 All right folks, welcome, Tuesday, having fun putting on your crypt analysis hat and breaking crypto. All right, let's keep going. Okay, so last time we talked about kind of modern symmetric crypto systems like DES and AES. So what are some of the hallmarks of a symmetric crypto system? One key, and what does that functionally mean for the system? Yeah, in order to communicate, right, the key must be shared on both sides if possible. And we looked at various types of crypto algorithms that implement this. We then can shift to what theoretically could be an actually 100% provably secure crypto system. And this is what's known as a one-time pad. So we talked about this a little bit in the sense of specifically, so how do things like DES and AES, specifically DES, what was their main functionality? The function, what does it do? What does it take in? What are its inputs and outputs? I remember it takes in 64 bits and outputs 64 bits. Yeah, so it takes in 64 bits of plain text, and what else? Yeah, the key, right? Whatever it is, 52 bits, 48 bits. I can't remember. We can look it up on the slides. But it functionally takes in a block of plain text, a key, and output ciphertext that is 64 bits. Cool. So fundamentally, we saw that with ECB mode, we can have patterns that reemerge. Even if we can't necessarily go backwards and decrypt the text, we can see that some patterns emerge if they're on the order of 64 bits. So on 64 bits, because the encryption is of the same, we have a CBC mode to combat that a little bit. So there's another approach where rather than essentially reusing a key, you have a key that's the size of the text that you want to send. All right, let's think about this. We talked about this a little bit in terms of the vision error cipher. So let's say I have a shout out random letters, A through Z. A, Q, what else? T, W, R. What was it? X. Okay, cool. So if this was a Caesar cipher, how would you solve this? Group force. You try all possible keys, stretch shifting it into different alphabets. It's only six letters, so a vision error would be more difficult, but you could try using those different techniques. So what if we said this was a vision error cipher of key size six? How would I go about solving this? Basically it's like using the letter of size in this case into a unique alphabet. Yeah, a unique alphabet. So I have A, I have Q, I have T, I have W. It's going around where they have like two or possible T's. Yeah, these are each created with a different key, right? So they're each shifting the alphabet in different ways. So how do I know if I'm correct in this case? What was that? I don't think you can know if you're correct. Yeah, you can go if you're correct. Didn't we say that with the key of the size of your cipher text, you can't actually technically get an exact answer from there? Yeah, why? Because you could write... What's your favorite six letter word? Who has a favorite six letter word? Tanner. Tanner? Google. Google, that's a good one. There you go, perfect. Cool. So does a key exist that would decrypt this to Google? Yeah. Yeah, so this would be A to G. This would be basically Q to O, T to O. I don't know if all these offsets are, but you could figure them out. R to L and X to E, right? So using whatever that key is, we can then make this say Google. So what's another six letter word? Devils. What was it? Devils. Devils, that's nice. There you go. Is that right? No. E, I don't know. Okay, right on. Okay, so then is there a key that exists that decrypts this to Devils? Yeah. Right? There's a cipher that says, okay, shift the first alphabet from A to D, shift the second alphabet from Q to E, the third alphabet from T to V, right? So let's go on for all of these. So which one's correct? We have no clue. We have no clue. Why? Because they're both valid words. They're both valid words. And how do I get the cipher text? Only from things that you people gave me, right? So is there any meaning there? I mean, no. But we could still make this decrypt to be whatever we want, right? And every possible key could be valid. So this is the basic theory behind the one time path. So here we have a key size. That's the exact same size as our cipher text. And now if we use that to encrypt the message, then all possible plain texts are equally likely. And there's no way for them to know which one it actually is. All right, cool. So... Isn't that extremely bulky, though? Because then you're pretty much sending the same message. Yeah, so, okay, we're thinking about this, right? So I'm going to send a six-letter message from one side to the other. Let's say I need to send another six-letter message. What do I do? So I have my key, let's call the key, the real key, alpha. What do I do? I just re-encrypt that message with alpha. No, why not? One thing I did, right? So let's say here's message one. And then message two is... I don't know, I'm not going to come up with six more letters again, but it's six new letters that I've encrypted with alpha. I'd say somebody's stolen both message one and message two. What can they now do? Yeah? You can see kind of what the letters are. Do you provide these similar to the two? Possibly, but all of the plain texts are completely different. What the size of the key is? Well, no, maybe what the size of the key is. Okay, this is actually a good question. Let's change our operation to XOR. It's holding down a lot easier than that. So rather than shifting like a Caesar cipher, let's say it's an XOR operation. So every character here, like C1, or I guess that's cipher text one, and there's alpha one. So C1 is equal to message one, XOR alpha one. Just the XOR operation, which we're all very familiar with now. Can we just take a second and chat about the XOR? Can you kind of get on the binary and level what it does? What are the implications? I just don't really understand why you want to use that. Sure. So, okay, let's think about it. So here I have XOR operations. I've shifted my crypto system to XOR. And so to get the cipher text letter one, I take the message letter one and XOR it with alpha, the first letter of the key. So now how do I decrypt? So now I have cipher text one. How do I decrypt? I can XOR with the key and I get what? The original message. So XOR has this great property where it's sometimes reversible. So you can do it like this. So you can do that