 All right, all right now you hear me in the back you're in the back All right, so what my thing is Oh, I see this is not supposed to be what you want to see Yeah But that's where all the good content is exactly who needs those things Okay, that seems fine, right? See remember I said about OBS somebody should fix it. This is garbage Don't apologize for OBS Okay We good even We can see in here. All good. All right, cool Okay, we are on the other side of Halloween so happy November It's definitely way too early for Christmas stuff. I can't believe that's already starting But I do have I guess to celebrate the demise of Halloween. I do have candies So if you answer questions, no, no, you don't get it for free. What's wrong with you? You only get it for free when your children trick-or-treating your adults you answer questions, and I'll try to throw candy at you and Then you can get some candy Yeah, I heard a trick where some professors said that they would oh Didn't now you evaluate professors and do course reviews like when you're Home but back in my day you had to do it like on paper in class like a professor would pass it out And some people I knew would bring candy whenever those were passed out and just happened to give candy to the whole class on those days I don't know if it works. Yeah Depends if you catch it or not Yeah, you know life's risky. Yeah Can you fabricate questions? No, no, I ask questions and you answer it's on the other way around Hmm, maybe we'll see I'm the arbiter of the candy. So whenever I feel like giving out candy If you have candy You don't want to do that then don't do that also don't randomly throw candy at me if I'm not ready Okay, it's supposed to be fun Cool. All right, so we've been talking about Cryptography and so somebody refresh us. What is the key difference between? asymmetric cryptography and symmetric cryptography Okay, the asymmetric does what what's the key difference? Don't know follow. That's a follow-up question to you. So yeah, I think the key is it's different to just say It's not that there is no share key, right? There are keys that have to be shared but everyone has essentially two keys a public key and a private. It's gonna be a great class Great. Okay. Yeah, so, you know the idea being thinking of so symmetric for sure. There's one key that's shared but Why is it showing? This part of my screen What? Yeah, everything is messed up. Okay, you talk to me. There you go Okay, all right. I guess these slides are fine if you're on twitch and you're If this looks weird this presents presenter of you'd say something and I will fix it Yeah, yeah, I'm looking at it here. Okay, we'll see how that works. Okay, so and we looked at asymmetric go asymmetric crypto systems We saw that we can get all kinds of cool stuff. We can get encryption So if we have Alice and Bob, they both have public keys. They both have secret keys How can Bob send a message to Alice? So that only Alice can read it. We haven't got there yet. That's next content in the back Yeah, so Bob can use Alice's public key Encrypt the message to get Cypher text that Cypher text can only be decrypted with Alice's Secret key exactly Are you willing to try? Can't do that again, I will feel that it's not good for my arm You may have to come closer to collect said candy Somebody make sure you get that one on like row four or five. Yeah We have not we're gonna get there right next. Yeah So now we're talking about this as a high level because this is really the key thing of understanding How do I use these systems? How do I use the different keys? So we just talked about encrypting. What about non-repudiation? so if Bob wants to transmit a message and that everyone cryptographically knows that that message comes from Bob. What can Bob do? Yeah, you already have a candy Okay Okay, he encrypts it with his own secret key and why does that help how does then everyone else? So if I get that message from Bob, how do I then verify that it comes from Bob? Exactly, I use Bob's public key to decrypt that message which I know everyone can do which why it doesn't guarantee Encryption and it doesn't guarantee confidentiality, but I'm able to say that this actually comes from Bob Okay, great you I was just kidding Cool. Yes, non-repudiation. Excellent. And we just also talked about this is the more complicated one. I Want to send a message So let we'll stick with Alice and Bob Bob wants to send a message to Alice Such that only Alice can read the message and then Alice can verify it comes from Bob so Let's Pointer Pen So I have my message M so Bob Wants to send a message to Alice That message M that is both confidential confidential and that Alice will know it comes from Bob So the public key of Alice encrypt the message So which part does this guarantee so that Alice is the only one that decrypts it but anyone can do this, right? so like Mallory or Eve Evil person can make another message message prime and encrypt that with Alice's public key So the secret key of Bob like this, okay, so we get that and Then so one thing make sure it's correct. So Bob can the outer layer apply So that would give you see and so if you then take that apply first the public key of Bob to then get the middle and then the But the message is from Bob to Alice Bob doesn't have access to Alice's secret key Yeah, okay, wait, let's look at so this is from Bob Dallas wait maybe I got confused Okay, so Alice uses Bob's public key to encrypt the outer layer then Alice uses her secret key to encrypt the message So great. Okay, so we get the message back now if eat if Eve our malicious Eve Gets this message right gets C. What can Eve do? Can use Bob's public key and to get so she can apply Bob's public key to get the inside of the public key of a of M and then She could substitute in her own M prime and then So the problem with this scheme is it's not like the outer layer is not being protected, right? We can actually go in there and and We can't decrypt this so we can't know exactly what's being sent but we can modify it and mess with it, right? And that's the key problem with this approach. What we really want to be doing is So on the outermost layer, so the very first thing we want to do is encrypt it with the secret key of Bob so Bob uses His secret