Public Private Key Encryption: An Introduction

How are secrets kept secret in the age of the internet

Ciaran Mcveigh

Ever wondered how spies communicated during the cold war or maybe you’ve heard of the enigma code, the unbreakable code in world war two. Ever thought about how you’re bank details remain secret when you send them to Amazon over the internet, these are all questions we may not have ever thought about but we should because they are fundamental to how the world works today.

To help explain the answers to these questions we must first start with some terminology. Let's start with three terms and briefly explain what each means, cryptography, encryption and cipher.

Cryptography

Cryptography in ancient Greek means “Hidden Secret” and is the practice and study of techniques for secure communication. This ultimately means how do I send messages between myself and someone else without third parties being able to read them. Encryption is one of the methods used to enable this.

Encryption

Encryption is the process of encoding some content from readable format into garbage through an encryption method. An Encrypted message can only be viewed by authorised parties, those who are not authorised cannot.

Cipher

a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. Let’s take a look at an example, the “Caesar Cipher”.

Caesar Cipher

The Caesar Cipher is one of the simplest and best-known forms of encryption. It is said to have been used by Julius Caesar to protect messages of military significance that he sent out to his armies. It is a simple substitution cipher where each letter in a message is shifted some fixed number to the left or to the right in the alphabet.

For example, if we were to encode the message “HELLO” using a Caesar Cipher with a shift of 3 to the right.

Plain Text: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher Text: DEFGHIJKLMNOPQRSTUVWXYZABC
HELLO -> KHOOR

Have a go for yourself here.

Why do we need Encryption?

Since time began there have been wars, spies and political intrigue. You can imagine the importance of secret correspondence between these parties. It was essential that even if their messages were intercepted they could not be read. Because of this messages were encrypted before they were sent, if the message was intercepted the enemy wouldn’t be able to decode the message and gain access to the content.

Prior to the mid-1970s spies and governments would have used something called symmetric encryption. The Caesar Cipher is a form of symmetric encryption. Symmetric encryption involves both parties having a shared secret, for example both Caesar and his Generals know that the cipher is a right shift of 3, that is the shared secret.

Symmetric-key algorithms are algorithms that encrypt data using a “key” and some algorithm. The key is generally a very large random number that is a variable in the encryption algorithm and it is this key that represents the shared secret.

A good way to think about key encryption is that a message is put in a box and padlocked. The padlock represents the encryption, even if you gain access to the box you can’t get access to the message inside unless you have the key.

Spies in the past would have used this method of encryption to correspond with each other. The problem with symmetric-key algorithms is that we both need to know what the key is to start communicating securely. But I can’t send the key to you unencrypted and trust it won’t be intercepted because if the key is discovered all of our subsequent encrypted communication using that key can be decrypted by our enemies.

This is a classic case of “chicken and the egg” I need to send you some data (the key) for us to securely communicate but I can’t send that data until we can securely communicate in case it is intercepted. Previously there was no way around this, the way most spies would exchange keys would be in person for example in a park at night time or in a busy market.

Now while this may have been possible for spies working in a similar geographic area it’s not possible when I who live in the UK want to send my bank account details or other sensitive information to a family member who lives in Australia, meeting in the park just doesn’t cut it. (In case your wondering why you couldn’t just phone the person and tell them what the key/secret is when you are dealing with national security or millions of dollars people will find ways to listen in on those phone call)

In the internet age, vast amounts of sensitive data are being sent every second. Think bank details, medical records, watch lists, salary details the list goes on. How is this data kept secure? I don’t remember meeting my bank clerk in the park to exchange a shared secret. What stops hackers stealing your money or your identity.

This is where Asymmetric key encryption comes in. Asymmetric key encryption or Public-key cryptography as it is also known was created in the mid-1970s. As you may have guessed from the name, asymmetric key encryption does not require a shared key. In symmetric encryption, we had one key which was known by both parties. In asymmetric key encryption, we now have four keys, two for the sender and two for the receiver. I'm going to use an example with Alice, Bob and Eve the eavesdropper to explain at a high level how asymmetric key encryption works.