same operation with the cipher text and the key and you can get the message. So now let's think about this. Pause that discussion for a second. We'll think about message two. So how do we get... Okay, I'm running out of characters. We'll say c2, so the... Man, alright. We'll change it to d. So second message, the first character of the second message. How do we get that? Close. So how do we get... So thinking about how is this string of letters created? So we have d1, the first character there, must be the... We'll call it capital D. The first character of the second message is plain text. XOR with what? The key, alpha one. And then to go backwards, we have the same thing. So we have... If you take capital D... Or sorry, it's a... If you take the ciphertext and encrypt it there, we get d1. So now here in these two equations, we have both d1 and c1. So if we go, what is alpha equal to here? C1. C1 what? XOR with m1. m1? And here I have alpha one is equal to what? d1, XOR, capital D1. Actually, I'm not sure where my derivation is going here. So I shouldn't try to prove something in the middle class. Can't you just automatically get what the first key is? We know what the plain... No, we don't know the plain text. We know the plain text, but we do have the ciphertext. It should be the case that c1, XOR, d1 is equal to alpha. Because they've both been shifted by XOR, so you should be able to go backwards by XORing them with each other. This is also... Anybody use or have been taught the XOR trick to swap two pointers? Or swap two numbers without using a third variable? No. No? I was hoping somebody would say yes, so I didn't have to remember this off the top of my head. I think it's equal to A, XOR, B. B is equal to B, XOR, A. There's max when you need them. Do you know how good it is? You swap the two values using just XOR without using a third variable. Is it A, XOR, again? Right, with B? Like this, right? Yeah. So the nice thing is... Oh yeah, because you make B in with here. Yeah, yeah, yeah. For here, you have... So B, XOR, with A. So in this step, you have B is equal to B, XOR, with A, XOR, with B. Right? And these Bs, XOR together, cancel each other out because if you XOR something of itself in zero, and zero, XOR, with value, is that same value? There we go, look at us, deriving things. So now this becomes B is equal to A. And then here... So this A is here, so you have the final A is equal to A, XOR, B, and B is actually A. So these A's cancel each other out and you have A as equal to... There we go, boom, QED. Yeah, this operator. It's a binary operator. Yeah, it's a binary operator. That's how you do this, the carrier. Yeah, so it's just like the XOR function that you study when you look at like circuits and stuff, right? You can do a truth table for it. Yeah, so let's... Okay, this is a good question. So what's the difference between this and... What would you say? You say 10 equals A. We'll erase these beautiful proofs. 10 equals A. A equals B. B equals 10. I don't know, what's the difference between the two? 10 equals A. A equals B. B equals 10. I don't know, what's the difference between the two? Yeah. The last one, you're doing A XOR with B. B is not equal to A, so you're doing A XOR with A, right? So shouldn't it... That's the very last step. Yeah, so you're doing A XOR with B. But B now equals A, right? Yes. A is not equal to A. A is equal to A XOR with B. So this A is going to come from here. So taking all the facts of their original values, that's how you do it. So you're not causing more base formation variable, and then you're not doing it bitwise instead of actually doing the entire sum. Yeah, okay, so some things to think about. Right? Space lines, yeah, I'm using one extra variable, but I don't know. How long is it going to take you to read this code and figure out what it actually does, like what the purpose is in these three lines? Versus this, can you reason about what the values are in A or B after this line? Say A was B, and B is 10 to the power of A, so you swap A and B. So the short version is this is an un-exampled terrible code that if you never do this for a performance reason, you better put a comment on the top that tells you what the code is supposed to do and why you're doing it. In the third line, if you're considering that A XOR B didn't place an A on the right-hand side, wouldn't the Vs cancel out and it would just be the same A multiple times? All right, let's change our number in a little bit. We'll say A0 and B0, these are the original values, and we'll say this is A1, this is A2, so this is a technique that's called, well, whatever, it doesn't. Single static assignment, so we're only ever assigning to a variable once. A, this is A1 because we're using this value of A. B here is, which B is this? B0, and we're creating a new B, so this is B1, and this is what? XOR is the blood. A1 and B1? Okay, now if we break this down, right, so we have A2, well, let's start with B, I think that's easier. Okay, so we start with B1, so B is going to be B0 XOR with with what? A1, which is A0, XOR with B0, and if we have X, XOR with X is equal to zero, and we have zero XOR with Y is always equal to Y, so these are properties we're using of the XOR function, so these XORs cancel each other out, or technically they would go to zero XOR with A0, and then we would say this is equal to A0, so we'd say B1 is equal to A0, every good on that part, and the next line, so we'd say A2 is equal to A1, where A1 is A0 XOR B0, A0 XOR B0, and then B1, which we know from this, that we just proved B1 is equal to A0, A0, by the same logic, B's cancel out to zero, zero, XOR B0, which is just equal to B0. So you finally get B1 is equal to A0, and A2 is equal to B0. Does that make sense? And generally, I would prefer this code 99.99999% of the time than the other code. Any other questions about this? The cycle, the cycle test times the plane test. So, not times XOR, you're talking somewhere in here? Yeah, first would be taking two cycle tests Yes, if you have two cycle tests that are connected with the same key with XOR, you can easily XOR each of the characters and get out the right key. Would you have to know the key in order to get two? I'm not certain, maybe, that's a good question. Oh, okay, better example, wow, why didn't I, why did I go down this radical? Okay. I'm just going to erase a bunch