key for the message so this gets non-repudiation So that Alice will know that came from Bob and then on that we want to use the public key of Alice And at this point, there's no possible way that anybody can look inside this message at all So there's no way of peeling off that outer layer. So that's the way to get there. Yeah, it's Complicated but important. Okay, so now we can understand. Oh, here You actually gave like a lot of steam rapid-fire catch So now that we've talked about these schemes what they are Now we'll get into how they're implemented and there's several different styles of these public private key crypto systems Again, I'm not a I'm not like a hardcore math person. So I Will give you the shape and flavor of why this stuff works But again, you can dig into the math to figure this out more. What's crazy interesting to me is that this stuff the concepts of So we we already kind of know what has to exist, right? We talked about it So we have these public key and a secret key and it should be Very very there has to be some relation Otherwise this stuff is probably not gonna work But it should be the case that it's difficult if you have the public key to derive the secret key, right? If it was trivial then you don't have anything and you need to keep that public key secret too And now you're on a symmetric crypto system. So the seeds of this idea go all the way back to 1874 So this says the same difficulty arises in many scientific processes given any two numbers We may by a simple and infallible process obtain their product. Do you know how to do this simple and infallible process to attain a product? What's that? multiplication, oh, sorry, I was trying to get it around the camera multiplication to obtain their product but it is quite another matter when a large number is given to determine its factors Can the readers say what two numbers multiplied together will produce the number? Is this billion eight billion six hundred and sixteen million four hundred and sixty thousand seven hundred ninety nine Do you know this off the top of your head? Sorry? I'm trying to get more of who asked the question, but It's good. Yeah, so one way we could do this. So here take a thing So Guess I'll never be an NFL quarterback. Okay So one way we could figure this out is try dividing this number by what we don't need to do one Will to work? No, we can already see because it's an odd number. Yeah Yeah, we can we can start doing things like that we can maybe do it cleverly, but the stupid way would just be trying all those numbers Here you can catch Do you want to try to catch? Okay, but one simple way we could do this we know two numbers multiplied together Resulted in this number, but we don't know what those are so we can just try all numbers smaller than that until we get two numbers That multiply together. Yeah, exactly. So Maybe they're a clever But this will boost the twitch stream numbers if I just throw cam that can be at people No, that would be I don't want you in the video just me but That would be a good if I was producing this anyways So there are maybe clever or ways we can try to do this But fundamentally we we have to try a bunch and we can all agree and we'll see that's actually difficult, right? The multiplication step is trivial. It took this person in 1874. I Wouldn't say two seconds, but you know doing longhand doing this out you could do this, right? You learn how to do this as children in school And this is what the author continues to go on I think it unlikely that anyone but myself will ever know for they are two large prime numbers and can only be Rediscovered by trying in succession a long series of prime divisors until the right one is falling upon Falling upon the work would probably occupy a good computer for many weeks. Wait a minute Did I just lie to you that this was 1874 and he's talking about computers What does he mean? Yeah computing numbers by hands using books and tables and all kinds of crazy stuff Yeah, so that's what he's talking about here, but just a quick fact check. He's not a time traveler For many weeks, but it did not occupy me many minutes to multiply the two factors together Similarly, there is no direct process for discovering whether number is a prime or not It is only by exhaustively trying all inferior numbers, which could be divisors. We each other is none And the labor the process would be intolerable where it not performed systematically once for all in the process known as this the sea sea of Aristoteles, thank you the result being registered in tables of prime numbers So this is crazy. This is a hint even back in 1874 that there is a mathematical process that is very easy to do one way multiplication but very difficult to undo when those numbers are prime so This notion and the seed of people that started exploring this Kind of finally realized like they could connect these ideas together. That's been in math and in number theory for a long time in 1976 Diffie and Hellman, which we'll talk about published a way of exchanging keys in the secret This is actually like mind-blowing that this works. It's so cool in 1977 Ron Rivest Rivest Rivest Addie Shamir and Leonard Adelman created RSA made from their initials, which the general public key crypto system which is super cool and Some interesting things when you get into like who developed what remember we talked about the NSA had crypto linear crypto analysts DES before that was ever known by the public similarly The concept of public key crypto was invented by a British cryptographer in 1970 so I think that's pretty interesting and then in 1973 one of that person's colleagues actually also invented RSA So there's kind of an interesting sub question here of like who gets credit for this invention If we only know about the NSA or that not the NSA but the classified Advances Decades after they actually happen so the folks on the top the public people are the ones who actually get the credit for inventing these But it's interesting to see that these ideas sprung up and what I also find interesting is that time gap right between Discovering these things in the classified space versus the public space It's an open problem, especially for somebody like me He doesn't have classified clearance or anything you