CS 100 (Learn) — CS 100 (Web) — Module 11
NOTE: If your internet access is restricted and you do not have access to YouTube, we have provided alternate video links.
Note: This video transcript has been slightly modified. Corrections are marked with strikethrough, and alternative wording has been placed in [square brackets] to correct some of the awkward or confusing phrasing in the videos.
In this video we are going to explore another way of communicating on the internet using asymmetric keys.
We have already seen how two people can communicate privately, even though their messages may be inspected by an evil person.
The way this is accomplished is by having a secret number that two people share that nobody else knows.
In this video we are going to think of that special magic number as a key and we are going to explore different types of keys.
What makes this work is the magic of one-way mathematical functions which we have already explored a little.
In this video, we are not going to explore any more math... we are just going to take for granted that we have these magic one-way functions.
We are going to introduce the idea of a two key system, which is known as an asymmetric key.
Imagine a lock where there are blue keys which can turn the lock clockwise and red keys which can turn the lock counterclockwise.
Of course, this is just a metaphor for the mathematics behind the scenes, but this will help us visualize what is going on.
Imagine that private keys are red, and public keys are blue.
What you can do with the public key is take some information and lock it: this is a one-way mathematical function.
Now that the information is locked, you cannot unlock it, even if you have another blue key.
The only way to retrieve the information is a red key.
This is very similar to a real-world lock: if I give you a lock without the key you may be able to lock something up but you cannot unlock it.
The core idea behind private and public keys is that you can give out dozens... hundreds... thousands... millions... billions of public keys.
Imagine that you run a company where people borrow bicycles but they can return the bicycles at odd hours of the day when you are not there.
What you do is you give each customer a lock and a blue key so the blue key allows them to lock the lock, but they cannot unlock it.
You are the only one with the red lock [key] so when they return the bike, they lock up the bike and in the morning you can go collect all the bikes and no one is able to steal them because you are the only one with the red key.
How does this help us communicate on the internet when someone may be eavesdropping?
I, as the blue person, have a red key and a blue key and I can give everybody a copy of the blue key.
Any evildoers may have a copy of the blue key but some of the people I want to communicate with (if someone wants to send me a message... say for example a secret number Green key) they can lock it up with the blue key. They can then send me that message and nobody can spy inside of that message because I am the only one with the red key.
I can now unlock the message and now we both have a secret green key that we can continue to use. Further, the evildoer only has the blue key which was not helpful decoding our message.
This is another way of solving the problem where someone is trying to eavesdrop on a conversation.
Another problem that happens with security is impersonation... I may be the blue person and the orange person wants to make sure they are communicating with me and only me and not some imposter (note the moustache now).
How does orange know for sure that they are communicating with me and not my imposter?
Let's go back to our asymmetric keys. Remember, a blue key can turn it clockwise and the red key can turn it counterclockwise.
Just like before, you can use a blue key to lock up the message and then only a red key can unlock it.
We could do a similar thing: we can lock a message up with the red key (use a similar one-way function) and then we have locked up the message in a slightly different way.
The problem with this is that anyone with the blue key can unlock the message and we have already given out thousands (if not millions) of blue keys.
What is the purpose of this?
This is one way [I can] verify my identity.
If everyone knows I am the only one with the red key, and I take a message and lock it up with the red key, and then I send out that message... then everyone else can verify that I was the one who actually sent the message.
It is one way of verifying my identity, but then we have another problem: someone else can get my message that says "Hey, I am the blue person" and then falsify that [message].
They can send out fake messages claiming to be the blue person.
The way to solve this problem is we need somebody we trust... so in this case we will go to a green person [to] verify that the certificate is actually valid.
This communication with the person who [verifies] certificates [has] similar [concerns, similar] to the things we have seen before (using one-way functions and public and private keys and something like that).
The main idea is: we have a few people we absolutely trust and if one of those people vouches for someone else then we will continue to trust that person. This is known as a train of trust.
All this communication can happen securely and accurately because [of] asymmetric keys: the idea of a public key and a private key that can be used to encode messages