of stuff, but it'll be here on the lecture, on the slides. Okay, much better idea. Rather than worrying about all of that, cool. So before, we started down this crazy path. I think you're all right. I was wrong. So, I will ask for more letters. Okay, so we get a message 2 that we know has been corrected with the same key. This is the right way to approach this, there we go. We get a message 2. Somebody give me 6, somebody just letters, give me letters. Y, D, X, Z, T, L. L, okay, perfect. So, I know that the second message that I know has been corrected with the same key. So, I have two messages that are corrected with the same key. Great, I cannot use my silly trick because that doesn't work, you are all correct. I might not demonstrate that. So, what do I have now? You now effectively have an alphabet for each letter of the key. Now I have more than one character for each alphabet of the same letter of the key. So now, here, I used to just have the alphabet in key 1 of Y and key 2 of Q but now I have a second one so now I can add this, I can say Y, G, X, Z, T, L and I can keep doing that for every message I have and now I can start to use statistics and all the other techniques that we talked about to break this key, right, because they are reusing this key. Yeah. What if you made a book of each and then you send messages over the course of time and each message will go away of the that you were supposed to notice, so then after you go, say, you go 100 characters into the book and you have the next message that's 75 characters you can pick up where you left off and go to another 75 characters and then unless the person who was in your message had both the book you were using and the length of every single other message you'd ever used they couldn't deal with it. Okay, let's think about that in the context here. So what's the problem, what's the core problem of what we just laid out? So we had one message, we sent one message, we said that was perfectly secure and we kept it equally to every valid six-letter message, right? But now I have two messages and three messages and four messages that are all encrypted with the same key now I have alphabets I can work with and it's essentially a vision and air cipher. What's the key problem there? The key, I reuse the key, right? So now let's say the case of I have so now what if I knew that I had captured two messages but I knew they were using a key of length 12 and so the first message was encrypted with the first six and the message was encrypted with the second message included with the last six. Now how many alphabets do I have? 12, not six, right? So this is the core idea and it's the same idea that I just stated so if we have the key the same size as the message being sent and if we were to share in advance A and I'd say what would be the problem of using a key that's from a book? There's patterns in English, you've got patterns in your key that could potentially be used so we talk about that when brute forcing if we have to brute force through every random key that's an effective brute force but if we only have to brute force through let's say English sentences that actually could maybe be done much quicker, yeah. And then if you break one you know the rest of their cycles, the length of the book. So essentially your key is dependent on each other, right? So once I break it and I know one thing of your key maps to one part of the book then I can easily break the rest of it because I know the following keys whereas if they were all random there'd be no way to do that even if I wrote one key they should all be sufficiently random. Cool. So this is to demonstrate that you should never ever reuse the key, right? And so in what circumstances would you want to use this? So what let's think about it this way, what has to be true in order to use something like this? You have to have a way to safely communicate the key, yeah, what else? Make sure you don't reuse the key. You have to ensure that nobody reuses the key, right? Because you should probably put some kind of policies or mechanisms in place. So the way, yeah, please. Also, you have a limit on messages you can send before you need to read again. Right, so maybe you need to think about the key size you need and roughly how many messages are you going to send because once you run out you cannot communicate with them anymore or think that your communication is secure. What else? I have to find a way to generate the key, right? Yeah, so you need to find a way to generate the key? Why? Yeah, so the key needs to be sufficiently actually random, right? With each letter or whatever your elements of your key are equally randomly chosen. What's something interesting about the randomly generated letters we just did? Have you noticed it? A lot of the less used letters in the alphabet. Yeah, so when you went random you went to less used letters that happened a lot, right? Z, X. So there's a human bias in thinking that a random letter is a letter that's unlikely to occur. What else? What about repeats? In an individual message of six characters, we have no repeats. I don't know, what would we expect? So we can do the math on the statistics there. Two messages of six characters, what's the likelihood that we repeat a letter? It was actually random. They're useful repeats of the opposite of that. Because one is six and one is another six. One, six repeating characters with two. I don't know, but there are odds, right? So if we had done this again, presumably we wouldn't be repeating characters, but that has a probability to appear, right? But as humans we think, oh, random means there shouldn't be any of the same letter and they shouldn't necessarily appear together. But of course that can happen. Anyways, these are all good reasons for why this is very difficult. And so this gets into all the things we just talked about and get into. This is actually a provably secure system and we saw why, right? If we send a message, a six-character message or whatever with a key that's the same size, we can try to decrypt that to whatever message we want. But it's provably secure only if the key is truly random, right? So there's not a bias in how the key is generated. Will we get into how you truly random keys? Kind of? Yeah, we'll talk about randomness. How would you generate this? A hat, or how do you think it was done in