a 4-digit code (the key) to lock the door. To open the door again, you must type in that exact same 4-digit code. If you forget the code, the contents are lost. If someone watches you type the code, the security is broken.

The Champion Algorithm: AES

The gold standard for symmetric encryption today is AES (Advanced Encryption Standard). It is used by the US government to protect Top Secret data. AES is incredibly efficient and secure.

Speed: It is blazing fast. Modern computer processors often have special hardware just to run AES calculations instantly.
Usage: It is used to encrypt data at rest (your hard drive) and high-volume data in transit (streaming video on Netflix).

The Fatal Flaw

Symmetric encryption has one major weakness: How do you share the key? If you are Amazon and you have millions of customers, you cannot possibly meet every customer in person to whisper a secret key into their ear. If you send the key over the internet, hackers can steal it.

This limitation meant that for decades, secure communication over an open network like the internet was theoretically impossible, until 1976.

Symmetric Encryption uses one shared key for both locking and unlocking. Speed is high, but sharing the key safely is hard.

3. Asymmetric Encryption (The Public Mailbox)

In 1976, researchers Whitfield Diffie and Martin Hellman proposed a radical idea that changed history. What if we didn’t use one key? What if we used two?

This is called Asymmetric Encryption (or Public-Key Cryptography). In this system, every user generates a mathematically linked pair of keys:

The Public Key: This key can be given to anyone. You can post it on Twitter, print it on a billboard, or put it in your email signature. It is used only to Encrypt (Lock).
The Private Key: This key is kept secret. It never leaves your device. It is used only to Decrypt (Unlock).

The Magic Rule

Here is the mathematical magic that makes this work: Data encrypted with the Public Key can ONLY be decrypted by the Private Key. Even the Public Key itself cannot unscramble the message it just created!

The Analogy: The Open Padlock

Imagine Alice wants to receive secure messages.

Alice buys thousands of identical padlocks. She opens them all up.
She sends these Open Padlocks (Public Keys) to everyone — Bob, Charlie, and the mailman. She keeps the Key (Private Key) to these padlocks in her pocket and never gives it to anyone.
Bob wants to send Alice a secret. He puts his message in a box, grabs one of Alice’s open padlocks, and clicks it shut.
Crucial Step: Once Bob snaps the padlock shut, even Bob cannot open it again. He doesn’t have the key!
The box travels safely to Alice. Even if a thief steals the box, they see a locked padlock.
Alice receives the box and uses her Key (Private Key) to open it.

The Champion Algorithms: RSA and ECC

RSA (Rivest-Shamir-Adleman): The original grandfather of internet security. It relies on the difficulty of factoring massive numbers.
ECC (Elliptic Curve Cryptography): A modern, more efficient version. It provides the same security as RSA but with much smaller keys, making it perfect for mobile phones.

The Flaw:

If Asymmetric encryption is so magical, why don’t we use it for everything? It is incredibly slow. Because the math involved (factoring huge numbers) is complex, it requires a lot of processing power. If you tried to watch a YouTube video encrypted entirely with RSA, your battery would die in minutes, and the video would buffer constantly.

Asymmetric Encryption uses a Public Key to lock and a different Private Key to unlock. It solves the key distribution problem.

4. The Hybrid Solution: The Best of Both Worlds

So, we have two tools:

Symmetric (AES): Fast, but hard to share keys.
Asymmetric (RSA/ECC): Secure key sharing, but slow.

How does the internet work? We use both.

Every time you visit a secure website (https://), your browser performs a “Handshake” that combines these two families.

The Hybrid Handshake (Simplified)

The Hello: Your browser contacts the Bank’s server.
Asymmetric Phase: The Bank sends you its Public Key (The Open Padlock).
Key Generation: Your browser generates a temporary Symmetric Key (e.g., “SessionKey123”).
Secure Exchange: Your browser encrypts this “SessionKey123” using the Bank’s Public Key and sends it back.
Decryption: The Bank uses its Private Key to decrypt the message and retrieve “SessionKey123.”
Symmetric Phase: Now, both you and the Bank have “SessionKey123.” You discard the slow Asymmetric keys and use the fast Symmetric encryption (AES) for the rest of your browsing session.

This allows us to load high-definition video securely (speed of Symmetric) without ever having to meet the server administrator in person (security of Asymmetric).

The Internet uses Asymmetric crypto to safely swap a Symmetric key, then switches to Symmetric for speed.

5. Why This Distinctions Matters for the Future (PQC)

You might be wondering why we are spending so much time distinguishing between these two families.

