An important application of that is to do digital signatures.
We think of physical signatures as authenticating documents.
When something is signed, that means that the signer is responsible for the message in the document.
Physical signatures don't actually work very well for this purpose.
Someone can cut and paste a physical signature or maybe they can modify the document
after it's signed.
There's nothing that really guarantees that the signature and the document are matched.
What we want with digital signatures is something much stronger than that.
We want something that shows that the person who signed it agreed to the message,
and the message can't be changed without also breaking the signature.
How can we do that with asymmetric cryptography?
Here is our goal: we want Alice to be able to sign a message, transmit that message to Bob,
Bob should be able to read the message.
and know that it could only have come from Alice.
The question is what should we use for the respective keys k1 and k2
in order to provide that digital signature where the message that Bob receives
proves that it was signed by Alice?
Here are the choices.
We've used for k1 Alice's public key and k2 Alice's private key.
For the second choice we'll use Bob's public key for k1 and Bob's private key for k2.
For the third choice we'll use Alice private key for k1 and Alice's public key for k2.