a hat? So think about it before computers. You can't use a computer. How do you generate random numbers? Pull it out of a hat, maybe? Pull it out of a hat? So specifically how does I need a steam? A hat-based steam, yeah. Can you use a ping-pong ball thing here? Okay, ping-pong ball in the lottery? So then what do you do? So you have about 26 ping-pong balls in a hat and then what happens? Take one out, put it back in, shuffle. Take one out, look at it, write it down and then you pull another one. Get the put it back in and then what? Shuffle. I have someone going to shuffle your hat. Why would you want to shuffle the hat? Yeah, because depending on how deep you know, and then you have to how well do you train these people to actually effectively randomly pick a ball? Are they just picking one that's on the top? If you do that and then drop it back in and you just keep picking, you have highly likely to be picking the same number over and over again? How about a wheel that you put on something that's extremely low for spin and intentionally designed to be very balanced to make sure that there's no weight or symmetry to it and then you have a left wheel. A left wheel? Yeah, but a wheel that you can have like two letters or two sizes of a wheel of fortune or something and then you can have a machine that takes a random impulse to push the wheel at random. Where does that random impulse come from? The machine, you have a machine or the random... Oh, okay. And it might take the last bit of time or something like that to make you a moment or a random day at a time to actually be able to get at it and generate random things of when you have to push a button or hit a fire. You think it's a complicated process that's never, you could always try and slide it back into something but that's a bit of a approximation to that. Yeah, this is like very helpful to explore this off, like to explore this off a little something. If you're like intelligent enough like even the computers like the random ones like computers are on the top of the list. Okay, yeah. Interesting. Yeah, I don't want to get into too much of a discussion. True randomness. There are... I don't know exactly how they work because they use this physics, but there are carving by that plug into a computer that use some kind of, I think, way of particles or something which is uniform, but specific events are, as far as we know, random ish, and so using those as inputs to then see something else that can generate a large number of numbers but yes, these are all difficult questions of what you actually do. Even something you think as simple as time, like use the time with a lot of these things, you can... There's not like online poker games that have used the current time to see the random number generated with a shuffle of the deck and so based on what cards you get you can actually do that for all of the times that you think that the server is running as and then what you find the thing is if you do all the values, you actually can predict every single card that comes out to think it's a really good online poker game to do this. Yeah, so this is actually a difficult question. This is why this if here is very important. It's provably secure only if these conditions all hold. The key is truly random that the key is as long as the blank text and is never repeated and the key is never reused in whole or in part. This is another critical thing. I believe, I want to say it was the allies the Germans in World War II were able to break or identify bias in the allies communication because they had people actually using I think a similar scheme of drawing letters from a hat so the humans had bias and then they liked some letters more than others so there's a letter they didn't like they put it back or I think the other theory was they could actually see the letters when they were picking so you would try to get a letter that you liked or didn't like so there was actually bias in this human process of trying to generate rightness and you can actually keep the key completely secret in the sense of you have to transmit this thing that's as long as any message you're ever likely to send that is probably long enough to send multiple of these messages because you have to transmit this securely so in terms of scenarios would something like this actually be usable or useful? I feel like it can be in most useful situations where people have set that at once like again the longer the path what's a real scenario where you only want to send one message yeah so maybe like a nuclear code so like launch codes or something like that you wouldn't want somebody to be able to spoof that or steal that communication what else? I'm thinking maybe like encrypting a password for logging in okay encrypting a password for logging in in what sense? I like log into like your bank account you like to log in once per session okay yeah so logging into your bank although yeah so then you have this problem of what to do so you have to like go to your bank right and you have to share a random key and then go home and then every time you log on you need to use that somehow so you get a finite number of logins sending message or what kind of message? sending message so what kind of message though every message? no each message has to be like encrypting a password it's got to be tiny you need to have keys that are large enough for every single e-mail that you're ever going to send to the person you're going to send them to so you need to have pre-shared a key that's as long as any message you're going to send it to anyone and you have to send it securely so how do you send that securely to people so this is the other tricky problem other areas where I know this has been used is in government communication so like there's this famous like rent phone that existed from Mill and the Cold War from the White House to the Russian the Russians so they could talk to each other and apparently use like a long time pass system with like books full of random keys how do you ensure that it's not in full or in part throw away the page where do you think trash goes burn it destroy the page yes, no further otherwise you definitely would have spies outside of your embassy coming through the trash great cool so what are the main drawbacks of these symmetric crypto systems that we've been talking about communicating