 Secondly, I'd like to point out that bathroom doors exist. You don't need to be doing something wrong just to not want people to watch it. And I'm sure they even have bathroom doors in the NSA building. So that is the argument for why we think people have a right to crypto. And, you know, we think everybody who wants a bathroom door should have one. And there might be two reasons why you don't have your bathroom door or your crypto. One could be that you don't have something that's easy to use and totally that's something you guys need to work on, go away, sort that one out. And the other point is that people don't know what it is. And that is what cryptrists is attempting to address. So it's been done by, as the side project, my friend Leo's PhD thesis, because he's a very clever maths dude. He's been funded by Inria, who are a French computer science agency, developed by various people, and sponsorship kindly provided by these guys. I'll talk about it in a second, don't worry. It's open source and runs fully on HTML5, which I'm assured you guys will like. So let's see the example of crypto. Someone who needs to, clearly needs to use cryptography is Batman. Batman has many secrets, which it is very important that not everybody knows about. I'm sorry, I've lost my place in my notes. One second while I get back to them. So how does Batman use asymmetric crypto? Well, first he publishes his public key to the cloud. Oh, it's gone again. It's gone again. Come back again. So now anyone can encrypt a message to him, such as, what are you doing with your nipples, Batman? You can't see, but seriously, they're lit up in that picture. I don't know what's gone on. They can send him questions. I can send him secret messages using the encryption that Batman's published, and they can... Sorry, I've lost my place again. When I said I hadn't rehearsed, I really meant I hadn't rehearsed. I'm so sorry. So they can encrypt the public key and they can send their messages in a garbled form, and then Batman can decrypt them using his own key. If it's intercepted, then it's not a problem. Poison Ivy is screwed because it doesn't make any sense without the private key. And what makes it asymmetric? Batman keeps his key to himself. Not everybody gets to use that, and that's necessary because sometimes Mr. Freeze cannot be trusted. So, how does this relate to Tetris? This is an attempt to explain public and private keys in the case of the particular crypto that Leo's working on through Tetris analogy. You have a public key here, which you can apply to a clear text by dropping it on top of it, and I'll go through the maths more a little bit later. And to decrypt it, you use your private key and again drop it. You can rotate it, drop it multiple times, and that's how we explain the mechanism. Encryptus, you're put into a kind of fantasy situation where the computer's gone a bit nuts and you need to defend yourself against it through using crypto, but there's also a feature where you can send messages to your friends encrypted in Tetris-like behaviour. So, when you're playing through the storyline, you're the role of a legitimate receiver, so you have your private key, it's easy to use, it's easy to play cryptris with. The evil computer, it has a public key that's hard to use, so when he tries to decrypt, it's harder for it than it is for you, and you're basically racing to crack this code before the computer does. And you can see here that the difficulty increases exponentially for the evil computer, which only has access to the crappy public key, whereas yours only increases linearly, so this is a good thing. I should probably say, I know you're all at very different levels, for some of you this is probably really noddy, for some of you this is probably like, so if there's something you don't understand, please just wave your hand and shout at me, and I will attempt to sort it out. So, you may be thinking, how on earth could you explain cryptography without mentioning prime numbers, is that not missing out a fairly significant part of it? Because RSA, the most commonly used encryption protocol relies fundamentally on them, but this is a different kind of cryptography, it's lattice-based cryptography, which definitely has a lot of potential, or so Leo, who researches in lattice-based cryptography, tells me. It's theoretically harder than RSA, it's developed by the academic community, so it's not patented, and it seems to resist, I am told, in a paper that I have not had time to read, and I'm very sorry, cracking by quantum computers, and it offers fully homomorphic encryption, which is something that I will talk about a little bit later, but for the moment, if you just put it in your head as like a cool maths thing, that won't be too far wrong. So, how does cryptography actually represent maths? Well, bricks of the same colour pile up, when you drop them on top of each other, bricks of different colours cancel out, and this is basically addition. But, so here like, blue is plus one, dark blue is minus one, but if you look at what's happening in each column, it's addition, but if you had each column representing a different dimension, then that would be a vector. It would be aware of representing a vector. Everyone call with vectors? I'm glad those people are okay with vectors. I very rarely had a thumbs up for mentioning vectors. You guys are fantastic, but I keep one worrying that you're going to catch me out. So, we've got a way of describing vectors with Tetris. Where can we go with them? So, here's an example of how the blocks translate to vectors, which you guys, you know you're cool with, so we don't need to go through this. You can define a lattice with these, and much like in RSA, the multiple of the primes is the mathematical object that you use for encryption, here the lattice is the unique mathematical object that you use for encryption. And we can describe that in a condensed form through the cryptris-Tetris layout. The keys that we have here are bases, ways of talking about the lattice, groups of vectors that, you know, if you stick them together, make a crystal lattice. And there can be bases that are better or worse than others. So, we keep our good bases for ourselves, we keep them as our private keys, but for our public keys, we just chuck bad bases, bases that go all over the place. And what makes them bad other than