0:00:02.940,0:00:08.500
The Internet: Encryption and Public Keys

0:00:08.990,0:00:14.150
Hi my name is Mia Gil-Epner, I'm majoring[br]in Computer Science at UC Berkeley and I work

0:00:14.150,0:00:19.460
for the Department of Defense, where I try[br]to keep information safe. The Internet is

0:00:19.460,0:00:25.510
an open and public system. We all send and[br]receive information over shared wires and

0:00:25.510,0:00:30.039
connections. But even though it's an open[br]system we still exchange a lot of private

0:00:30.039,0:00:35.890
data. Things like credit card numbers,[br]bank information, passwords, and emails. So

0:00:35.890,0:00:40.690
how is all this private stuff kept secret?[br]Data of any kind can be kept secret through

0:00:40.690,0:00:45.299
a process known as encryption, the scrambling[br]or changing of the message to hide the original

0:00:45.309,0:00:51.900
text. Now decryption is the process of un-scrambling[br]that message to make it readable. This is

0:00:51.900,0:00:56.970
a simple idea, and people have been doing[br]it for centuries. One of the first well known

0:00:56.970,0:01:02.379
methods of encryption was Caesar's Cipher.[br]Named after Julius Caesar, a Roman general

0:01:02.379,0:01:07.220
who encrypted his military commands to make[br]sure that if a message was intercepted by

0:01:07.220,0:01:12.540
enemies, they wouldn't be able to read it.[br]Caesar Cipher is an Algorithm that substitutes

0:01:12.540,0:01:16.759
each letter in the original message with a[br]letter a certain number of steps down the

0:01:16.759,0:01:21.259
alphabet. If the number is something only[br]the sender and receiver know, then it's called

0:01:21.259,0:01:28.640
the key. It allows the reader to unlock the[br]secret message. For example, if your original

0:01:28.640,0:01:35.869
message is 'HELLO' then using the Caesar Cipher[br]algorithm with a key of 5 the encrypted message

0:01:35.869,0:01:43.259
would be this... To decrypt the message, the[br]recipient would simple use the key to reverse

0:01:43.259,0:01:50.179
the processes. But there is a big problem[br]with Caesar Cipher, anybody can easily break

0:01:50.179,0:01:55.569
or crack the encrypted message, by trying[br]every possible key, and in the english alphabet

0:01:55.569,0:02:00.389
there are only 26 letters, which means you[br]would only need to try at most 26 keys to

0:02:00.389,0:02:06.810
decrypt the message. Now trying 26 possible[br]keys isn't very hard, it would take at most

0:02:06.810,0:02:13.050
an hour or two. So lets make it harder. Instead[br]of shifting every letter by the same amount,

0:02:13.050,0:02:18.920
let's shift each letter by a different amount.[br]In this example a ten digit key shows how many

0:02:18.920,0:02:26.560
positions each successive letter will be changed[br]to encrypt a longer message. Guessing this

0:02:26.560,0:02:34.160
key would be really hard. Using 10 digit encryption[br]there could be 10 billion possible key solutions.

0:02:34.160,0:02:39.860
Obviously that's more then any human could[br]ever solve, it would take many centuries.

0:02:39.860,0:02:46.030
But an average computer today, would take[br]just a few seconds to try all 10 billion possibilities.

0:02:46.030,0:02:51.240
So in a modern world were the bad guys are[br]armed with computers instead of pencils how

0:02:51.240,0:02:57.890
can you encrypt messages so securely that[br]they're too hard to crack? Now too hard means

0:02:57.890,0:03:03.760
that there are too many possibilities to compute[br]in a reasonable amount of time. Today's secure

0:03:03.760,0:03:10.200
communications are encrypted using 256 bit[br]keys. That means a bad guy's computer that

0:03:10.200,0:03:16.290
intercepts your message would need to try[br]this many possible options... until they discover

0:03:16.290,0:03:24.040
the key and crack the message. Even if you[br]had a 100,000 super computers and each of

0:03:24.040,0:03:30.680
them was able to try a million billion keys[br]every second it would take trillions of trillions

0:03:30.680,0:03:37.690
of years to try every option, just to crack[br]a single message protected with 256 bit encryption.

0:03:37.690,0:03:43.320
Of course computer chips get twice as fast[br]and half the size every year or so. If that

0:03:43.320,0:03:48.400
pace of exponential progress continues, today's[br]impossible problems will be solvable just

0:03:48.400,0:03:54.680
a few hundred years in the future and 256[br]bits won't be enough to be safe. In fact

0:03:54.680,0:04:01.070
we've already had to increase the standard key[br]length to keep up with the speed of computers.

0:04:01.070,0:04:05.540
The good news is using a longer key doesn't[br]make encrypting messages much harder but it

0:04:05.540,0:04:11.660
exponentially increases the number of guesses[br]that it would take to crack a cipher. When

0:04:11.660,0:04:16.779
the sender and receiver share the same key[br]to scramble and unscramble a message its called

0:04:16.779,0:04:24.199
Symmetric Encryption. With Symmetric Encryption,[br]like Caesar Cipher, the secret key has to be

0:04:24.199,0:04:29.710
agreed on ahead of time by two people in private.[br]So that's great for people, but the internet

0:04:29.710,0:04:35.840
is open and public so it's impossible for[br]two computers to "meet" in private to agree

0:04:35.840,0:04:41.599
on a secret key. Instead computers use Asymmetric[br]Encryption keys, a public key that can be

0:04:41.599,0:04:49.020
exchanged with anybody and a private key that is[br]not shared. The Public Key is used to encrypt

0:04:49.020,0:04:55.800
data and anybody can use it to create a secret[br]message, but the secret can only be decrypted

0:04:55.800,0:05:01.270
by a computer with access to the private key.[br]How this works is with some math that we won't

0:05:01.270,0:05:06.129
get into right now. Think of it this way,[br]imagine that you have a personal mailbox,

0:05:06.129,0:05:11.430
where anybody can deposit mail but they need[br]a key to do it. Now you can make many copies

0:05:11.430,0:05:16.509
of the deposit key and send one to your friend[br]or even just make it publicly available. Your

0:05:16.509,0:05:21.400
friend or even a stranger can use the public[br]key to access your deposit slot and drop a

0:05:21.400,0:05:27.400
message in, But only you can open the mailbox[br]with your private key, to access all of the

0:05:27.400,0:05:31.539
secret messages you've received. And you can[br]send a secure message back to your friend

0:05:31.539,0:05:37.620
by using the public deposit key to their mailbox.[br]This way people can exchange secure messages

0:05:37.620,0:05:43.699
without ever needing to agree on a private[br]key. Public Key cryptography is the foundation

0:05:43.699,0:05:49.340
of all secure messaging on the open internet.[br]Including the Security Protocols known as

0:05:49.340,0:05:55.900
SSL and TLS, which protect us when we are[br]browsing the web. Your computer uses this

0:05:55.900,0:06:01.400
today, anytime you see the little lock or[br]the letters https in your browser's address

0:06:01.400,0:06:07.409
bar. This means your computer is using public[br]key encryption to exchange data securely with

0:06:07.409,0:06:13.400
the website you're on. As more and more people[br]get on the internet more and more private

0:06:13.400,0:06:19.080
data will be transmitted, and the need to[br]secure that data will be even more important.

0:06:19.080,0:06:24.059
And as computers become faster and faster[br]we will have to develop new ways to make encryption

0:06:24.059,0:06:29.259
too hard for computers to break. This is what[br]I do with my work and it's always changing.