the key communicating the key in any scheme you have to communicate the key and this is very difficult because how do you do this you know get more and more paranoid so what do you do do you whisper the key to each other in a room what are some problems there what was it wiretap or is listening to the room so how else could you do it with what another key that's another one with another key that's all the way down so you can like like what about audio sensors on the room but you can hear microphones are pretty good you can have sensors like a connect that can tell the LiDAR stuff that can give high resolution imagery on people what about you can see this muscle on my arm moving on my finger moves so if somebody has a video of that they can correlate that with one of my finger moves right to the message what about if I send you a message the only way that you can encrypt it would be something I hope you know but like I mean like that I know like maybe not something that somebody else can mimic but how do I know that to be able to encrypt the message to you I mean I think this is pretty easy to look at I would actually make this a lot easier you can keep a guy that's the key guy he generates the keys he sends him over to the person only he knows it but how does he tell that person he doesn't he just goes there oh interesting I thought about that how do you trust this person in that sense why don't you just give them the message and have them transmit the message you don't need crypto in that sense there's somebody that you trust to be your courier yeah you can install your own like electrostatic field that sheds on both sides or any of the old school stuff is there any other is it possible to do long I don't know yeah so you could maybe but there you need you have literal trusty communication channels of like your military ships I don't know if I don't think you have that with your bank right you don't have a secure communication channel in your bank well maybe in the military they're definitely going to write it down so this is the key problem and now we're going to introduce the classic crypto people of Alice and Bob who want to securely communicate this is covered in almost everything in crypto and we have this problem of how do we securely transfer keys we can trust a third party to generate a key randomly and tell it to us but then again we still have no idea that the other party didn't that third party didn't actually steal our key so and it seems like why does it seem like such a difficult problem doesn't it seem super easy like you would solve this there's too many factors there's too many factors in what's that in like weaknesses in the system of transferring the keys it seems like this transmitting a key thing is a fundamental part of cryptography and if you want to keep information secret you must have some secret knowledge that's shared between two different parties it turns out that is not the case so the idea being and the idea was here is how can we actually encrypt information without requiring this share secret key and this seems insane on its face of like how would you possibly securely trade information like this and before I go in this we're going to use an example okay everyone have an imagination no sorry this may be more difficult but okay imagine that there is on this table a box right and it has a very special kind of locking mechanism so it has three states straight up is unlocked so the left is locked and to the right is also locked okay we're getting a box on the table old school lock it's got a nice mechanism it has different ways that you can turn it so what if we had a key that only moves the box a lot to the left we have a key that could let's say was this counterclockwise so we have one key that could only move the lock counterclockwise right so we have 6, A, B and C so we can only move it from C to B and then B to A cannot move it back from A to B more B to C and then we have another key that we can move to the right so this is a key that we can move to the right so I keep one of these keys I'll keep the key on the right so this is my key and keeping it secret none of you know what this key is but let's say I give every one of you a let's stop that for a minute I give one of you a the key on the left the key that only turns it to the left can you use this box to send me a secret message put the message in the box okay to put the message in the box let's say that the key box has to be in B is an unlock state it has to be unlocked so you open the box, what do you do with your message put it in the box and then what? close the box close the box good, you guys are getting this and then what do you do turn the key which direction turn the key which direction you only have one direction to turn the key right, turn it to the left okay think about this, can anybody else somebody a bad person someone want to play a bad person okay so you come up to the box you want to modify the contents of that box can you only if I have your key only if you have my key what if you have the same key that the person originally had this key why not because you can't turn it all the way around in a circle and it's already as far left as it goes yeah it's already as far locked as far left as it goes so none of you, even if you have this key so this is all contingent upon if I keep this key secret it's in my pocket, it's always on my person I never let anybody make a copy of it or anything so the box is in a lock state there may be something in there okay now, how do I read that message use your key I use my key which is the only key that turns it right and I turn it right to unlock I open it up and I see what I see the message, now what do I know about this message it was put in there by somebody that has a key that turns left do I know who sent the message no I actually don't know who sent the message what do I have to use to decide who sent the message who supposedly had the key if you all had the key could I know who had it and I also couldn't necessarily if I gave the key to one person could I trust that they didn't lose it or give it to somebody else so what would I have to use to try to decide who sent the message the message itself but still I couldn't trust that I don't even know what what do I know about that message they had the key and what happened to that message after it was put in