RSA in 2026: Still Secure or Obsolete?

RSA’s security in 2026 hinges on the interplay between its mathematical underpinnings and the ever-advancing capabilities of cryptanalysis, particularly quantum computing.

Let’s look at it in action. Imagine two parties, Alice and Bob, want to communicate securely. Alice wants to send a secret message to Bob. Bob generates a public key and a private key. The public key is like a mailbox with the slot open for anyone to drop a letter in, but only Bob has the key to open the mailbox and read the letters. Alice uses Bob’s public key to encrypt her message. This means she scrambles it into an unreadable mess. Once encrypted, only Bob’s private key can decrypt it, turning the mess back into the original message. The security here relies on the fact that factoring large numbers (the core of RSA) is computationally infeasible for classical computers.

The problem RSA solves is asymmetric encryption, allowing secure communication without a pre-shared secret key. It’s fundamental to TLS/SSL (securing websites), secure email (PGP/GPG), and digital signatures. The core mathematical principle is that it’s easy to multiply two large prime numbers, but extremely difficult to factor the resulting product back into its original primes. The public key consists of a modulus (the product of two large primes) and an exponent, while the private key includes the original primes and another exponent derived from them.

Here’s a simplified view of the key generation:

1. Choose two distinct large prime numbers, p and q.
   • Example: p = 61, q = 53 (These are tiny for demonstration; real RSA uses primes with hundreds of digits).
2. Compute n = p * q.
   • Example: n = 61 * 53 = 3233. This n is part of the public key.
3. Compute Euler’s totient function, φ(n) = (p-1) * (q-1).
   • Example: φ(3233) = (61-1) * (53-1) = 60 * 52 = 3120.
4. Choose an integer e such that 1 < e < φ(n) and e is coprime to φ(n) (i.e., gcd(e, φ(n)) = 1). e is the public exponent.
   • Example: Let e = 17. gcd(17, 3120) = 1.
5. Compute d, the modular multiplicative inverse of e modulo φ(n). This means (d * e) mod φ(n) = 1. d is the private exponent.
   • Example: d is the solution to (d * 17) mod 3120 = 1. Using the extended Euclidean algorithm, d = 2753.

The public key is (n, e), and the private key is (n, d).

To encrypt a message M (represented as an integer where 0 <= M < n): C = M^e mod n

To decrypt a ciphertext C: M = C^d mod n

The security relies on the difficulty of finding p and q given only n.

The most surprising true thing about RSA is that its security doesn’t just depend on the size of the primes, but also on how well-chosen they are. Subtle biases or patterns in prime generation can make them more susceptible to certain attacks, even if the bit length is sufficient.

The next concept you’ll run into is the practical limitations of RSA for bulk encryption, leading to hybrid encryption schemes where RSA is used only to securely exchange a symmetric key.