could think about what's the gap nowadays Is it a six year gap like here, or is it a shorter gap longer gap? I don't know. Yeah Do I guess I Don't know but I bet there are people that know Right because it's kind of Interesting you can have the people in the classified space They have all the knowledge that's in the public space plus their own classified knowledge, right? So they can probably estimate how far in advance they are anyways, so let's get into Diffie Hellman's idea of public key cryptography by talking about paint So This is like a true analogy, I don't know. I don't know paint actually paint mixing actually works exactly like this Is that true? I don't know do colors work when you mix them like this like is this a pain? This is a valid color theory Demonstration, I don't know if this is true, but I think it might be too just because it's on Wikipedia, but I feel like that's a bad argument Exactly, okay cool Okay, so Alice and Bob randomly decided in the color that they share in the clear with each other So on the left, sorry, it'll be more clear as we go on on the left is Everything Alice knows on the far left On the middle is gonna be every the information that Alice and Bob exchange on the far left Is gonna be all of Alice's secret knowledge that only Alice knows on the far right will be Bob's secret knowledge that only Bob knows and on the bottom is Everything that Mallory knows because Mallory can watch everything that happens in the open But you can't know about anything that happens secretly that only Alice or Bob does make sense And don't worry you can still follow this even if you're like colorblind and stuff I think these colors are a co-mine safe. So randomly decide on an initial color. Let's say It's yellow they exchange that with each other. They then both Randomly decide on a different secret color in Alice's case It's like a orange if somebody like had one of those giant box of crayola crayons as a child and remembers What exactly those colors are I know this is like a burnt orange or something or this is a cyan for Bob I'm sorry. I'll probably just use orange and blue, but you feel free to Suggest better ones, but Alice generates an orange like color Bob generates a yellow like color Teal Sorry, did I say yellow? Oh, sorry. Sorry. Sorry. I was looking at the yellow one when I was talking Okay, yes, the blue teal like color and then they combine those so by using the public information the yellow Alice combines the yellow with the See the problem is it's a different color on the there than I'm seeing on my thing so Whatever the yellow with the orange to get slightly lighter orange Bob adds the yellow plus the Teal to get what say periwinkle is that a good guess like a light light almost like a lilac blue It looks periwinkle on my screen. Thank you very much dark sky blue Okay Amos looks like See they say baby blue on the twitch. So I think I'm correct. Okay a Blue-ish a lighter ish blue ish color that is definitely different from that teal And then they share those colors with each other So what does Mallory know at this point? Yes, Alice has the bluish color Bob has out sorry Alice has the orange is color Bob has the bluish color and They each know each other's one that they just shared so the now the state of the information is that Alice has knows about this bluish color of Bob and And Bob now knows of this orange color of Alice and Mallory knows all three colors What's the piece of information that Mallory does not know louder? Yeah, it doesn't know these colors right the dark orange for Alice and the cyan teal for Bob Yeah, these aren't keys. We're talking about paint Yeah, which color? Yes Yes So Right, so this You could maybe Yeah, the problem is how do you subtract paint colors? I think it's like fundamentally a difficult thing to do Assume for these things. I don't know anything about paints or colors No, no, no, it's a physical paint. It's not anything with colors Exactly very easy to mix paint together It's hard to separate them into what what exactly I missed because it's mixed because it should be I think there should be multiple pairs of paints that could get you to similar things and So just buy that argument and then everything else follows Yeah, we'll show how you do this with actual math. That's the cool thing. But for now, we're just talking paints So now by combining Alice and Bob can both this is the magic part Alice and Bob can both combine their randomly generated one with so the Orange the dark orange plus the light orange plus the I'll say baby blue and get this super muddy brown color Bob can also combine The cyan the light blue and the light orange to get this dark brown color And it's exactly the same color that they're both able to derive So we've reached a state now where Mallory Can't combine any of these colors together in order to infer and get what that What each of them has separately derived so you reach this crazy state? Where Alice and Bob now know something that only they know that Mallory cannot know When they've only exchanged information in the clear It's kind of crazy, huh? And this is the whole thing that this entire scheme relies on And now for instance if this brown color was a AES key Now they've collaboratively derived Exactly the same AES key that they can now use to encrypt some communication and Start a secure message but Mallory can't derive that same key with the information that she has or Rather than say can't I think the proper thing is it's compute We create the system such that it's computationally infeasible for Mallory to do that Questions it's kind of insane that this works and this is why so the other important thing This is why this is like one of the first public key crypto systems. It's not a true Public key crypto where you have a public and a private key But you can see that they're able to derive a shared secret that only two parties know by only transmitting public messages So this you can see can be used to generate that key that can be used for symmetric crypto We'll see that RSA is a general-purpose public private key crypto system Okay Now to talk about to get some intuition about why this works we now need to Think about we're gonna look at some math of what's actually happening behind the scenes. Okay, so Little bit of math refresher Communitive property on some type of operation any type of operation It seems like I don't know What was the last time you saw this on like in a class? 