The Internet: Encryption and Public Keys
Hi my name is Mia Gil-Epner, I'm majoring
in Computer Science at UC Berkeley and I work
for the Department of Defense, where I try
to keep information safe. The Internet is
an open and public system. We all send and
receive information over shared wires and
connections. But even though it's an open
system we still exchange a lot of private
data. Things like credit card numbers,
bank information, passwords, and emails. So
how is all this private stuff kept secret?
Data of any kind can be kept secret through
a process known as encryption, the scrambling
or changing of the message to hide the original
text. Now decryption is the process of un-scrambling
that message to make it readable. This is
a simple idea, and people have been doing
it for centuries. One of the first well known
methods of encryption was Caesar's Cipher.
Named after Julius Caesar, a Roman general
who encrypted his military commands to make
sure that if a message was intercepted by
enemies, they wouldn't be able to read it.
Caesar Cipher is an Algorithm that substitutes
each letter in the original message with a
letter a certain number of steps down the
alphabet. If the number is something only
the sender and receiver know, then it's called
the key. It allows the reader to unlock the
secret message. For example, if your original
message is 'HELLO' then using the Caesar Cipher
algorithm with a key of 5 the encrypted message
would be this... To decrypt the message, the
recipient would simple use the key to reverse
the processes. But there is a big problem
with Caesar Cipher, anybody can easily break
or crack the encrypted message, by trying
every possible key, and in the english alphabet
there are only 26 letters, which means you
would only need to try at most 26 keys to
decrypt the message. Now trying 26 possible
keys isn't very hard, it would take at most
an hour or two. So lets make it harder. Instead
of shifting every letter by the same amount,
let's shift each letter by a different amount.
In this example a ten digit key shows how many
positions each successive letter will be changed
to encrypt a longer message. Guessing this
key would be really hard. Using 10 digit encryption
there could be 10 billion possible key solutions.
Obviously that's more then any human could
ever solve, it would take many centuries.
But an average computer today, would take
just a few seconds to try all 10 billion possibilities.
So in a modern world were the bad guys are
armed with computers instead of pencils how
can you encrypt messages so securely that
they're too hard to crack? Now too hard means
that there are too many possibilities to compute
in a reasonable amount of time. Today's secure
communications are encrypted using 256 bit
keys. That means a bad guy's computer that
intercepts your message would need to try
this many possible options... until they discover
the key and crack the message. Even if you
had a 100,000 super computers and each of
them was able to try a million billion keys
every second it would take trillions of trillions
of years to try every option, just to crack
a single message protected with 256 bit encryption.
Of course computer chips get twice as fast
and half the size every year or so. If that
pace of exponential progress continues, today's
impossible problems will be solvable just
a few hundred years in the future and 256
bits won't be enough to be safe. In fact
we've already had to increase the standard key
length to keep up with the speed of computers.
The good news is using a longer key doesn't
make encrypting messages much harder but it
exponentially increases the number of guesses
that it would take to crack a cipher. When
the sender and receiver share the same key
to scramble and unscramble a message its called
Symmetric Encryption. With Symmetric Encryption,
like Caesar Cipher, the secret key has to be
agreed on ahead of time by two people in private.
So that's great for people, but the internet
is open and public so it's impossible for
two computers to "meet" in private to agree
on a secret key. Instead computers use Asymmetric
Encryption keys, a public key that can be
exchanged with anybody and a private key that is
not shared. The Public Key is used to encrypt
data and anybody can use it to create a secret
message, but the secret can only be decrypted
by a computer with access to the private key.
How this works is with some math that we won't
get into right now. Think of it this way,
imagine that you have a personal mailbox,
where anybody can deposit mail but they need
a key to do it. Now you can make many copies
of the deposit key and send one to your friend
or even just make it publicly available. Your
friend or even a stranger can use the public
key to access your deposit slot and drop a
message in, But only you can open the mailbox
with your private key, to access all of the
secret messages you've received. And you can
send a secure message back to your friend
by using the public deposit key to their mailbox.
This way people can exchange secure messages
without ever needing to agree on a private
key. Public Key cryptography is the foundation
of all secure messaging on the open internet.
Including the Security Protocols known as
SSL and TLS, which protect us when we are
browsing the web. Your computer uses this
today, anytime you see the little lock or
the letters https in your browser's address
bar. This means your computer is using public
key encryption to exchange data securely with
the website you're on. As more and more people
get on the internet more and more private
data will be transmitted, and the need to
secure that data will be even more important.
And as computers become faster and faster
we will have to develop new ways to make encryption
too hard for computers to break. This is what
I do with my work and it's always changing.