Imagine this Scenario

Alice want to send data to Bob. She tells the delivery man to walk the data to Bob.

Alice

Bob

Data

However, the delivery man wants to access this data and can easily do so.

Data

I now know all the secrets!!

Data

Symmetric Encryption

Alice

Bob

I locked this data using the

agreed-upon encryption.

I can unlock this data using

the agreed-upon decryption.

However, what if the delivery man was there when Alice and Bob exchanged the encryption/decryption methods?

I know the key to "unlock" this encryption since I overhead Alice and Bob!

Data

Symmetric Encryption

Data

Asymmetric Encryption

Alice

Bob

I can encrypt this using

asymmetric encryption.

I can decrypt this despite

never meeting Alice in person.

Is there a way for Alice and Bob to communicate securely without ever meeting? 

Yes. This is possible using asymmetric encryption.

What? This is too secure for me!

Data

They realized that if people could never privately share encryption methods, they could share it publicly. 

That's right. To keep data secure, the some information is open to the public. This encryption method is called the public key.

How to avoid meeting in person

Meet Whitfield Diffie and Martin Hellman

Diffie                       Hellman

However, to stop everyone from being able to decrypt private messages, Diffie and Hellman realized that there needs to be a decryption method that only the user knows. This is called the private key.

But how does that actually work?

Every user has a public key and a private key. And somehow, by sharing the public key, they can still keep their private key unknown. The user's private key will only decrypt messages encrypted with the user's public key.

Public and Private Keys

And that's what asymmetric encryption is. Instead of having a single key to encrypt and decrypt, there are two different keys: public and private!

Asymmetric Encryption

Ron Rivest, Adi Shamir, and Leonard Adleman created RSA to turn the concepts by Diffie and Hellman into an actual cryptosystem.

How RSA was created

Rivest             Shamir         Adleman

The RSA cryptosystem allows users to have a unique public and private key. But by sharing the public key, the private key remains hidden. RSA is not a concept. It has algorithms to actually create these public and private keys!

RSA Example

Data

Encrypted with

Bob's public key

Alice

Bob

I can encrypt this using

Bob's public key.

I can decrypt this using my

private key that no one else knows.

I know how this is encrypted, but I can't decprypt it since I don't know Bob's private key!

Data

What does the delivery man think of this?

RSA Example

Data

Encrypted with

Alice's public key

Alice

Bob

Thanks Bob! I can decrypt your

message using my own private key!

I can return a message encrypted

with Alice's public key since it is

publicly shared!

RSA is too secure for me. :(

Data

With RSA, Alice and Bob can communicate securly!

However, the delivery man has an idea:

Alice

What if I pretend to be Alice and send a message to Bob?

I can encrypt it with his public key since it is publicly shared!

Fake data

Encrypted with

Bob's public key

Bob

Alice sent me a message!

This is clearly not good.

Good thing RSA has a solution!

Signing your message

RSA has one more property that allows people to show messages came from them. Just like writing a signature on a letter, this is called signing.

We already know that RSA allows a private key to decrypt ciphertext encrypted with the matching public key.

Additionally, RSA allows the public and private keys to be swapped.

You can encrypt a message with your private key, and it can be decrypted using your public key!

Finding the Origin of Ciphertext

I found this ciphertext, but I don't know who it's from.

Data

Encrypted with

???'s private key

Decrypt with A's public key

Data

Data

Data

Decrypt with B's public key

Decrypt with C's public key

This ciphertext is from Person C since their public key decrypted it!

Alice

Bob

I signed my message.

I now know this came from Alice!

How Signing Works

What if the message is first encrypted with Alice's private key, and then encrypted once more with Bob's public key?

Data

Encryption #1 with Alice's private key

Encryption #2 with Bob's public key

Bob can then decrypt with his private key and then once more with Alice's public key. Since only Alice know's her private key, Bob can be sure that Alice sent the message if her public key decrypts it.

In this scenario, who knows what?

Alice

Bob

I signed my message.

I now know this came from Alice!

Data

Encryption #1 with Alice's private key

Encryption #2 with Bob's public key

Just like without signing, Bob can decrypt the message since he knows his own private key. However, this time, he can prove that Alice sent the message since only she knows her private key (and he decrypted it correctly with her public key)

If the delivery man tries to pretend to be Alice, then Bob will know since Alice's public key won't decrypt the ciphertext.

I'm pretending to be Alice, but I don't know her private key, so I used my own.

Bob

I got a message.

Data

Encryption #1 with Delivery

Man's private key

Encryption #2 with Bob's public key

When Bob tries to decrypt it...

Data

Encryption #1 with Delivery

Man's private key

Encryption #2 with Bob's public key

I can't "unlock" the red box with Alice's public key, so I know it isn't from her.

Bob

Using signing, Alice can prove when messages are from her and when others pretend to be her!

Foiled

Again!

Introduce Diffie-Helman and the public-key cryptosystem:

1. DH created public-key cryptosystem

2. Rivest, Shamir, Adleman created RSA with the following properties: 

1. E, D can't infer information from one

2. E(D(M)) = M, D(E(M)) = M

3. Revealing E doesn't allow D to be computed (easily, only works one way)

How RSA was created

Example of EA and EB out in public

A encrypts with DA, B decrypts with EA

Everyone can decrypt with EA

A encrypt with DA & EB, d decrypt with EA & DB

Now, this only works if DB is known, and B is the only one who knows

This is now secure!

Great things about RSA:

double encryption

identity known from using E_A/B

Why RSA is great