230 Like math 230. Yeah. Yeah, like a math class. It's like Discrete math or whatever is like math for computer scientists or something Yeah, right or you probably actually learned this all the way Maybe I think I remember learning this like back in algebra, right where you learn about the property And you're probably at the time you're like why the heck am I learning this stuff? I'll never I'll never come up again spoiler alert, so Okay, so we have several operations that are communicative and some that are non-cunitive, right? So subtraction you can't just swap the like the order that you apply them in matters Division matrix multiplication, but integer addition integer multiplication and paint mixing are all Communitive operations that we have stated in our paint mixing world Okay Now we need to talk about another operator that I'm sure you love and now I'm gonna fix this slide because we just talked about it on the way here The other ones it's correct because they're mods 13 Okay, so The mod operator Somebody remind me what that does Who hasn't had candy at you? Divides a number by another number and gives you the remainder. Yeah, you think you can catch a servers Okay, yes, and in principle, what does this do so the result will be you like how does this affect the range of the result? Yes Yeah, so the results only be 0 through 11, right? Okay, cool. When have you used the mod operator when programming? Is it useful? Wait, somebody raise their hand and tell me when you oh you you were not it Mm-hmm. Okay, cool. So factors. What about any other cases? Yeah One or a zero. Yeah, awesome. You can also use it to restrict ranges of things, right? So if you have a Do a circular buffer like that's a size of 200 or something you can do mod 200 that way You know you'll always stay within those sides Cool, and we can think about it like a clock If I thought about a clock it's like a mod 12 It's kind of what it is right when somebody tells you like Meet me at 1300 hours. What time do they mean on a clock like this? Yeah one, right? So we have zero one two three four five six seven eight nine ten eleven all of these Now We'll look at a different kind of clock So this is the clock that we're normally used to thinking about in terms of mod Now it turns out and the why does this happen Adam? I don't know. This is all math stuff So if you have two numbers that are cope I believe they there's a requirement that they're coprime or they're both prime seven and 13 Doesn't have to be coprime. They just need to be too random and the smaller one is this one, right? See exactly crazy math stuff so We can define I can probably pop forward and check here, but that's okay. Anyways, that will tell us we'll get there eventually, okay, so Sorry, I'm jumping around. Okay. What this does So now we have n so seven to the n mod 13 everyone know what Exponentiation is right seven the zero is all together now one seven to the one is seven seven to the two is 49 after that. I don't care. I don't know it's too much too big But you could take each of those results and mod 13 so we can do that, right? So we can do seven to the zero is one mod 13 is gonna be what? one and two so or to the so that was zero so seven to the one is seven mod 13 is what? seven 49 mod 13 is Turns out to be ten if you do the math, you don't have to do the math. That's fine and So you can actually continually do this From zero one two three four five six seven all of the numbers up there And what you'll get is now you get the same mod type operation where the results will always be from zero to 13 Where zero on here Oh You can't have zero interesting. Hmm. That's me. Oh Oh, it'll never be interesting, okay Got it Wait, why was there? Sorry, you guys can't see the stream, but balloon is just shot up on the stream. It was very weird on my camera Okay, I think it's a I going crazy. Okay, so the results in this case will then be one through one minus The thing so we have one two three But and this is the very very very important thing unlike this modular operator where everything the result was exactly One more right with zero one two three now you can think of this as this essentially randomizes What the next number is we have to like do these calculations so one seven ten five nine eleven and I believe we can then use this to do math here on this beautiful our beautiful friend mr. clock Seven to the end mod 13 So, oh good. We have it all here so So zero would be here one is seven Five is eleven negative two is four and if we do one plus one Oh great. Is that? Okay, I don't recall why this is important. Why is it important? Yeah, okay, great. So yeah, we can do it just like before we can do addition multiplication all on this table moving around at different points and So we can actually turns out use this property in order to actually implement this Divi Homan key exchange cool, so Steps of the operation are Alson Bob agree on some P and G where P is prime So P is gonna be the mod. So the requirement is this this mod has to be prime and G is a primitive root modulo P. What the I don't remember Perfect, okay, so it looks something like this that you get all 12 in that circle see cool Then so this is that information they exchange in our example the yellow paint are these two numbers Then Alice chooses a secret integer a to send Bob G to the a mod P So Alice computes that operation. So looks at her clock and says, okay, where is this number? Great send that to Bob Bob chooses a random secret integer B Sends G to the B mod P To Bob so similar thing calculates where on Bob's clock and sends that result So these are all sent in the clear. So Mallory would know P G capital A and capital B Alice then computes B to the a mod P So it takes B raises it to the a mod P That gets S and Bob is able to compute the same secret taking Alice's secret raise the B mod P and Why this works? So this is actually like It's incredibly simple math of why this works. So What we're doing here, right is taking B Let me draw Waiter so All right, this is G a B. Yeah, so this is a So a capital A to the B mod P Right, so