0:03
Hi everyone, Ed Amoroso here. In this video, we're going to have some fun.
I'm going to introduce you to a topic that is foundational and absolutely
essential to understanding modern cyber security
and how it enables different types of things in our world.
So, we go back to the problems of conventional cryptography,
main problem being that it doesn't scale,
we like the fact that it was efficient, love that.
We are able to solve the covert channel problem with chaining.
We're able to solve the size of the keys with things like triple-DES,
and using multiple options depending on the criticality of your application,
you could pick a key size that makes sense,
we fixed all that.
But we didn't fix this problem scaling.
So these three wonderful people I show.
You can see their picture here,
it's Whit Diffie, Marty Hellmann,
and also Ralph Merkle.
They're all at Stanford, and their work that they did back in the 1970s,
which turned out to be an extremely creative time for cryptography and for
computer security has resulted
in something we would all refer to as Public Key Cryptography.
Now the idea that they came up with was,
instead of having one key that Alice and Bob would use to encrypt,
they said, let's break the key,
let's have it in two pieces.
And furthermore, let's not have it given to us by a key distribution center,
but rather, every participant follows an algorithm.
And I'll share with you later that the RSA algorithm has
really been the implementation strategy of choice for public key cryptography.
There have been others, but we think of RSA as the main one.
They said the idea is everybody would run an algorithm locally that generates a key pair.
I don't have to ask anybody for it,
I don't have to go to a key distribution center,
I just generate it.
And the idea is that the public portion of that and
secret portion would be treated differently.
The public piece is something I tell everyone.
Now, we'll get into key distribution later,
but for now, think of it as,
put it in a directory,
put it in a place where everybody can sort of see it,
as in not a secret, your public key.
But the secret key is something you put in your back pocket.
Some people refer to it as a private key.
I like to use secret because secret starts with S,
public starts with P,
and I can write P-A-S-A for public key,
secret key, but private would be acceptable as well.
Just like I said, it's the same letters,
it's somewhat more awkward to work with that term. So here's the idea.
When I encrypt something with a public key using a public key algorithm,
this is not DES,
triple-DES, those are all conventional algorithms.
Diffie and Hellman were positing,
they were imagining if I had an algorithm where I could encrypt it using a public key,
public key I generated,
then it should be the case with the algorithm that
the only way I can decrypt it is if I have the corresponding secret piece.
Do you follow? I use a public piece to encrypt,
I use the secret piece to decrypt, and the reverse.
So if I encrypt with the secret key,
then the only way I can decrypt is using the public key.
And there's a uniqueness theorems,
as well meaning, if I encrypt something with a public key,
and then I decrypt with something and I get the message back,
then that something had to be the key to
the secret portion of that public key secret key is unique.
They're not going to be ten different possible answers here, there are only be one.
So it's a beautiful concept, absolutely wonderful.
It again predicates this idea that you could come up with an algorithm like that.
Not that, you know,
hey they'd come up with it.
Now, Ron Rivest, Adi Shamir,
and Leon Adleman from MIT,
in fact, did come up with an algorithm that uses
this idea of multiplying primes together, absolutely, beautiful concept.
You multiply two primes together,
and the result is something that encapsulates the secret key in here.
But that combine the product
of the two primes is something I don't mind sharing with everybody,
that can be a public.
And that's sort of how the RSA algorithm was implemented.
But for now, we'll just stick with this idea of
this notation being set up in a manner that, you know,
I write squiggly brace with a subscript maybe a P sub A,
and then squiggly brace around that subscript,
S sub A, that shows encrypt with the public key,
decrypt with the secret key,
and get the message and back,
that's the notation that we'll be using.
I have a little quiz here for you just to test your notational understanding.
The answer is A, obviously.
By definition, that's what we said, encryption entailed.
So, with that, we're going to go on in our next video.
To start using public key cryptography to build up the properties
that we need to make it useful in practical settings.
So we'll see you in the next video.
Dr. Edward G. AmorosoResearch Professor, NYU and CEO, TAG Cyber LLC
