WEBVTT 00:00:02.940 --> 00:00:08.500 The Internet: Encryption and Public Keys 00:00:08.990 --> 00:00:14.150 Hi my name is Mia Gil-Epner, I'm majoring in Computer Science at UC Berkeley and I work 00:00:14.150 --> 00:00:19.460 for the Department of Defense, where I try to keep information safe. The Internet is 00:00:19.460 --> 00:00:25.510 an open and public system. We all send and receive information over shared wires and 00:00:25.510 --> 00:00:30.039 connections. But even though it's an open system we still exchange a lot of private 00:00:30.039 --> 00:00:35.890 data. Things like credit card numbers, bank information, passwords, and emails. So 00:00:35.890 --> 00:00:40.690 how is all this private stuff kept secret? Data of any kind can be kept secret through 00:00:40.690 --> 00:00:45.299 a process known as encryption, the scrambling or changing of the message to hide the original 00:00:45.309 --> 00:00:51.900 text. Now decryption is the process of un-scrambling that message to make it readable. This is 00:00:51.900 --> 00:00:56.970 a simple idea, and people have been doing it for centuries. One of the first well known 00:00:56.970 --> 00:01:02.379 methods of encryption was Caesar's Cipher. Named after Julius Caesar, a Roman general 00:01:02.379 --> 00:01:07.220 who encrypted his military commands to make sure that if a message was intercepted by 00:01:07.220 --> 00:01:12.540 enemies, they wouldn't be able to read it. Caesar Cipher is an Algorithm that substitutes 00:01:12.540 --> 00:01:16.759 each letter in the original message with a letter a certain number of steps down the 00:01:16.759 --> 00:01:21.259 alphabet. If the number is something only the sender and receiver know, then it's called 00:01:21.259 --> 00:01:28.640 the key. It allows the reader to unlock the secret message. For example, if your original 00:01:28.640 --> 00:01:35.869 message is 'HELLO' then using the Caesar Cipher algorithm with a key of 5 the encrypted message 00:01:35.869 --> 00:01:43.259 would be this... To decrypt the message, the recipient would simple use the key to reverse 00:01:43.259 --> 00:01:50.179 the processes. But there is a big problem with Caesar Cipher, anybody can easily break 00:01:50.179 --> 00:01:55.569 or crack the encrypted message, by trying every possible key, and in the english alphabet 00:01:55.569 --> 00:02:00.389 there are only 26 letters, which means you would only need to try at most 26 keys to 00:02:00.389 --> 00:02:06.810 decrypt the message. Now trying 26 possible keys isn't very hard, it would take at most 00:02:06.810 --> 00:02:13.050 an hour or two. So lets make it harder. Instead of shifting every letter by the same amount, 00:02:13.050 --> 00:02:18.920 let's shift each letter by a different amount. In this example a ten digit key shows how many 00:02:18.920 --> 00:02:26.560 positions each successive letter will be changed to encrypt a longer message. Guessing this 00:02:26.560 --> 00:02:34.160 key would be really hard. Using 10 digit encryption there could be 10 billion possible key solutions. 00:02:34.160 --> 00:02:39.860 Obviously that's more then any human could ever solve, it would take many centuries. 00:02:39.860 --> 00:02:46.030 But an average computer today, would take just a few seconds to try all 10 billion possibilities. 00:02:46.030 --> 00:02:51.240 So in a modern world were the bad guys are armed with computers instead of pencils how 00:02:51.240 --> 00:02:57.890 can you encrypt messages so securely that they're too hard to crack? Now too hard means 00:02:57.890 --> 00:03:03.760 that there are too many possibilities to compute in a reasonable amount of time. Today's secure 00:03:03.760 --> 00:03:10.200 communications are encrypted using 256 bit keys. That means a bad guy's computer that 00:03:10.200 --> 00:03:16.290 intercepts your message would need to try this many possible options... until they discover 00:03:16.290 --> 00:03:24.040 the key and crack the message. Even if you had a 100,000 super computers and each of 00:03:24.040 --> 00:03:30.680 them was able to try a million billion keys every second it would take trillions of trillions 00:03:30.680 --> 00:03:37.690 of years to try every option, just to crack a single message protected with 256 bit encryption. 00:03:37.690 --> 00:03:43.320 Of course computer chips get twice as fast and half the size every year or so. If that 00:03:43.320 --> 00:03:48.400 pace of exponential progress continues, today's impossible problems will be solvable just 00:03:48.400 --> 00:03:54.680 a few hundred years in the future and 256 bits won't be enough to be safe. In fact 00:03:54.680 --> 00:04:01.070 we've already had to increase the standard key length to keep up with the speed of computers. 00:04:01.070 --> 00:04:05.540 The good news is using a longer key doesn't make encrypting messages much harder but it 00:04:05.540 --> 00:04:11.660 exponentially increases the number of guesses that it would take to crack a cipher. When 00:04:11.660 --> 00:04:16.779 the sender and receiver share the same key to scramble and unscramble a message its called 00:04:16.779 --> 00:04:24.199 Symmetric Encryption. With Symmetric Encryption, like Caesar Cipher, the secret key has to be 00:04:24.199 --> 00:04:29.710 agreed on ahead of time by two people in private. So that's great for people, but the internet 00:04:29.710 --> 00:04:35.840 is open and public so it's impossible for two computers to "meet" in private to agree 00:04:35.840 --> 00:04:41.599 on a secret key. Instead computers use Asymmetric Encryption keys, a public key that can be 00:04:41.599 --> 00:04:49.020 exchanged with anybody and a private key that is not shared. The Public Key is used to encrypt 00:04:49.020 --> 00:04:55.800 data and anybody can use it to create a secret message, but the secret can only be decrypted 00:04:55.800 --> 00:05:01.270 by a computer with access to the private key. How this works is with some math that we won't 00:05:01.270 --> 00:05:06.129 get into right now. Think of it this way, imagine that you have a personal mailbox, 00:05:06.129 --> 00:05:11.430 where anybody can deposit mail but they need a key to do it. Now you can make many copies 00:05:11.430 --> 00:05:16.509 of the deposit key and send one to your friend or even just make it publicly available. Your 00:05:16.509 --> 00:05:21.400 friend or even a stranger can use the public key to access your deposit slot and drop a 00:05:21.400 --> 00:05:27.400 message in, But only you can open the mailbox with your private key, to access all of the 00:05:27.400 --> 00:05:31.539 secret messages you've received. And you can send a secure message back to your friend 00:05:31.539 --> 00:05:37.620 by using the public deposit key to their mailbox. This way people can exchange secure messages 00:05:37.620 --> 00:05:43.699 without ever needing to agree on a private key. Public Key cryptography is the foundation 00:05:43.699 --> 00:05:49.340 of all secure messaging on the open internet. Including the Security Protocols known as 00:05:49.340 --> 00:05:55.900 SSL and TLS, which protect us when we are browsing the web. Your computer uses this 00:05:55.900 --> 00:06:01.400 today, anytime you see the little lock or the letters https in your browser's address 00:06:01.400 --> 00:06:07.409 bar. This means your computer is using public key encryption to exchange data securely with 00:06:07.409 --> 00:06:13.400 the website you're on. As more and more people get on the internet more and more private 00:06:13.400 --> 00:06:19.080 data will be transmitted, and the need to secure that data will be even more important. 00:06:19.080 --> 00:06:24.059 And as computers become faster and faster we will have to develop new ways to make encryption 00:06:24.059 --> 00:06:29.259 too hard for computers to break. This is what I do with my work and it's always changing.