just taking this which is this is S So expanding out a gives you G to the a mod P to the B mod P B can go into and pass in here. So this is the same thing as G to the a B mod P and because we can Multiplication is commutative we can swap those so we can do G to the a times B mod P and And with that we can then take a out and this is G to the B mod P Raise to the a mod P and what is this inside here? What B? Yeah, big B, right? Big B to the a mod P, which is what what's big B to the a mod P Yeah, it is but what in our in here. What is it? S somebody said it. It's S Yeah, so on both sides here you get S Right, you get here you get S is B to the a mod P and then we do these Transformations and at the very end we get B to the a mod P which is the same as S And so this shows that they each derive this secret S And I believe this all derives on the fact that it's very difficult if I said If I said okay, I have seven to the zero one two Mod 13 if I am multiplying this number times this number that would give me one two Three four five six two times six would be 12. So I would go here. I think two This one the very top one We're going to count all of this. Oh, yeah, it's just six to 12 So it goes up here the result would be one But if you knew just the result was one It's difficult to know which of those I multiplied together to get back because it's a giant circle You could try each of them But if this circle was incredibly large a lot of numbers in here It would take you a very very very long time to try all of them Which is why this is an example where you show you so we can do the math very easily But real systems have to use large very large numbers. So we can now apply this to our paint mixing analogy And so in this case Alice and Bob both agree in the clear to use 23 and 5 This would be so 23 would be p and 5 would be q so p This is the mod operator and so it's 5 to the n mod 23 is going to be the scheme that we're using So they will randomly choose an answer so 7 and 10 They will perform the addition. So here we have 5 to the 7 mod 25 23 is equal to 17 Bob calculates 5 to the 10 mod 23 is equal to 9 So we can see the linkage between the colors here Right, so this is how they're able to derive and mix the paint if you will Then they exchange those numbers with each other. So they send each other 17 and 9 so they both know that Now they combine these so they do 9 to the 7 mod 23 is equal to 4 and Bob does 17 to the 10 mod 23 is equal to 4 and that's how they're both able to get the brown numbers But Mallory with using the information that she has cannot calculate what that secret value is without trying all the values Questions this is nuts Right and this is like one of the basis of what all of our secure communications is based off of Which is also nuts like and it's simple Quote I guess simple is a relative term, but it's simple ish mathematical properties like these that we're able to identify and prove And then actually use You don't think it's proven. Hmm interesting. Yeah Yes, no the answer is they're not this I Think Diffie Hellman is still used if I remember correctly. It's still used for forward secrecy The idea being So we'll actually look at SSH keys as sage keys currently you can use RSA, which what we'll talk about which uses primes and prime factorizations The problem with those is actually I guess the Is Quantum computing so they have theorized quantum algorithms for factoring prime numbers And that severely you have to significantly increase the size of your RSA keys To make those theoretically safe and so we've actually started moving to elliptic curves Which have similar properties to this end with prime factorization, but as far as we know elliptic curve could the elliptic curve constructions can't be Defeated easily by a quantum computer as far as we know Yes, and that's why exactly because the as we'll see right or as even our diet of like how we talked about public private key, right? so Our adversary Eve can store all the messages that she sees and then try and knows public keys So she can try breaking all the public keys to get the secret keys And if she has a very clever way of doing that that we don't have access to then she can now go back Historically and read all those messages So Diffie Hellman, I believe is Used to do some forward secrecy to say that like even if the SSH keys are broken or the RSA keys are broken We still have some guarantees there Sorry people had hands raised while I was talking about Yeah elliptic curves, I don't know anything about them except for the things. I've literally just told you so but keep you feel free to ask Yeah, great question, I don't know smart people think about these things Cool, so now we can look at RSA. So this is the Diffie Hellman construction Part of what you're doing in your assignment is actually building this and doing this and you can see it's actually not Crazy math. I mean, this is just using very simple primitives So with RSA now we have we'll see we have a more general crypto system Public key crypto system with a public key and a private key and you can generate RSA keys yourself Anybody does anybody know off the top of their head whether they're RSA key or their SSH key is RSA So it'll have a I think if it ends in like ID underscore ED Whatever is a or EC is a elliptic curve and if it's ID underscore RSA something then it's an RSA key Yeah, so you're using this stuff all the time to access the servers cool, so RSA key generation So first and this is generating the keys So this is now answering the question so Diffie Hellman, right the whole point of that like you have to have an exchange Right, you have to have another party that you're working with to derive some secret Right, but that's not a general-purpose crypto system So for RSA what our goal is is to actually be able to generate a public key and a secret key that are linked But it's difficult to generate the private key from the public key So to do that first you have to choose two distinct Prime numbers P and Q the other cool thing as you get into crypto Everything that I'm saying like is a thing that must be true, right? These are two distinct prime numbers You'll look at ways that you can break them if these things like don't hold So you can show that like