Tom explores the fundamental principles of Public Key Cryptography and the maths behind it.

Featuring Tom Merritt.

Please SUBSCRIBE HERE.

A special thanks to all our supporters–without you, none of this would be possible.

Thanks to Kevin MacLeod of Incompetech.com for the theme music.

Thanks to Garrett Weinzierl for the logo!

Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subreddit

Send us email to [email protected]

**Episode Script**

This says its protected with Public Key Cryptography

But if everyone gets my key how is that secure?

And who the heck are Alice and Bob?!?!?

Are you confused?

Don’t be.

Let’s help you Know a Little more about Public Key Cryptography

Public key cryptography is a system to make it easy to authenticate things with whomever you want. Public keys can be given out to anyone without risk. And your private key as long as its private, ensures only you can authenticate those public keys. But how does that work? How can anyone have your public key and it not be risky?

Those of you who are experts in security or security researchers don’t cringe too much at this, I’m going to take some shortcuts in this explanation in order to make it good for people who don’t know anything about encryption.

The idea with public key cryptography is that you have a key, which is just a number really, it’s a, it’s a piece of math that you put out there that people can use to encrypt communications with you. Now they can either encrypt something sent to you, or they can read something encrypted by you and determine that it was in fact, created by you because it goes with your public key.

Now, you may think, as I did when I first heard about this, how is it possible for someone to give me the key publicly and that be secure? That’s because there is also a private key. And so the public key and the private key work well together. Now, that makes sense.

Okay, there’s a private key, you have to use the private key and the public key together, but how can I send something to someone and have them be able to decrypt it without revealing my private key?

Certainly, I must have to give the private key to the other person. In a sense, yeah, there is a system like that called symmetric key cryptography. And that underlies a lot of public key encryption schemes. But let me give you an example that shows how it’s possible to share a key and this example, we’re going to use an actual padlock and key combination.

I’m not the one who came up with this metaphor. So all credit to the person who did, but this is going to be a system where a padlock has three key states. A lock can usually be locked or unlocked, right? This padlock has the lock unlock, and then lock again. Turn the key left and it’s locked. Turn the key to the middle and it’s unlocked. Turn the key right and it’s also locked. So left or right lock.

Now imagine you have two keys for this padlock. One key can only turn to the left or middle.. The other key only turns to the right and middle.

So I think you know where I’m going with this one of those keys, the one that turns right is given out publicly to people, and you say, Okay, if you, if you have this key, you can now turn my lock to the right, but you can’t turn it to the left.

Yes they can still unlock it. Yes but only from one direction.

So what good is the public key?

Look, you’ve got my public key, the one that goes to the right, and I’ve got my key that goes to the left. So here’s what we’re gonna do. I’m gonna send you an unlocked padlock for you to send me an encrypted message. The padlock is the Public Key platform we’re using. So you take this padlock, you lock the box that your message is in, then you take my public key, which again goes to the right and you put that key in, you turn it from unlocked to locked. And here’s the thing, remember, you can’t go to the left with that public key. So now even you can’t unlock it. You just locked it. You can’t even unlock it yourself. That’s hwy it’s safe to give everybody the public key. It can only go one direction. You send that padlock box to me. I’ve got the key that can go to the left. And so I’m able to unlock it and I’m the only one. If someone in the middle grabs that box padlocked, (and we’re gonna pretend that this is a padlock can’t be picked) What can they do? Unless they have my private key, nothing.

OK but public key cryptography uses numbers not actual keys and locks. Can’t numbers just be cracked? To see how the numbers might work let’s bring in those classic cryptography players Alice, Bob and Eve.

Alice and Bob want to exchange a key, but Eve’s in the middle. A-B is the message Evil Eve wants to steal it.

So what we, Alice and Bob are going to do is use a number that we agree on “two.” Eve might know about two, that’s fine. Alice is going to pick her secret number to be three. But she doesn’t want Eve to be able to figure that out. To encrypt the secret number she’s going to raise two to the power of three, and that’s eight. That’s effectively her public key.

She sends the number eight to Bob. Now Bob has received from Alice the number eight. Now Bob has a secret key, it’s four, he’s going to raise that two to the power of four, that’s 16. So he sends that to Alice. Now Alice has the number 16. Now Eve can see all this. She can see that Alice sent Bob 8 and she can see that Bob sent Alice 16. These are the public keys. Eve does not know either Bob or Alice’s secret number though.

Here’s what’s going to be interesting. Now Alice is going to take the 16 she got from Bob, she doesn’t know Bob’s secret number is four, but she’s going to raise it to the power of three, which happens to be 4096. Which is her secret number.

Bob’s going to take the public number he got from Alice, which is eight, and raise it to his secret number, which is four, so eight to the power four, also 4096. Now they both have a secret number 4096, that Eve doesn’t know that they can use to encrypt messages to each other. they’ve shared a public key, in this case, eight and 16, based on a known factor, which is two but Eve doesn’t know 4096.

Now you might be sitting here thinking oh, well hold on, if he knows it’s two, and she sees eight and 16, it’s not gonna take a very long to figure it out with some simple math. And that is exactly the key to understanding public encryption. When you hear about weakened encryption weakened keys, it means that Eve got better at figuring things out. So of course, in our very weak example, Eve can sit there and go, Okay, well, I know two is the base. And I saw that Alice sent eight to Bob. So let me come, let me compute this. Two times two is four, four times two is eight, aha, I’ve computed that Alice’s secret number is three.

But Eve wasn’t able to just look at eight and do that. She had to do the math in her head. In other words, she had to compute it. Make that math a lot harder than our example and it becomes a lot harder for Eve to figure it out.

So the strength of public key cryptography relies entirely on how difficult that mathematical factor is. Now you can get into all kinds of things about the elliptic curve and factoring of primes. If you want to know how they actually create these numbers, but the principle is the same, which is, you create a system based on math, that the other person can come up with so that you’re only exchanging these public numbers that then Eve the person in the middle would have to spend a long time factoring.

Sure, She didn’t have to spend a long time to figure out that eight was two to the power of three. So make that much more complex, so that it takes hundreds of thousands of hours to figure it out. That’s one of the reasons you’ll hear security people often say that there is no such thing as uncrackable encryption, it’s just a matter of time, because it is all math. What you’re trying to do is come up with an algorithm that is sufficiently complex, that the amount of time it will take to crack it makes it worthless to try.

If it’s going to take me to the heat death of the universe to factor out the number, that’s pretty strong encryption. Of course, as computers get more powerful as we do things like add in natural random number generators, from quantum sources, suddenly, things get different.

But as computers get better at solving complex math they also get better at creating complex math. So it stays at parity.

Now granted, these are overly simplistic models. And there’s lots of shortcuts I took to explain them, that when you get into RSA encryption, diffie Hellman 256 bit encryption, there are caveats and things you have to know to make it work in real life. But the fundamental principle is there, which is taking a piece of math and using it to create a number that you can give someone publicly that they can then use to create a key that only the two of you know.

I hope this helps you understand the concept of encryption a little better

In other words I hope now you know a little more about Public Key Cryptography.