Here is the critical connection to the rest of this course:

Quantum Computers affect these two families differently.

Symmetric Encryption (AES): It is mostly safe. Quantum computers can weaken it slightly, but we can fix that simply by making our keys longer (e.g upgrading from AES-128 to AES-256).
Asymmetric Encryption (RSA/ECC): It is doomed. The math that powers Public/Private keys (factoring numbers) is exactly the kind of math that quantum computers are terrifyingly good at solving. A powerful quantum computer could derive your Private Key from your Public Key, shattering the security of the entire internet.

This is why Post-Quantum Cryptography (PQC) is almost entirely focused on finding replacements for the Asymmetric part of the handshake. We need new ways to swap keys that don’t rely on the math that quantum computers can break.

Summary:

What’s Next?

We have now covered the tools: Encryption, Hashing, and Signatures. We know how keys are swapped.

But how do we trust the person giving us the key? If a hacker intercepts your connection to the bank and gives you their Public Key instead of the bank’s, how would you know?

The answer lies in the Certificate System.

In the upcoming week we will discuss How Internet Security Works (TLS, HTTPS & Certificates), we will put all these pieces together to explain the “Green Padlock” in your browser. We will learn how a global web of trust prevents hackers from impersonating Google, Amazon, or your bank.

Encryption vs Hashing vs Digital Signatures: Understanding the Core of Digital Security

Shreehari Menon — Fri, 13 Feb 2026 05:10:32 +0000

A beginner-friendly guide to the three technologies protecting modern digital communication.

1. Introduction: The Developer’s Dilemma

A few years ago, a massive tech company suffered a devastating data breach. Cybercriminals broke into their backend servers and stole millions of user accounts. However, the real scandal was not the break-in itself; it was what the hackers found inside the database. The development team had “secured” the user passwords using encryption instead of hashing. When the hackers eventually found the decryption key hidden on another server, they instantly unlocked every single password in plain text.

This is a classic - and highly dangerous - mistake.

Earlier, we learned that cryptography is essentially a security toolbox designed to protect three things: Confidentiality (keeping secrets), Integrity (preventing tampering), and Authentication (proving identity). But a toolbox is only useful if you know exactly which tool to grab. You wouldn’t use a hammer to drive a tiny screw. Similarly, you should never use encryption to store a password.

Today, we are going to pull the three most critical tools out of the cryptographic toolbox: Encryption , Hashing , and Digital Signatures. By the end of this article, you will understand exactly how they differ, the intuition behind how they work mechanically, and precisely when you, as a developer, should use each one in a real-world system.

2. Tool 1: Encryption (The Two-Way Street)

Primary Goal: Confidentiality (Keeping secrets safe from prying eyes)

When most people outside of the tech industry hear the word “cryptography”, they are actually thinking solely of encryption. Encryption is the process of scrambling readable data (Plaintext) into an unreadable format (Ciphertext), with the specific and deliberate intention of unscrambling it later.

The most important thing to remember about encryption is that it is a two-way street. If you can encrypt data, there is a mathematical way to decrypt it, provided you possess the right key.

How it Works: The Lockbox Analogy

Imagine you have a highly confidential corporate document. You place this document inside a sturdy titanium lockbox and snap a padlock shut. You hand the box to a courier. The courier can carry the box across the country, on airplanes and trains, but they cannot read the document inside. When the box finally reaches its destination, the recipient uses a physical key to unlock the padlock and read the original document.

In digital terms:

The original document is the Plaintext.
The locked titanium box is the Ciphertext.
The physical key is the Cryptographic Key (usually a long string of digital bits).

When Developers Use Encryption

You use encryption whenever data needs to travel securely or be stored safely, and a legitimate user or system needs to read that original data later. Engineers generally divide this into two categories:

Data in Transit: When information is moving across a network. For example, when you browse a website using HTTPS, the data flowing between your browser and the server is encrypted. Your Internet Service Provider can see that you are connected to a bank, but they cannot see your account balance or passwords.
Data at Rest: When information is sitting still on a storage device. For example, BitLocker on Windows or FileVault on Mac encrypts your laptop’s entire hard drive. If a thief steals your laptop, they cannot extract your files without the decryption password.

Encryption is a reversible process. What goes in can be perfectly recovered with the correct key.

3. Tool 2: Hashing (The One-Way Street)

Primary Goal: Integrity (Proving data hasn’t changed)

If encryption is a reversible lockbox, hashing is a paper shredder.