if they're the same prime number. I'm sure there's like massive problems to that There's also massive problems if any of these stages. So very first thing we do just like our friend back in 1870 something I really wish I'd memorized it off the top of my head that I've been so cool 1874 I was super close though. That was It was like two two years off. We can compute this right so we can multiply numbers can computers multiply numbers Yeah, computers real good at multiplying numbers even large numbers Even numbers with a thousand digits. They can still do it, right? It may be slower than just multiplying two 32 bit numbers, which you did in the assembly levels, but you can still do it so The whole idea of this scheme is that if you give end to somebody It is very difficult to figure out The factor into P and Q right just like our friend back in 1974 said aha. It took me Five minutes or whatever actually did he say exactly how long it took? Yeah, it did not occupy me many minutes to multiply the two factors together But he thinks in his time it would have taken people weeks to try to figure out those numbers So what we can do and our computers can do very quickly It should be the case that is very difficult for people to do that. So Okay, cool. Okay, there are also some other ones But it's pretty easy Yeah, this is just saying that we can easily calculate a to the e mod n and we know that P and Q are prime So we Can easily satisfy this is just saying that calculate that is easy But if we have C E and N Calculating a going backwards from this is hard. That is the other requirement. Okay, so we calculate another number M So we have P minus one times Q minus one We choose an E between one and M compute E to the negative one mod M and that gives us D We can do this easily because E times D is equal to one mod M We finally get our public key which is N so N we can't derive P and Q from and D and Our secret key is going to be N comma E So we keep E to ourselves D is derived From E here So the idea being given N because everyone knows and it's hard to get back to P and Q and Given D. It is difficult to go back and derive E Cool properties. Now. How do we encrypt things? So Alice wants to send a message M to Bob Alice now we can actually dig in and rather than using our public keys just as these kind of blobs Say like oh, we just perform some stuff. We can actually look at what that stuff is So Bob takes the private key that's sorry the public key of Bob Which is N of Bob and D of Bob and We need to somehow then turn the message into an integer. This is like a key problem We're gonna be using exponentiation and operating on that so And this number M must be between zero and NB so there is a limit of I think exactly what you can do here But again a lot oftentimes we're not gonna try to encrypt the whole message M We would encrypt some AES key or something with with public key crypto And then also send the message encrypted with a symmetric encryption All right Alice does M to the D mod N and Get C So Alice has the message M Alice uses N in there calculates M to the D So D of E mod N and gets C. So now we have our cipher text C Bob gets C to the E mod N Using his E that he has secret and the N that everyone knows and he's able to derive the message So Eve has C the public key of B the public key of A But because of this properties that this crypto system and because it's difficult to factor these primes Eve it should be computationally Infeasible for Eve to derive the message from the cipher text cool Okay, okay. Well anyways, this is what I just said. So I've been hinting at this all along So we need to be able to send numbers But Like we won't don't want to send numbers. We want to send messages We want to send arbitrary sized things we want to send a one gigabyte file Right that one gigabyte file is for sure gonna be less than your public private key Does anybody remember know the size of their public or private keys? it's like Actually, we can look at mine not my private key of course that would be very very very very very bad But we can look so we can do L. S. S. L. A. S. H. H. ID RSA pub So my public key is 394 bytes My I do have a Electric curve key and that's 97 bytes Well, can I show you this key? Yeah, because it's a public key. It's actually on my github. You can actually see these keys Well, I cat it for you right here No, because it's very trivial to make a mistake Because this is your private key and this is your public key So it's super easy if you're demoing something to type in cat till the slash dot ssh slash ID underscore RSA Tab enter and then boom now your private key is everywhere So something to be mindful of and is a terrible design decision of the SSH clients that they do this. Yeah And then I have to change it like everywhere Yeah, there's a I guess technically my private keys do have passwords. So there's another layer on top of that But so you have to break my password first, but like I just rather you know have it in the first place Okay Cool. So all that mass leads us to a place where we now have a crypto system that we can use To send messages to each other But we actually hit a little bit of a problem, right? So I had said well we want to show and demonstrate Non-repudiation but to do so we had to use our secret key on the entire message Right Do I want to do that with a key? That is you then use to decrypt something like then the message itself is actually Encrypted and it's not in plain text and anyways that turns into a lot of problems So we have another giant problem that we've talked about of message integrity. So how can I guarantee and Demonstrate to you that them that a message has not been tampered with. Why might this be useful in what cases? Yeah Verify that the message is coming from the correct source. How would you do that? So you maybe verify get a Message from the source that says hey, this is what I expect the data to be and then get the data That says this is the data For instance Yeah, what what situations may that be useful? Yeah Yeah, so for instance anybody installing software on their computer Anybody run Linux or anything like that? Let's use the package manager Yeah, guess what you're actually downloading packages from not always from if you're using a boon to you're not downloading them from Ubuntu there's a whole network of people who Will run servers and donate bandwidth and disk space to host these packages But then if you think about it, that's insane. You have your computer you type app get install emacs You connect to some random server Download that package and just run it on your computer. So they've installed some random thing So that seems like a terrible idea, right? Because how do you know you want your computer to know and verify that the stuff that you're installing is exactly what the people intended? So this is another case where integrity may be important. Maybe it's not necessarily a man in the middle Maybe you're delit like if you think about this Like content distribution network and they call it mirrors, right? You have servers that are mirroring content. How can you trust those other? So we really want and the other question is For The cryptographic primitives we've looked at one of their main properties is if I'm Mallory And I get a message and a bit is flipped in the message in the ciphertext You decrypt it It's going to be completely gibberish now How do I know the case between the sender is actually trying to send me random-looking gibberish message versus it's actually gibberish? Right like so I get some ciphertext. So if you think we have Eve in the middle Alice is sending an encrypted message to Bob. It doesn't really matter which system Mallory flips a bit and sends it on Eve Alice decrypts it and says, huh Bob must be trying to send me something weird Or maybe it was a key that they're trying to exchange and now that key is corrupted and completely different And the question is how do we know so this is where We get into the concept and the notion of cryptographic hash functions So these are super important to understand how they use We'll be seeing I think hopefully that how this can be used in authentication and and identifying users In password checking checking and verifying and authenticating a user But fundamentally what a hash function is is it a it Takes arbitrary input so any size input and produces a fixed size output so let's say Let's try to remember one off the top of my head the shot. I guess an easy one we shot 256. That's 256 bytes on the output So any daddy you give me shot 256 produces 256 bytes So how could this be useful? Let's say I have this magic box that does this Yeah, so hopefully if I send less data Right, so if I if my input data is a thousand bytes and I get a specific bit string 256 bytes output if I Send and remove the last byte. Hopefully I get something completely arbitrary Like completely random to detect that something change Right. Also if I flip one single bit, I would want different hash output Would it be useful if I just Take the first 256 bytes of the file The data that you give me so you give me arbitrary data my hash function is I take the two first 256 bytes And give that to you as the hash. It's like good or bad. I can't throw that thing to you again But you can answer yeah, it's very bad because it allows people to add stuff to the end All the attacker would know as long as I don't change the first 256 bytes that I'm good and I can just modify things later So some of the properties we want So I guess think about it conceptually right and arbitrary size input magic black box fixed size output Will there be the case that two inputs Have the same hash output Yes, no, so we want to make an argument for either So what is our input size that's that's all the thing arbitrary input and fixed size output So will there be collisions? Yeah. Yeah, it must be I think it's pigeonhole principle or something but Yeah, fundamentally if you have arbitrary size input, so if you have 256 bytes That is what two to the To the eight to the 256 or something. I don't that's a lot Or it should be that right eight to the 256 How many bits is that? Eight The 256 To the 256. No, no, that's bits the 256 bit. Okay, I'm saying bite. Okay anyways 1.15 times 10 to the 77 so there's a lot of possible inputs But I know if I keep applying that many right at a certain point. There will be some kind of collision other important property is We want it to be a one-way function in the sense that it is very easy to compute the hash and and fast But it's very difficult to go back So if I give you a hash it should be very difficult for you to tell me what input generated that or To another way because there are collisions to easily find another input that has is there. This is actually can be used to People to time stamp making statements Twitter was good for this you could post on Twitter a hash and Then a month later like if you have a prediction for who's gonna win the world series you could tweet that now Take your message hash it post the hash and then after the world series be like I predicted this look because I said this and it Hashto this and I said that four days ago And assuming that it's very difficult to go back or to calculate a collision Yeah, one key thing. I hope this is clear. It needs to be deterministic when I say function here at the top It's not just like a function you write but a mathematical function. So the output only depends on the inputs And the other Property we really want is that a small change in the input just fundamentally changes the output So you change the input a little and the output changes dramatically If we have something like this we get really great properties. So As we talked about and saw public key and asymmetric crypto systems are expensive We didn't really talk about that but the Exponentiation on large numbers is actually pretty computationally intensive and so Alice wants to make some statement M that everyone knows is from Alice and So let's say M is very large now That hash reduces the output and so now Alice takes a hash of that message the output being 256 bits and She encrypts that with her secret key and this is what we call like the signature of M So Alice now has a signature of M and the message M Right, which kind of makes sense because what was the purpose? Like why do we want to encrypt M with Alice's secret key? What's the point of that? Yeah, just to verify that it's from Alice, right? So every single person should be able to get Alice's public key Decrypt the