Alice and Bob are trying to communicate and they are going to do so using asymmetric key encryption. There are four keys involved.

Keys1. Alice's Public Key
2. Alice's Private Key
3. Bob's Public Key
4. Bob's Private Key

These keys are set up in such a way that a person's private key can decrypt a message encrypted with that same person's public key. The converse is also true a person's public key can decrypt a message encrypted with the same persons private key. Consider these statements for clarification.

1. A message encrypted with "Alice's Public Key" can be decrypted with "Alice's Private Key"2. A message encrypted with "Alice's Private Key" can be decrypted with "Alice's Public Key"3. A message encrypted with "Bob's Public Key" can be decrypted with "Bob's Private Key"4. A message encrypted with "Bob's Private Key" can be decrypted with "Bob's Public Key"

So how does this help us? First, let's talk about public and private keys, public keys as their name implies can be made public, you can include them at the bottom of your email post them online, anyone can have access to them. Private keys, on the other hand, must be kept secret. Let's start our communication between Alice and Bob and see if Eve is able to eavesdrop.

  1. Alice posts her public key online where both Bob and Eve have access to it
  2. Bob drafts a message “Hello Alice it’s Bob I need you to meet me at Trafalgar Square at 5 pm” and encrypts it using “Alice’s Public Key” he then sends it to Alice over the internet
  3. Eve intercepts the message opens it but just sees the encrypted text, a jumble of letters and numbers, she is unable to decrypt it as she doesn’t have access to “Alice’s Private Key
  4. Alice receives the message and decrypts it using her private key (“Alice’s Private Key”) and reads the message.

Ok sounds simple right, but what would happen if Eve used Alice’s public key to encrypt a message that read “Hello Alice it's Bob I need you to meet me at Westminster Station at 4 pm” Alice would have 2 messages how is she to know which is the real one.

This where the private key comes in. In addition to encrypting the message with Alice’s Public Key, Bob will also encrypt the message with his private key (Bob’s Private Key). Now you may be thinking why would you encrypt a message with your private key since it can be decrypted with your public key which the whole world has access to and you’d be right. The key thing here is that if Alice can decrypt the message using Bob's Public Key she knows it was encrypted using Bob’s Private Key which only Bob has access to. Subsequently, she can confirm that the message must have been sent by Bob. This type of encryption is often referred to as a digital signature because in the same way a signature is a form of verification in the real world this private key encryption can act as one in the digital world.

So now we know about digital signatures lets restart the communication between Alice and Bob and see if Eve is able to cause any havoc.

  1. Alice posts her public key online where both Bob and Eve have access to it
  2. Bob drafts a message “Hello Alice its Bob I need you to meet me at Trafalgar Square at 5pm” and encrypts it using “Alice’s Public Key” and his own private key (“Bob’s Private Key”) he then sends it to Alice over the internet
  3. Eve intercepts the message opens it but just sees the encrypted text, a jumble of letters and numbers, she is unable to decrypt it as she doesn’t have access to “Alice’s Private Key
  4. Eve drafts a message “Hello Alice its Bob I need you to meet me at Westminster Station at 4pm” and encrypts it using “Alice’s Public Key” she then sends it to Alice over the internet
  5. Alice receives the 2 messages and decrypts them using her private key (“Alice’s Private Key”), she then tries to decrypt both messages using “Bob’s Public Key” only one of them successfully decrypts, since that message could have only been encrypted with “Bob’s Private Key” Alice can deduce that this message this the real one from Bob.

So there it is your first introduction into cryptography. Please note that I have oversimplified the process to provide you with a high-level overview of how public key cryptography works. As always I’m keen to hear feedback and please let me know if I’ve made any mistakes.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade