All classical encryption methods (including the NBS standard) suffer from the“key distribution problem.” The problem is that before a private communication canbegin, another private transaction is necessary to distribute corresponding encryptionand decryption keys to the sender and receiver, respectively. Typically a privatecourier is used to carry a key from the sender to the receiver. Such a practice is notfeasible if an electronic mail system is to be rapid and inexpensive. A public-keycryptosystem needs no private couriers; the keys can be distributed over the insecurecommunications channel.