message to read it. Well, that seems like a waste, right? We we want everyone to see the message. So we send the message in clear text, but we also append Add the signature of the message. So that way anybody wants to say hey, did this come from Alice? They can take the message hash it and then take the signature Apply Alice's public key check the computed hash and make sure they match And if our hash function is good, then we can be certain reasonably certain that it was difficult Like nobody else was able to create a message that hash the same way Yeah, so Bob can then check Hash M and hashing M is way way way faster than doing public private key crypto stuff on M And this is exactly what so we go back to the problem of your Ubuntu distributions and selling packages This is exactly what happens your Ubuntu system has keys of the maintainers and It will and also they publish a signed hash of all the packages So that way when your machine can Downloads a package from a random mirror. It can do this exact it not Ken It does do this exact process in order to stop somebody from manipulating with the packages It's pretty crazy the stuff like inaction all the time Bless you Cool. So now Bob. Yeah at this point. We're not the same situation as we had for non-repudiation. So now a Bob knows that the message M that Alice tried to send is this what she intended and She knows it Bob knows it hasn't been tampered, but there's no M prime people. So What would happen if Eve sat in the middle between Alice and Bob and altered M to be M prime. What would happen louder? Exactly. So the hash of M. So now the hash of M prime will be different Then the hash of M. So the signatures won't match. Thank you Cool. So exactly so the hat altering the hash altering the message either way, right? So there's two things that that Eve can do Eve can either change the message or Eve can change the signature Right can Eve change the message and put her own signature there So Eve generate some new message M prime Calculates the hash of it encrypts that hash with her secret key and Then gives that to Bob. Bob only can validate the signature based on what he gets So be Yeah, so what let's take a step-by-step so we have So Eve gives the secret key of E the hash I should just use H of M prime and M prime so Bob gets this or Eve changes it Eve thinks this comes from Alice He gets it. What does he do? Yeah tries to decrypt the signature But what does he use to decrypt the signature? Exactly Alice's public key So he'll apply Alice's public key to this and what would that decrypt do? Jibberish garbage and the hash will definitely not match Right, he'll have message M prime try to check it. It will definitely not match Or it would fail the Signature usually to have some sort of validation so you can tell like oh if you try to decrypt something that was encrypted with a different public key anyways Yeah, the point is By doing this if now Bob can also verify that this was definitely a message sent by Eve if he has Eve's public key Right, but he cannot be tricked into thinking that this message came from Alice Because he cannot pass the signature a validation process for Alice cool questions on this Yeah, so signature here. We're just defining as hashing a message and then applying your secret key to it Which is exactly what if you see something's been signed like digitally signed I guess depending on that sometimes a marketing term but like with public private key crypto actually involved That's what a signature means cool, and we can use We use a hash function all the time literally any website you log into is using hash functions We use it for file or message integrity so just like we said in terms of communication Password verification so this actually is a different property This is using the property that the website wants to store your password, but doesn't want to store your password Right what the website actually wants is to check if you know the password that you gave earlier But the website doesn't want to know your password because if they get compromised then everybody knows their password So what they do instead is you send them your password They hash it and they do some other things to it that we'll talk about later And then store that in the database and then later on they can verify that it's you because you give the same input That has to do the same thing, but when an attacker compromises the database if it's done correctly It should be very difficult. They can't go easily from the hash to the password Unfortunately as we'll see What they can do is just guess passwords So they hash password and look for all the passwords in the database or hashes in the database that map to password And they will find people as people do this Anyway proof of work so all of the crypto Stuff most of it runs on hashes. This is how Bitcoin actually operates under the hood It's actually trying to find hashes that have a certain number of leading zeros and the number of zeros corresponds with the difficulty of The finding the block so each block that they find this is what mining is literally all about is just finding Based on the current pool of transactions You find some random value that you X you hash all together that gets a certain number of leading zeros And the first person to do that within roughly while the first person to do that which usually the network is made to do happen Roughly in 10 minutes They then tell everyone else and they give themselves 50 bitcoins as part of that transaction and that's how I think now it's 25 Is there slow mining fees for mining bonuses? I think so right it's built in the protocol. I don't remember Yeah, there's a limit on how much yeah, thank you. Okay, cool Also, I may use git Yeah, every single random Character ish hexadecimal strings. Those are hashes. So git is all done based on Identifying data. So it is a hat. I commit is a hash and it does that to represent a set of changes So what gets doing under the hood is you say I want to change these files and commit it It takes those changes hashes that so that that way people can't rewrite history and stuff and you can easily verify this up anyways, we will continue on to hash functions on Monday today was Wednesday, right Okay, and if you didn't get any come