just, you know, looking kind of ugly? Well, first of all, it's easy to go from a good basis to a bad basis. You just kind of add some randomness and say you end up going in a weirdo direction. If you want to go from something that's not a straight direction and find a really simple, easy route, then that's difficult. You can think of it as kind of having a good map of the lattice, where you can take like regular sized steps and approach your points in a normal way, or having a map where you have to take steps that are like two steps forward, three back and one sideways, where you kind of have to go forward and back to reach the point that you're going for. And these have equivalence in cryptrists. So, your good basis only has one long column and lots of short columns, and as any tetris player will know, your problem is when you get these big towers. So here you can just take out the towers with the column. However, if you've got a bad basis, then you end up with lots of long columns, so when you drop them on here, you might cancel out one of them, but all the other ones add up, and two steps forward, one step back, can't get to the lattice you're looking for. So, is cryptrists truly unbreakable? Is it a good form of cryptography? Should you trust it? It's not as good as lattice-based cryptography, the form that it tries to communicate yet. The key size is ridiculously small. It goes up to like 16 columns across, which would only be 16 dimensions. You need 150 dimensions for serious security. It needs to have lots of extra randomness added. Otherwise, it's easy to test if two ciphertexts encrypt the same plaintexts. And in cryptrists, the sum of two ciphertexts is a ciphertext to the sum of the messages, which those of you who are crypto fans may be thinking, ah, that sounds like a bad idea. But... Feach! So, this is a feature of fully hemomorphic encryption, which is a really cool mathematical property that I trailed earlier and that I will now talk about slightly more. It basically means that if you have two encrypted objects and you do something with them to each other while they're encrypted, then when you take them, then when you decrypt the combination, you'll get the result of doing that operation on them when they were unencrypted. So it's basically like if you took some red paint and some blue paint in the tins and put them next to each other and shook them up, and then you took the tins away, it would be purple. You can do maths without having to decrypt them, basically. And this is a really interesting property. Yes, it creates some issues in terms of security, although there are countermeasures, I'm assured. But, very useful in some circumstances such as evading, and I particularly think the most important application could be in the cloud for when you want to store data remotely and also operate on it remotely without losing your cryptographic security. These results aren't here yet, but new results coming out all the time. Hot tip, keep your eyes out a couple of weeks, exciting paper on the subject. And I'm really sorry if you want to disown cryptographic messages to each other via Tetris. Crypto is only available in French at the moment, hence why I'm working on the internationalisation. However, we are currently looking for rich people who want to pay to afford the internationalisation, or people to crowdsource the translation. So, if you're interested in either of those things, you can talk to us. If you want to play it, you can probably get through most of it through just picking OK. OK is d'accord in French. And particularly if you want to play the arcade mode, if you want to play the story mode, you might have a bit of difficulty. That's the link, bit.ly slash cryptris. Or you can help us with improving it. Good luck, guys. Have fun with your Tetris-based crypto. Now, this is where you ask me loads of difficult crypto questions and I go, I have no idea, I just talk about science. Hello, difficult question. No, you do need multiplication for it to be fully homomorphic, but there's experimental theoretical proofs that multiplication is possible and it's a case of working out the details of how it can be done in an efficient computational manner. But mathematically, it's possible. I'm sorry if that's a bit of a, like, they can do it, they just can't do it sort of answer, but it's the case, I'm afraid. I'm sorry, if people didn't get the question, it was about whether fully homomorphic encryption can be enabled with just additive operations and it can't yet. Anyone? Hello, you. So the question was about explaining the protocols for exchanging public keys and other aspects of crypto systems that aren't just the maths aspects. We don't have that one. It would be really cool to see done better and if it's a problem that you've come up with, you know, maybe we could take a look at it, but I don't know. My feeling as a science communicator, if you're working in this field six years, is that you don't want to load too many things on at once because people get a bit, oh, so many things I don't know. So my feeling is that what would be great is to have this sort of game for the maths and then say, okay, here's another place you can go and find out about, you know, because we basically glossed over the whole cloud, the whole authentication encryption thing, and obviously it is dead important. So I think another essential piece done by someone else who's not me. You with the dreads. Sure, so the question is a recap of the distinction between a good basis and a bad basis. So it's a set of vectors rather than a single vector. So what makes a good one is that it's orthogonal, the vectors are short. Or if they are long, then only one is long. What makes a bad one is that they're all over the place and all spiky and the reason that's a problem in kind of lay terms is because you can't... So in terms of encryption, what you actually want to do is locate a point in relation to the lattice. And if you're trying to locate it with this thing that goes all over the place, you're trying to get to that location but indirectly through a really wiggly path. Does that make sense? Yeah, it's a more complicated route that's less amenable to the algorithms that are used to locate the point. I have the name of the... I've forgotten the algorithm, sorry. There is an algorithm, go bug Leo. Anyone else? All right, cheers, guys.