the box you know that it doesn't have to do this it's under the assumption that you have the right turning key so it's under the assumption that I'm the only person that has this right turning key I know that nobody has touched or modified this message since it was put in the box cool, right this is my this right turning key to send me a message what did you need just the left turning key to send me a message okay let's say that I have a message that I want to send you like the midterms canceled or something right so if you just got an email for a message well let's say you came in and there's a piece of paper on a desk in here that says the midterm is canceled what should you do take a picture of it and then what leave would you trust that message does it have my signature on it sure how do you know what my signature looks like weird did you actually I don't think that's accurate it looks like someone else might make it I signed everything that's put in front of me so multiple people have my signature so this is something that's very easy to come by it's not a secret feature so fundamentally if there's a piece of paper here on this table you don't actually know who wrote that you don't know if I wrote it similar to the previous case to try to see who the identity is of that person okay can I use my box in order to tell you a message that you know comes from me okay so the box is on the table so I want to leave a message that you all know comes from me what can I do it's okay unlocks then what happens open it up open it up put the message in it's cancelled close it and then what turn it right with my key I put it in unlocks position to the right and now what happens so one of you comes to class and now you see this box on the table so what do you do and you take that other key and it turns left turn it to unlocks open it up read the message and what do you know exactly at that point thank you yeah it's me or the person who has that private key the secret key right send this message with the right turning key right and you know this for a fact and you know that that message has not been modified since it was put in that box because if you saw if you had a key that was taking ahead of myself what else more do you know okay so let's go through that how do you know that you're the first person that's open it you're the first person to do it because it was in the right state it was in a locked state nothing in the locked state in the right locked state specifically right so it's seen so all the way in the right locked state which means it don't have a left turning key in the right locked state that doesn't work right so you know at that point that I'm the only person who could have written this message and left it here now yeah so if you don't so first position the message in the box but then just turn it so that anyone can just reopen it and change the message and to essentially think about what's the state of the system so what state is it when you come across it right so only in the case that it's been in state C where it's been locked you know that can only happen with the right key a key that turns into the right it's unlocked you know nothing right so you could say anybody could have put anything in this box nothing is safe cool and so this is actually the basis of and of course it doesn't work with actual keys and weirdness like this but this is the core intuition behind asymmetric cryptography and also known as a public key crypto the whole idea is everyone has two keys so a public key so Alice and Ma both have a public key which we'll call P and they also have a secret key that we call S and this is exactly how they use this so in this sense this public key A is something the key that turns left is something I can give everyone on earth and they can't impersonate me or leave messages as me and they can use that key to encrypt a message such that I'm the only person that can decrypt it with my secret key you can look up I stole this from here really good resource of describing this let's torture this analogy slightly more we said that it's impossible when I get a message so it's been locked all the way to the left I can look at the box and I can see a message for me I can unlock the box and I know that that message hasn't been tampered with or changed but I don't know who it came from is there a way I can use something like this to know who it came from and why won't it be a counter lock on this particular person who registered me using a private key sure so what do I need to do how do I actually do it with these boxes that I'm talking about I was thinking maybe you can have more lock states one for each person I don't have no lock states the next thing it's complicated you can have a social box with your name so the person who sent the message has a social box so what if the person who sent it has a box so they have their own box and they also have their own public key and private key which key do I know the public key it's kind of a trick question I should never know their private key but I have a public key and the key has their name on it I got this key from you I know who you are you have to send me a message they put their message in their box and then what and then what do they do with the lock on their box maybe somebody stole their box they turn it to the right with their private key and then what do they do with it they give it to me they use they use they use they use their secret key to on their box and then how can I guarantee that that message hasn't been tampered with or modified can she use the public key right so then I think that's a good point this is good alright good you saw through my roots okay and this is super cool assuming that we can get this to where it works so what should be what should be true for a system like this to work what could be some flaws in this system you don't want a private key that can open more than one box so I wouldn't want to repeat private keys yeah that would be bad yeah man in the middle of what's that yeah there could be a possibility if you're passing the box to me that somebody else unlocks it well we'll say it's a special lock that doesn't quite work on because you can't lock their lock with your private key and this is one of the faults part a little bit you shouldn't be able to figure out the shape of the private key from the shape of the