Hashing is a mathematical algorithm that takes an input of any size - a single word, a high-resolution photograph, or a 100-gigabyte database file - and crushes it down into a fixed-length string of random-looking characters. This output is called a Hash or a Digest.

Crucially, hashing is a one-way street. Once data is hashed, it is mathematically impossible to reverse the process and get the original data back. Just as you cannot realistically reassemble a document once it has been thoroughly shredded, you cannot reverse a hash to recover the original data.

The Magic of the “Avalanche Effect”

A high-quality hashing algorithm (like SHA-256) has two vital properties:

Deterministic: If you hash the word “Apple”, you will get the exact same 64-character hash every single time.
Highly Sensitive (The Avalanche Effect): If you hash a 500-page book, and then change a single comma on page 240, the resulting hash of the entire book will completely and radically change. The new hash will look absolutely nothing like the old hash.

Why Developers Use Hashing

Because hashes act as unique, highly sensitive digital fingerprints, they are perfect for two specific jobs:

File Verification: When you download a large software update, the developer publicly posts the “Hash” of the legitimate file on their website. Your computer downloads the file, hashes it locally, and compares the two hashes. If they match perfectly, you have mathematical proof that the file wasn’t corrupted during the download, nor was a virus secretly injected into it by a hacker.
Password Storage (The Golden Rule): Websites must never store your actual password. Instead, when you create an account, the server hashes your password and stores only the hash. When you log in tomorrow, the server hashes whatever you type into the login box and compares it to the stored hash. If they match, you are granted access.

Hashing creates a unique, fixed-size fingerprint of data. It is inherently irreversible.

4. Tool 3: Digital Signatures (The Seal of Authenticity)

Primary Goals: Authentication (Proving Identity) and Non-Repudiation (You can’t deny sending it).

In the physical world, we use pen-and-ink signatures and official notary stamps to prove that a contract is legitimate and that a specific person agreed to the terms. In the digital world, a scanned image of your signature is completely useless - it can be copy-pasted onto a fake document in seconds.

We need a mathematically unbreakable proof of identity. We achieve this by cleverly combining Asymmetric Encryption (which utilizes a Public and a Private key pair) and Hashing.

Note: We will dive deep into exactly how Public/Private keys work mathematically later on. For now, just know that the Private Key is kept absolutely secret by the sender, and the Public Key is shared freely with everyone in the world.

How it Works: The Digital Wax Seal

Imagine Alice wants to send a legally binding contract to Bob to buy a house. She needs to prove to Bob that she genuinely sent it, and she needs to guarantee that nobody altered the purchase price in transit.

The Hash: Alice’s computer first creates a Hash (a digital fingerprint) of the contract.
The Signature: Alice’s computer then encrypts only that Hash using her secret Private Key. This encrypted hash is her Digital Signature. She attaches this signature to the bottom of the contract and sends the whole package to Bob.
The Verification: Bob receives the contract. His computer performs two distinct actions:

It creates its own fresh Hash of the contract document.
It decrypts Alice’s attached signature using Alice’s freely available Public Key. Doing this reveals the original Hash that Alice made.

The Match: Bob’s computer compares the two hashes. If they match exactly, the signature is 100% valid!

Because only Alice possesses her Private Key, only Alice could have created that specific signature. This provides Non-Repudiation - Alice cannot claim later, “I didn’t sign that, I was hacked!” Furthermore, if a hacker intercepted the contract and changed the purchase price from $300,000 to $100,000, the hashes would no longer match, and the signature would instantly flash as invalid.

When Developers Use Digital Signatures

Software Updates: Your iPhone will only install operating system updates that are digitally signed by Apple’s private key. This strictly prevents hackers from tricking your phone into installing fake, malicious software.
Cryptocurrency & Web3: In blockchain networks like Bitcoin, digital signatures are the core mechanism that proves you are the true owner of a digital wallet and that you authorized a transfer of funds.

Digital Signatures use Hashing for integrity and Private Keys for identity, proving who sent a message and that it remains unaltered.

5. The Grand Scenario: Putting it All Together

To solidify these concepts, let’s look at a real-world scenario where a software developer must use all three tools simultaneously to build a secure system.

Imagine Alice (a CEO) is sending a highly sensitive corporate acquisition document to Bob (her lead lawyer) over the internet.

Integrity: First, Alice’s software runs the document through a Hashing algorithm. This creates a fingerprint to ensure that not a single word of the acquisition terms can be altered during transit.
Authentication: Next, Alice’s software takes that Hash and locks it with her Private Key, creating a Digital Signature. Bob now has undeniable proof that Alice - authorized this document.
Confidentiality: Finally, Alice’s software takes the document and the signature, puts them together, and Encrypts the entire package before sending it. Now, if corporate spies intercept the data as it travels across the internet, they will see nothing but scrambled noise.

By combining the right tools for the right jobs, Alice and Bob have achieved absolute cryptographic security.

Summary: The Developer’s Cheat Sheet

What’s Next?

You now know the vital differences between scrambling data to hide it (Encryption) and crushing data to fingerprint it (Hashing). You also know that you should never, ever use encryption to store a password.

However, a major question remains. Under the umbrella of “Encryption”, there is a massive historical divide. How exactly do those “Keys” work? How can two computers that have never physically met securely agree on a secret key over a public, crowded, and hostile network like the internet?

In the upcoming articles , we will crack open the mechanics of modern communication. We will discover the brilliant mathematics that make the modern internet possible - and learn exactly why upcoming quantum computers threaten to tear it all down.

What is Cryptography and Why It Matters Today?

Shreehari Menon — Fri, 06 Feb 2026 07:46:30 +0000

Understanding Cryptography from the Ground Up: A Beginner-Friendly Guide to the Security Techniques Protecting Modern Digital Systems Before We Dive into Post-Quantum Cryptography and Future Encryption Technologies

Introduction: The Invisible Shield

Imagine you are sitting in a busy airport terminal. You open your laptop, connect to the public Wi-Fi, and log into your company’s portal to check a confidential document. You don’t think twice about it.

Technically, your data is being broadcast over radio waves to a router that hundreds of strangers are also using. Anyone with a cheap antenna and free software could intercept those radio waves. Yet, you trust that your password and your company’s secrets are safe.

Why? Because of Cryptography.

Cryptography is the invisible infrastructure of the modern digital world. It is the science that allows us to build trust in an untrusted environment. Without it, the internet would be nothing more than a digital library -great for reading public information, but impossible for banking, shopping, or private conversation.

In this first article of our series “ The Road to Post-Quantum Cryptography ”, we will steer clear of the complex mathematics. Instead, we will explore what cryptography actually is, the fundamental problems it solves, and why understanding it is critical for every developer and engineer today.

2. What is Cryptography? (It’s Not Just Secrecy)

Many beginners believe cryptography is simply “the art of writing codes to hide messages.” While that was true in the days of the Roman Empire, modern cryptography is much broader.

In the digital age, cryptography is - the science of mathematical techniques related to aspects of information security.

It doesn’t just hide data; it proves things about data. For an engineer, cryptography is a toolbox used to solve three specific problems, often called the CIA Triad.

The Three Pillars

Confidentiality (Secrecy)

The Goal: Ensure that information is accessible only to those authorized to have access.
The Analogy: A sealed envelope. If you send a letter in a sealed envelope, the mail carrier handles it, but they can’t read it. Only the person who opens the envelope can see the contents.

Integrity (Tamper-Proofing)

The Goal: Ensure that data has not been changed or corrupted during transit.
The Analogy: A wax seal on that envelope. If the recipient receives the envelope and the wax seal is broken or smeared, they know someone tampered with the message, even if the letter inside looks fine.

Authentication (Identity)

The Goal: Confirm the identity of the person or system you are communicating with.
The Analogy: A signature or a passport. How do you know the letter actually came from your bank and not a scammer? Cryptography provides a mathematical way to prove origin.

3. The Golden Rule: Kerckhoffs’s Principle

Before we learn how to encrypt things (which we will cover in the upcoming articles), we must understand the most important rule in cryptographic design.

In the movies, hackers often try to figure out “the secret algorithm” used by the NSA or a bank. In reality, professional cryptographers do not hide the algorithm.

In 1883, a Dutch cryptographer named Auguste Kerckhoffs formulated a principle that defines modern security:

“A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”

Why is this important?

Open Source Trust: The algorithms used to secure your bank account (like AES or RSA) are public. You can download the source code right now. They are secure not because the math is secret, but because the Key - a specific string of random numbers used by you -is secret.
Peer Review: Because the algorithms are public, thousands of mathematicians try to break them every day. If they survive this scrutiny, we trust them. A “secret” algorithm created by a company hasn’t been tested by anyone but them, making it dangerous.

Takeaway: Never try to invent your own cryptography. Always use standard, public, peer-reviewed algorithms.

4. Why It Matters Today (The Modern Stakes)

Cryptography used to be the domain of spies and generals. Today, it is a requirement for basic human functioning.

1. The Data Economy

We live in a world where data is currency. Credit card numbers, social security numbers, and health records are stored in databases accessible via the internet. Cryptography is the only barrier preventing this data from being copied and stolen en-masse.

2. Privacy as a Human Right

In an era of global surveillance and data tracking, encryption is one of the few tools individuals have to maintain privacy. Apps like WhatsApp and Signal use “End-to-End Encryption,” ensuring that not even the company running the app can read your messages.

3. The Foundation of Blockchain

You cannot understand Bitcoin, Ethereum, or Web3 without cryptography. These technologies use cryptographic concepts (which we will discuss later, like Hashing and Signatures) to create digital scarcity and prove ownership without a central bank.

5. The Looming Challenge: The Quantum Horizon

If cryptography is so great, why is there a “Post-Quantum” movement?

The cryptographic systems we use today are built on specific mathematical problems that are hard for current computers to solve. However, scientists are currently building Quantum Computers -machines that operate on the laws of quantum physics.

Theoretical models suggest that a powerful quantum computer could solve these specific math problems incredibly quickly. If that happens, the “Shield” we discussed in the introduction would shatter. The privacy of the past, present, and future would be compromised.

This is why you are learning this topic now. We are in a transition period. The world is preparing to upgrade its cryptographic foundation, and there is a massive demand for engineers who understand both the old ways and the new “Post-Quantum” ways.

Summary

Cryptography is about more than just hiding secrets; it ensures Confidentiality , Integrity , and Authentication.
Kerckhoffs’s Principle teaches us that the system should be public, and only the Key should be secret.
We rely on these systems for everything from banking to private messaging.
The field is currently evolving to face the Quantum Threat , making this the perfect time to start learning.

What’s Next?

Now that we understand the goals of cryptography, we need to open the toolbox and see the specific tools we use to achieve them.

In the upcoming article, we will break down the three distinct tools of the trade: Encryption , Hashing , and Digital Signatures. We will explain the mechanical difference between them and exactly when a developer should use one versus the other.

Insertion Sort

Shreehari Menon — Mon, 02 Dec 2024 19:08:37 +0000

“Efficiency in Simplicity”

Photo by Scott Graham on Unsplash

Introduction

When one starts learning the basics of programming be it any language,

I 'am sure you would have encountered searching and sorting algorithms, as they form the foundation of computer science and programming.

Let’s keep searching algorithms for another article, here let’s dive into sorting algorithms and understand them, in particular, let’s discuss about insertion sort.

Sorting algorithms have been a cornerstone of computer science since its early days. In the 1940s, as computers were being developed, sorting became crucial for processing large amounts of data efficiently. Early methods like bubble sort and insertion sort were simple yet effective for small datasets.

Sorting algorithms are taught to beginners as they provide a fundamental understanding of how to organize and manage data efficiently. By learning sorting, one can grasp key programming concepts like loops, conditional statements & arrays, while also developing problem-solving skills.

Sorting algorithms help organize data, making it easier to find and use. For example, sorting a list of names alphabetically makes it much quicker to search for someone.

Why Sorting Algorithms Matter

Sorting helps students realize the importance of optimizing solutions, as they compare simple algorithms like bubble sort with more advanced ones like quicksort, which perform better on large datasets.

Sorting algorithms are essential for real-world applications such as organizing files, searching data, and processing information in databases and search engines. These algorithms also lay the groundwork for more complex topics in computer science, making them an important starting point for further learning.

There are numerous sorting algorithms available, but typically, students are taught only a few basic ones, while the others are overlooked.

Let me list out some popular ones: Bubble Sort, Selection Sort, Insertion Sort, Merge Sort, Quick Sort, Heap Sort.

I ‘am sure you would have heard of the first two,

Bubble Sort : Repeatedly compares and swaps adjacent elements until the list is sorted, with larger elements "bubbling" to the end.

Selection Sort : Select the smallest (or largest) element from the unsorted part of the list and swap it with the first unsorted element.

What is Insertion Sort?

Now let’s discuss about insertion sort in detail. Insertion sort is a simple yet efficient algorithm that’s actually very simple to understand.

Insertion sort is a straightforward sorting algorithm that produces the final sorted list one element at a time. It operates by selecting elements from the unsorted list and inserting them into the appropriate location in the sorted list. This is accomplished by comparing each element to the ones that came before it and rearranging them as necessary to make room for the new ones.

How Does Insertion Sort Work?

Imagine a man holding a set of cards, typically we use our left hands to arrange and handle the cards, while our right hands are employed to arrange, choose, or insert a card. We all know that cards have a specific order starting with ace, king, queen, jack, 10, 9, ……2.

Assume that the left hand is holding the sorted section, and the right hand is picking up a card from the unsorted section and inserting it into the appropriate location among the sorted cards.

Now let’s understand this process step by step :

Initially, there is just one card in his left hand, it’s considered sorted.

Then we choose a card from the unsorted lot and place it in its appropriate position, i.e. place it on the right side of the first card if its value is less else to the left.

Similarly, now the next card is placed either in between the two cards on either ends depending on its value. This step is repeated until we have sorted the entire pack.

Time and Space Complexities :

Time Complexity : Best case : O(n) — when the list is already sorted. Average and Worst case : O(n²) — when the list is unordered or nearly sorted.
Space Complexity : O(1) — Insertion sort is an in-place sorting algorithm, meaning it doesn’t require extra space for sorting, except for a small amount of space used for temporary variables.

Pros and Cons :

Pros :

Simple to Implement : Insertion sort is straightforward to understand and implement, making it a good algorithm for beginners.

Efficient for Small Data Sets : For small lists or nearly sorted data, insertion sort is very efficient since it can perform with O(n) time complexity in the best case.

Stable : It doesn’t change the relative order of equal elements, which can be important in certain applications.

In-Place Sorting : It doesn’t require extra memory beyond the input list, making it memory efficient.

Cons :

Inefficient for Large Data Sets : The O(n²) time complexity in the average and worst case makes it impractical for large lists.

Slower than More Advanced Algorithms : When compared to algorithms like quicksort or merge sort, insertion sort is much slower for larger datasets, as it involves more comparisons and shifts.

*Implementation * :

import java.util.*;
public class InsertionSort {
public static void insertionSort(int[] arr) {
int len = arr.length;
/* start from 1 and not 0 as initially it's 
 * considered sorted with just 1 item */
for (int i = 1; i < len; i++) {
int key = arr[i];
// pointer to index just before the key's index
int j = i - 1;
/* move values in arr[0...i-1] greater
 * than key one position to their right */
while (j >= 0 && key < arr[j]) {
arr[j + 1] = arr[j];
j--;      
}
/* store the key just before the last shifted element
 * or after the element just smaller than or equal to the key */
arr[j + 1] = key;    
}
}
public static void main(String[] args) {
int[] arr = { 15, 11, 7, 10, 9 };
insertionSort(arr);
System.out.println(Arrays.toString(arr));
}
}

Real Life examples

Insertion sort, while simple, is extremely useful in some situations:

Tiny lists: it’s good for sorting tiny lists because of its low overhead and simple implementation.

Nearly Sorted Data: Insertion sort works best when data is nearly sorted since it requires fewer comparisons and shifts.

Real-Time Sorting: In circumstances where data enters incrementally (for example, stock price changes), insertion sort can sort it live.

Embedded systems: Insertion sort is a good choice for situations with limited memory or computing capacity, such as microcontrollers, because of its in-place nature and simplicity.

By understanding these use cases, it’s clear that insertion sort, though basic, has practical value in solving specific problems efficiently.

Conclusion

Insertion sort may not be the most efficient algorithm for large datasets, but its simplicity, stability, and effectiveness on small or nearly sorted data make it a fundamental part of understanding sorting algorithms. As one of the first sorting techniques taught to beginners, it provides a stepping stone to more advanced concepts in algorithm design and optimization.

By learning insertion sort, you not only gain insights into how sorting works but also develop problem-solving skills that are essential for tackling more complex challenges in computer science. Whether you’re sorting a deck of cards or analyzing large datasets, the principles behind insertion sort remind us of the importance of efficiency and precision in organizing data.

References

Levitin, A. (2012). Introduction to the design & analysis of algorithms (pp. vii–x). Pearson Education, Inc.

RichardsSoftware.net — CLRS Algorithm a Day: Insertion Sort. (n.d.). http://richardssoftware.net/Home/Post/76

Juneja, J. (2022, October 19). Insertion Sort in Java with Examples and Use Cases — Scaler Topics. Scaler Topics. https://www.scaler.com/topics/insertion-sort-in-java/

Card game Stock Photos, Royalty Free Card game Images | Depositphotos. (n.d.). Depositphotos. https://depositphotos.com/photos/card-game.html?qview=358081532