 Another form of public key encryption is known as Al-Gamal, and the system works as follows. One of the big problems with cryptographic protocols is that if you want to exchange the actual keys, you have this problem of how do you communicate them? And again, if we're trying to use the keys to keep information secret, but then everybody knows what the keys are, our information isn't quite so secret. So there is an interesting way of solving this problem. Now, technically the key exchange is not part of the cryptographic system, but it's useful in the cryptographic protocol known as Al-Gamal. And it's a public key cryptosystem that uses an interesting algorithm to bypass the possibility that the key is going to be intercepted. And so with other systems we have the following. We have some public base A, and again we'll assume that we're going to be working mod n. And I'm going to encrypt a message in the following way. So we have Alice and Bob again. So Alice is going to choose some number r, doesn't really matter what number she chooses, and she's going to compute the following number. She's going to use the public base, raise it to her number, and reduce it mod n. And she's going to compute this value. And Bob is going to choose some number s, and he's going to compute the public base raised to his exponent, again reduced mod n. So these values kA and kB are out in public, and they're communicated, and they're exchanged between each other. Now here's the important thing. Because these values are exchanged, it's possible that somebody might listen in and figure out what they are. But the critical piece of information here are the values r and s. And the problem is if I know kA, trying to find r requires solving the discrete logarithm problem. And again, that's believed to be very difficult. Likewise, if I know kB, I have to try and solve the discrete logarithm problem. And again, that is believed to be very difficult. Well, what do Alice and Bob did with these numbers? Well, Alice is going to compute kB raised to power r. Now note what that is. That's Bob's number raised to her exponent. Bob, on the other hand, is going to compute kA raised to power s. That's Alice's number raised to his exponent. And the thing to note here is that when they do that, when Alice raises Bob's number to her exponent, she gets a to power rs. And when Bob raises Alice's number to his exponent, he also gets a to power rs. And so both of them now have this secret number, a to power rs mod n, even though neither one has ever communicated what that value is. And this is an example of what's called the Diffie-Hellman Key Exchange Protocol. It's a way of making sure that the same number appears in two different places without ever transmitting enough information to determine the number over an open channel. Now we want to use this to actually send an arbitrary message. So what I'm going to do is whatever my arbitrary message is, the encrypted message is just going to be this secret number multiplied by the message mod n. This is essentially an affine cipher. And likewise, Alice, when she gets this message, she can decrypt it by multiplying by the multiplicative inverse of a to power rs, because she knows what this is, she can find the multiplicative inverse, and thereby recover what the message is. Now let's take a look at an example. So the message is p equals 35, and I'll use public base 5 and modulus 89. So Bob and Alice are going to choose random numbers. So Bob chooses, say, 8, and Alice chooses 13. And so Bob computes public base to his number mod 89, and that's going to be 4, and he's going to send this number to Alice. Yeah, my number is 4. Alice then computes public base to her number mod 89, and sends this information to Bob. Now they're ready to compute what the actual secret key is going to be. So Bob computes the encryption key by taking the number that he got from Alice, that's 40, raising it to his exponent, 8, and then reducing mod 89, and so he finds 40 to power 8, and that works out to be 16. And so this tells him what the encryption key is, and so he can encrypt p equals 35. Again, this is essentially an affine cipher. 16 times 35, reduced mod 89, gives him the encrypted value, 26. So Bob says the encrypted message is 26. Now Alice, to decrypt the message, takes the number that Bob sent her for, uses her exponent, 13, and if everybody's done everything correctly, 40 to power 13 should be our encryption key, 16. Now she knows that Bob used 16 as the encryption key, so she needs to find the inverse of 16, which works out to be 39, and so she can then decrypt c equals 36 by multiplying it by the multiplicative inverse, 39, and then reducing it, mod 89, and that gives her the message 35. Now one of the particularly interesting features about this cryptographic system is that Alice and Bob can actually be a little bit sloppy. Now Bob really should destroy this encryption key as soon as he uses it because he doesn't want to give out that information, but suppose he doesn't, he writes it down on a piece of paper and leaves it lying around, and Eve discovers it. He said, ah, I know that Bob used the encryption key 16. Now, this information may not be useful or relevant anymore, but she knows that Bob used the encryption key 16, so maybe she can use this to break messages further. And it turns out that won't work as long as Alice and Bob do a little bit of more work. And the important thing here is that this key is what's called an ephemeral key. It's used once, and then the next time you send a message, you use a different key. And the next time Alice has to send Bob a message, they reselect exponents. So Bob chooses 11, and Alice chooses 7 as her exponent. So let's see Alice sends 5 to power 7, 72 to Bob. Bob sends 5 to power 11, 55 to Alice. Alice figures out what the encryption key is by taking Bob's number, raising it to her power, and that's going to give us 34 as the key. And then the message is going to be the value 57 times the key reduced to 89. So if we do that, 69 as the message, and she sends that information to Bob. Again, Bob takes Alice's number, raises it to his power, and computes that the encryption key must have been 34, and so he finds the multiplicative inverse of 34, 4 has to be 55, and now Bob is in a position to decrypt the message. So he multiplies the encrypted message by the multiplicative inverse, 55 times 69, and finds this, reduces it, and that tells him that the original message must have been 57. And Eve's knowledge that the key for the previous message was 16 doesn't do her any good for this message.