public key yeah so think about this what information on this picture does everyone know do they know that the lock do they know how the locks work yeah what else do they know the public key so simply what they know the private key so it shouldn't be the case that you can take a public key and create or derive the private key otherwise that would defeat the purpose cool so these are but have we got over this fact of transmitting a message to me securely such that if we assume the box itself is an encryption that now we can you can share a message with me and know that it's been encrypted and we did not share a secret key and you can send a message to them or they send a message to you but I haven't read it since the key yeah so we need to figure out something to do with that but in some sense we've shared some secret information that only so we've shared a secret message without sharing without sharing the key yeah you're using an algorithm to decrypt it doesn't that mean that everybody doesn't want to want the private key yes sure I actually don't know the answer to that baby because I was just saying if you like found out a way to get a list of public keys and then you can check like against that table for the private keys yeah so you better make sure that um well you assume that they know the public keys so you better be the case that it's not able to go back even if they enumerated all possible public keys yeah so you need to the generation of keys actually becomes very interesting and difficult and this actually was a problem in I want to say Debian or some embedded systems where they weren't using enough randomness to generate keys and so the keys were all in the same space and they were able to break them that way so we get some nice things we can get as we'll see we can get confidentiality from this which is what we want we get as we saw non repudiation right so what was what was non repudiation again yeah you can't quite you worked in one that took the action so what scenario did we go over that demonstrated this no no in the box example specifically with this public key I mean if the key is in terms of specific way you know that it was done by a person and so if the message is modified if you have another key you know it's not good right exactly so in the case that I put a message there I couldn't say hey there's no possible way like I didn't write that message that said that the midterm was canceled right because you could take a video of yourself unblocking it with your public key and then at that point it's very clear this message came from me so and this is actually the underlying basically mathematics here you need something where it's easy to generate the public key and the secret key but it's difficult to generate the secret key given the private key public key sorry the P being both private and public is difficult the P is public S is secret so if it's easy to generate the public key and the secret key is difficult to generate the secret key from the public key and this makes sense this is actually the fundamental tenet of this system we need this to be the case otherwise this whole system falls apart and it's not useful and each party every party has their own secret key and both parties and the other thing that's important for members everyone knows everyone's public key we'll talk about it we'll assume this for now right both Alice and Bob know their public key and including our famous adversary who we'll call Eve her eavesdropper so Eve also wants to communicate and she also knows Alice and Bob's public key fundamentally we assume everyone knows Alice and Bob's public key right public key it's literally in the name public everyone knows right secret who should know only the owner right secret should be only the owner cool so now we can think about these as functions that we can do and apply to messages similar to how we thought about DES and AES we could say they took in a message and a key so what we're going to talk about these is Alice wants to send a message and to Bob so then what does Alice use to encrypt that message if she wants to send it to Bob her private key Bob's public key so what's the difference she used to her public key she used her private key if she used her private key Bob would have used her public key and then if she used her public key she would have used her private key so it depends on what we want so when we're talking about encryption what are the properties we want confidentiality confidentiality we want nobody else to be able to know the contents of this message so if we were to take this message and encrypt it with Alice's secret key who can read that message everybody that has their public key and who has their public key everyone yes we assume everyone has everyone's public keys therefore we should use what to encrypt so then let's walk through the scenarios Alice's secret key that doesn't make sense what about Alice's private key so when Alice used her private key to encrypt the message wouldn't it be confidential anyone can open it who can open it Alice is that what I said public key yes I'm thinking of Alice's public key that only she can read it seems like a silly operation you don't really need that so what was that if Alice encrypts it with her public key so if the message is encrypted with Alice's public key what key can decrypt that message Alice's secret key can she encrypt the message with Bob's secret key why? because she doesn't know it so the only thing we have left is Bob's public key does Alice know Bob's public key? yes yes everyone knows everyone's public key so she can take the public key use it to encrypt the message to get some cyber text C and now how does Bob decrypt it takes his secret key and does what and so like we said and I'm going to keep carving on this what does Bob know for a certain at this point the message is said that it hasn't been tampered with yeah so since since the cyber text was created it hasn't been tampered with what does Bob know about who sent the message? nothing so does Bob know if it comes from Alice? what about heave? could it go beneath? yeah all these things are possible right because everyone has access to Bob's public key so the other way to think about this I still don't really understand why Alice can't use her public key why do you say that Alice can't create it in that case? sure so