# Cryptography 101: How a Symmetric Key Exchange Works (Basically)

Webster’s dictionary defines cryptography as… I’m just kidding. This blog post *is* about cryptography, though just an intro.

Just to start somewhere, let’s go over the Diffie-Hellman Public Key encryption method, which uses a symmetric key algorithm. That means that the same cipher is used to encrypt and decrypt a message. In the feature film *National Treasure*, the cipher on the back of the United States constitution is an example of a symmetric key.*

A lot of digital cryptography is based on what is known as a `trapdoor function`

. The function is difficult to reverse engineer when given just the result of said function. For the purposes of illustration we are just going to use a “door function” (not a real thing). I’m making up that terminology for the purposes of this example. We will pretend that our function is difficult to reverse engineer (but you will see that it is not).

Example **trapdoor function** (a real thing):

You know there are two numbers that when multiplied, result in ** 17,078,781,140,149**.

Without the hint that one of those numbers is

**, it would be time consuming, if not fairly difficult to determine which two numbers were multiplied to result in**

*1,766,021***. That ‘hint’ is the trapdoor. (The other number was**

*17,078,781,140,149***With the trapdoor you can divide**

*9,670,769.***by**

*17,078,781,140,149***and figure that out for yourself).**

*1,766,021*Example **door function** (again, ** not** a real thing):

You know there are two numbers that when multiplied, result in ** 15**.

No hint is required to determine that the two numbers were

**and**

*3***. Technically this is still a**

*5*`trapdoor function`

, we are just calling it a “door function” because it is easy to reverse engineer just by looking at it. Just to repeat, I made up “door function”. I thought it was vaguely humorous and I appreciate whimsy.I manage to wrap my head around Public Key cryptography like this: multiply a Public Key and a Secret Key to get a common cipher, aka a Shared Secret. Your Public Key and Secret Key are both different than the other person’s Public and Secret Key, but both sets of keys, when multiplied, result in the same shared secret. This is way simplified and the actual math involves Totients and a Modulus but this is Cryptography 101, The Intro Lesson.

Let’s get a cast of characters together to illustrate an example. Meet Ajay, Beyonce, and Christina. Each person’s Public Key is generated by multiplying their Secret Key by ** 5**. Again, in real life, the math in that calculation is sliiiiightly more complicated, but suspend your disbelief with me for then next few paragraphs. It might go without saying but everyone’s Public Key is known by everyone else. It’s public.

Behold, a handy chart to keep it all straight:

Now for the fun part. Ajay writes a message “Hi Beyonce, have you seen the movie Speed?” This message is for Beyonce’s eyes only, so Ajay multiplies his Secret Key by Beyonce’s Public Key and uses the result to encrypt it.

Multiplying those keys results in ** 75**. This is the shared secret between Ajay and Beyonce. For demonstration purposes, our encryption method is to interleave the shared secret between every character of the message, and decryption is removal of all instances of the shared secret. It is quite elementary, but just pretend that on the internet, this makes it impossible to read.

When we apply this totally believable encryption method to the message, this gives:

“H75i75 75B75e75y75o75n75c75e75,75 75h75a75v75e75 75y75o75u75 75s75e75e75n75 75t75h75e75 75m75o75v75i75e75 75S75p75e75e75d75?”

Look at how difficult it is to read now, Internet!

Ajay sends that encrypted message and no one can read it (are you still pretending?!), because they don’t know the shared secret (** 75**). Even if some unnamed nefarious character had Beyonce’s and Ajay’s Public Keys,

**and**

*25***, neither of these numbers alone help to decrypt the message.**

*15*Beyonce receives the message, but due to a Shakespearean misunderstanding, she thinks the message is from Christina. So she uses Christina’s Public Key, ** 10**, with her Secret Key,

**, to decrypt the message. She computes**

*5******

*10***and gets**

*5***. But when she uses this shared secret and removes all the**

*50***s from the message, it remains encrypted.**

*50*Further confusion continues, and now Christina thinks Ajay sent the message to her. Christina uses her Secret Key, ** 2**, and Ajay’s Public Key,

**, to get a shared secret of**

*15***. This too, fails to decrypt the message.**

*30*After a bit of hilarity and hijinx, the misunderstanding is resolved. Beyonce knows the message is from Ajay and is intended only for her. She multiplies her Secret Key, ** 5**, and Ajay’s Public Key,

**, to get, wait for it…**

*15***. _Their_ shared secret. Removing all**

*75***s from the message gives:**

*75*“Hi Beyonce, have you seen the movie Speed?”

Boom.

Because only Ajay & Beyonce’s shared secret worked to decrypt the message, Beyonce knows for sure that the message was intended for her *and* that it was sent by Ajay. Ajay “digitally signed” the message because he used his Secret Key.

Needless to say, but I’m saying it anyway, we used easy numbers, easy algorithms (multiplication), and an insanely simplistic “encryption” method. But this is the essence of the Diffie-Hellman Public Key encryption method, symmetric key cipher. Wikipedia has the real math if you are interested.

There are other encryption methods and even other Public Key exchange encryption methods. Search the web for PGP and RSA if you want to venture out of the kiddie pool.

That concludes today’s lesson. Below is optional homework. Be sure to keep an eye out for Cryptography 101, Lesson Two: Asymmetric key algorithms or How to explain coprime numbers succinctly to kindergarteners.

## If you would like to play along at home, dear reader, use your browser console to play around with the concept.

The console can be accessed the following ways — **Chrome:** View > Developer > JavaScript Console**Firefox:** Tools > Web Developer > Web Console**Safari:** download Chrome or Firefox**Edge:** download Chrome or Firefox

And the code…

const ajaysSecretKey = 3

const beyoncesSecretKey = 5

const commonFactor = 5function createPublicKeyFunction(secretKey, commonFactor) {

return secretKey * commonFactor

}function myPublicSecretKeySigningFunction(publicKey, SecretKey) {

let commonCypher = publicKey * SecretKey

return commonCypher

}function encryptMyMessage(message, commonCypher) {

let encrypted = Array.from(message).join(commonCypher)

console.log(message)

console.log(“when encrypted becomes:”)

console.log(encrypted)

console.log(“”)

return encrypted

}function decryptMyMessage(message, commonCypher) {

let re = new RegExp(commonCypher,”g”)

let decrypted = message.replace(re, “”)

console.log(message)

console.log(“when decrypted becomes:”)

console.log(decrypted)

console.log(“”)

return decrypted

}const ajaysPublicKey = createPublicKeyFunction(ajaysSecretKey, commonFactor)

// could also use Beyonce’s Public Key and Ajay’s Secret Key

const beyoncesPublicKey = createPublicKeyFunction(beyoncesSecretKey, commonFactor)

const sharedSecret = myPublicSecretKeySigningFunction(ajaysPublicKey, beyoncesSecretKey)console.log(“”)

let ajaysMessage = “hi Beyonce, have you seen the movie speed?”

let ajaysEncryptedMessage = encryptMyMessage(ajaysMessage, sharedSecret)

let ajaysDecryptedMessage = decryptMyMessage(ajaysEncryptedMessage, sharedSecret)

*I have not seen *National Treasure* so that cipher analogy may not be applicable. I just wanted to soften the topic with a pop culture reference. Did it work?