Every time you sign into a crypto wallet, connect to an HTTPS site, or push a transaction across a blockchain, there's a quiet workhorse doing the heavy lifting. The RSA algorithm — a public-key cipher born in 1977 — is still pulling its weight decades later, even as the crypto world races toward newer schemes. Here's why this old-school math problem refuses to die.

What Is the RSA Algorithm, Really?

RSA — named after its inventors Rivest, Shamir, and Adleman — is one of the first practical public-key cryptosystems ever deployed. Before RSA, encrypting and decrypting required sharing the same secret key, a logistical nightmare across open networks.

The breakthrough was elegant: use two separate keys. A public key anyone can use to encrypt a message or verify a signature, and a private key kept secret by the owner for decrypting or signing. This split solved a problem that had plagued cryptographers for centuries.

Today, RSA lives inside TLS/SSL handshakes, email encryption (PGP), SSH logins, and countless software-signing pipelines. It is, in many ways, the default trust layer of the modern internet.

How RSA Works (Without the Tears)

RSA's security rests on a single deceptively simple fact: multiplying two huge prime numbers is easy, but factoring the result back into those primes is brutally hard. That asymmetry is the entire game.

Here's the flow in plain terms:

  • Key generation: Pick two massive random primes (p and q), multiply them to get n, then pick an exponent e (typically 65537). The private key is derived from another secret value d tied to p and q.
  • Encryption: The sender raises the message to the power of e modulo n. Even if an attacker intercepts this, the result looks like noise.
  • Decryption: The receiver applies d to the ciphertext. The original message pops out — but only because they know the secret d.
An attacker who knows n and e still can't reverse the operation in any reasonable time, because factoring n into p and q would take classical computers longer than the age of the universe.

RSA and the Crypto World: A Complicated Relationship

You won't find RSA protecting Bitcoin or Ethereum transactions directly — both rely on ECDSA (Elliptic Curve Digital Signature Algorithm) because it offers equivalent security with far smaller key sizes. A 256-bit elliptic curve key is roughly as secure as a 3072-bit RSA key, which matters when you're paying gas fees for every byte.

But RSA still shows up in crypto-adjacent infrastructure:

  • Web and API security: Exchanges, custodial wallets, and most fiat on-ramps use RSA-backed TLS to secure user sessions.
  • Hardware wallets and secure boot: Firmware signatures often rely on RSA or its close cousin, PSS padding.
  • Cross-chain bridges and oracles: Some legacy integrations still use RSA for message signing between off-chain services.

It's the unglamorous plumbing — the kind that, if it failed, would empty your wallet in seconds.

RSA vs. the New Guard: Is It Still Safe?

Three letters keep cryptographers up at night: Y2Q — "Years to Quantum." A sufficiently large quantum computer running Shor's algorithm could factor n in polynomial time, instantly neutering RSA. The good news? Such machines don't exist yet at scale. The bad news? Adversaries are already hoovering up encrypted data to decrypt later — the so-called "harvest now, decrypt later" playbook.

For this reason, NIST has been running a post-quantum cryptography standardization process, and recently finalized ML-KEM (Kyber), ML-DSA (Dilithium), and others as quantum-resistant replacements. RSA itself is being phased out of forward-looking systems in favor of these lattice-based and hash-based schemes.

That said, RSA isn't dying tomorrow. With 2048-bit keys, it remains secure against classical attacks. The migration is happening, but it's a multi-year shuffle across the entire internet.

When to Use RSA Today

  • Yes: TLS certificates, code signing, legacy interop, small-scale data encryption.
  • Caution: Anything with a 10+ year secrecy window — expect quantum threats sooner.
  • No: New blockchain signature schemes (use ECDSA, EdDSA, or BLS instead).

Key Takeaways

  • RSA is a public-key cryptosystem built on the difficulty of factoring large prime products.
  • It still secures most of the web, even if newer blockchains prefer elliptic curves.
  • Its biggest threat is quantum computing, and the industry is already migrating to post-quantum standards.
  • For crypto users, RSA is the silent guardian of the front-end — exchanges, wallets, and APIs all lean on it daily.

Whether RSA becomes the next ROT13 or survives another 50 years depends on how fast quantum machines scale. Either way, understanding the algorithm is non-negotiable for anyone serious about the cryptography stack underpinning Web3.