Alice takes her public key public key and Alice takes the message and the cyber text C sends it to Bob but he has Alice's private key public key right? yes her public key so the message has been encrypted with Alice's public key so it's the only key that can be encrypted with that message she's the only one that has that yes Bob does not have that if we assume that then we'd be back to the symmetric crypto phase where they both have to share the same private key cool good question okay so now the important thing to think about is what can heave get from this message so what if heave takes this message C because heave wants to find out she wants to heave's job on this message she wants to find out the contents of this message what if he takes that message and decrypts so what if heave capture what do we assume in this scenario that heave is able to capture cyber text cyber text we assume that you can read the message no our system is already broken at this point if heave can read our message so the only thing that gets transmitted is the cyber text C so heave takes the cyber text and encrypts it with or tries to decrypt it with Alice's public key it'll return garbage right it doesn't work it's not going to return N for a certain what about Bob's public key same thing same thing right nothing so what does heave know at this point not nothing heave doesn't know nothing what does she know what does the cyber text and the public key yeah so she knows the cyber text what does she know about the cyber text something interesting to think about she likely knows there's some communication between Alice and Bob well she doesn't know Alice but she doesn't know Bob because it's using Bob's public key she definitely knows that she just steals it let's say she steals it in transit so she knows that N will assume that heave is better than we should be critical she knows it wasn't used it wasn't encrypted with private keys yeah so she knows it wasn't encrypted with private keys she just did this operation she also knows the size of the cyber text which could be interesting depending on the scenarios this is again something that we talked about a little bit this encryption doesn't by itself get rid of this notion that the size of the text can be revealed so yes this is also still a nice bunch of assumptions but it's still relatively large enough key to be difficult to group force because otherwise if you might can't decrypt the public key couldn't you even theory like come up with plausible messages and you encrypt to see try and find a match in a sort of group force you would certainly try that right sounds like a known plain text attack so you a secure asymmetric crypto system is immune to those kind of techniques yeah because is it because of the size of the key or the size of the cyber text or what cost is that size of the key so you can think about they measure asymmetric keys usually in bit size of how much you would have to group force so it's not actually the size of the key quote quote it's the how many guesses would you have to get to break this okay so how then going on our notation how does Alice make a statement and that she wants everyone to know is from Alice so it's a stand by her message encrypt it with her secret key encrypt it with her secret key to get what so then she has a message that's encryptable by her it's not a message what is it cyber text at this point right so encrypting it with her secret key so Alice can take her secret key encrypt the message with that and then how does Bob check is this statement actually from Alice yeah uses Alice's public key to generate the message and what does Bob know for certain at this point Bob knows that Alice must have generated this message in her or somebody who has Alice's secret key we assume secret key is a secret so he only knows that what does Eve know Eve also knows the message right how does Eve get the message yeah he uses Alice's public key right so it's interesting to think about that Eve's driver at this point knows exactly the same information as Bob does but this is again inherent in what Bob is what Alice is trying to accomplish here she just wants to state a message that she can stand by and not and that everyone knows comes from her how do we get both right so we have so Alice wants to send and this sounds like something we more want to do right Alice wants to send a message to Bob that he knows that it's from Alice and that nobody else can know the contents of that message right we want both of these properties that is this proof you have to start using the okay so you send a message safely you respond to that message using part of that message initially send as the key no we're not going to worry about protocols I just want to send one message to Bob that Bob will know it's from Alice and we'll know that nobody else can read that message yeah so Alice first takes a message and encrypts it with her private key and then takes that output and encrypts it with what? Bob's public key so that way so they get some message C right so you think of these these are mathematical operations so we can think first we apply so we encrypt it with a secret key of Alice and then we encrypt that with the public key of Bob so you think of it like an onion right and like layers so think about who can take off these layers so who can modify the outer layer? Bob's secret key right so the secret key of Bob gets rid of that and then what gets rid of the next layer Alice's public key to finally get that message and so what does Bob know for certain at this point yeah he knows that this message M came from Alice and then nobody else has read this message along the way right so now we actually have a super cool application here and now what can Eve do with C so Eve steals C what can she do what does she have access to with the public keys and she get rid of this outer layer sorry this outer layer she can't get rid of this outer layer so Eve knows nothing at this point except for everything we talked about I'm actually knowing that the length of the message can be able to get away of passing a message securely from one party to the other without ever sharing the key in advance the other thing to do if you want to check and understand it if you flip these operations why would that not work would it be because Eve no no think about it unless you want to sit around here