oh boy, *that* will upset cryptographers

Don't you think that Eve is misunderstood? She's there, working hard to show that your protocols are secure and we call her the bad person. Imaginary actors in cryptographic proofs have feelings too!

sent me on a laughing fit. Sorry for my shallow humor tolerance, but you sir, deserve a like. And a pat on the back. XD

Not to mention Eve, the Evil do-er.

Captain, please explain what is going on here.

+Samuel Hobbs first encrypt using private key and then using public key. the same happens at decryption.

Wouldn't encrypting it with the public key as well mean that only the sender could decrypt it (using the private key)?

They don't encrypt with their public key--they encrypt with the public key of the recipient. That's the point you missed.

At this time 171 likes means 171 people had the same, including me! It always annoyed me that as an IT person I didn't understand this. But nobody ever explains the basics, they always make the explanation confusingly complex. Now I know!

Not really that brilliant. The whole idea relies on the belief that there exist one-way functions, i.e., it's very hard to calculate the inverse of such class of functions. Anyone can come up with the *idea* . It is the implementation that is hard as advanced mathematics is involved.

Alice----------> Trudy ------------> Bob

I am the Bob they speak of in the examples

Right. Professors waste time of time using outdated education methods.

same here bro!

Phoenix College too?

I've did a 4 year university course on computer networking and cyber security, and I understand private/public key better now than I did after that 4 years 😂

Same here man. I really paused the video there - locked the system - went for a walk - for 10min, to digest what I just heard. (It also happened some days ago, when I first heard about encryption with private key)

yes, he makes videos about ai and ml on his channel

@@afr0z what's his channel..?

lmgtfy.com/?q=simple+encryption+algorithm You're welcome

It's not exactly simple... but I am simplifying it and leaving out some of the more difficult parts. Encrypt R = kG mod p S = Px where P(x,y) = kQ mod p KDF(S) = ke || km Use ke in an asymmetric encryption scheme with the message, most of which xor information against a hash. This gives the encrypted message c. Run km and c through a message authentication code to get d. Encrypted message = R || c || d Decrypt S = Px where P(x,y) = qR mod p (because your private key times their random public key is equivalent to their random private key times your public key) Run S through KDF again to (hopefully) get the same ke || km. run c and km through the MAC and if it equals d then you can decrypt, if it doesn't, something went wrong. Run the inverse of the encryption scheme with ke and c to get the decrypted message m.

This is a very simple algorithm (that's somewhat similar to RSA, but way less secure): Pick any prime N. Then pick any two numbers P and Q such that when you multiply them together and subtract 1, the result will be divisible by N. For instance, we can let N = 19, P = 7, Q = 11. We see that this works because 7 × 11 - 1 = 76 = 4 × 19. Now to encrypt a message with the key P, we shall multiply it by P, divide by N and let the remainder be our encrypted message. For instance, if we want to encrypt the message M = 5, we would multiply 7 × 5 to get 35. Then we would divide by 19, which gives us 1 and 16 as the remainder. Therefore, our encrypted message is 16. To decrypt the message, we do the same thing again, only this time using our key Q. We multiply 16 by 11 to get 176, then divide this by 19, giving 9 and 5 as the remainder. Therefore, 5 is our decrypted result. This is our original message! Therefore, we have decrypted our message successfully. As the video mentioned, a message encrypted with P can only be decrypted with Q and vice versa. My example algorithm is pretty bad, though, as it is pretty easy to find Q given P and N, but other (more advanced) algorithms are much harder to crack, because you have to test every possible Q less than N (which is really hard if N is, say, 100 digits long).

watch?v=M7kEpw1tn50 RSA from Numberphile

A simple one is the cesar encryption that only consist on moving the letters around the alphabet by a certain key which is a number from 1 to 25. You get ABC transformed into a BCD with a key of 1 or the other way around i don't remember.

Lol. You’re smarter than me for sure. Even this I couldn’t make sense from.

@@RodneyDavis That's ok man. For me it was confusing at the beginning because I couldn't make my head around that a function can be capable of encrypting and decrypting with two different keys. that's thanks to RSA algorithm which it is used behind the scenes, which can make the magic. Just try another public-private key encryption video, it's gonna click eventually. Any doubts you have I can help, just bring them here.

Yes.

Only if you want to "sign" your message.

Xiaochen Li If you encrypt a message without "signing" it. Which keys are needed to encrypt and decrypt the message?

XD

If you don't want to "sign" your message, you encrypt the message with the recipient's public key and he will decrypt it with his private key.

omg yessss

One wonders why they even bother to encrypt it, everyone already knows what it says.

***** Possibly the amount of likes on there comment

***** Tommy Sandal Actually, a sense of humor is usually considered a sign of intelligence.

That's quite funny

And probably the sender is Alice

Hunting down Carol.

I second this!

They did it a while back!

does gnupg does this (DiffieHellman Key exchange)?

It's called a trapdoor function in mathematics, that is: a function that's relatively easy to do one way but very difficult (read: practically impossible) to to the reverse. The closest everyday situation I can come up with is to imagine a person with a pen and piece of paper. Ask that person to square the number 213. Given some time and providing they know long multiplication they could probably work that out. However, if you ask them to square root the number 45369 they'd probably give up and go home. This is how public/private keys work--given one of the keys in the pair you can encrypt, but the maths is too hard to decrypt without the other key. If you're interested the keys are basically very large prime numbers, and you raise your message (represented as a number) to the power of one prime and then mod the result (taking the remainder after division) by the other prime.

boss!

Simple example. You have two dictionaries, English - Chinese and Chinese - English. You can encrypt text with first book quite easy, but its very hard to decrypt something with same book, it just don't do the trick, for that you need second dictionary.

So what keeps someone from intercepting the public key so they can read the message? was it sent metaphorically separately?

A public key was never sent. Both public keys are available to anyone who looks for them. However, the private keys are never ever shared. So you encrypt your message with the OTHER person's public key, because that encryption can only be undone with the OTHER person's private key, which they already have and you don't need.

When used in reverse, it's called signing. When you hear cryptographers talk about digital signatures, this is what they're talking about. Just to clarify here, by "reverse" I don't mean public key being used to DEcrypt and the private to ENcrypt. They are always used for the same operation (public key for ENcryption, private key for DEcryption). What happens in reverse is the sequence of operations. When encipherment & concealment is desired, the plaintext is encrypted using the RECIPIENT'S public key, transmitted & decrypted by the private key. When signing is desired, the plaintext is DEcrypted using the SENDER'S private key, this is then transmitted & ENcrypted using the sender's public key to yield the original plain text. This works because public-key cryptographic algorithms have this property: D(E(plaintext) = E(D(plaintext)) = plaintext

totoritko ty... is this possible for all keypairs? or do they have to be generated specially to be able to do signing too? I have used public key encryption already but didnt know i could use them in reverse for signing

Kantenkugel All private keys can sign and decrypt and all public keys can verify and encrypt. Nothing special is required.

Kantenkugel keypairs have to be generated with an algorithm which involves prime numbers (big prime numbers, that's why there are super computers trying to calculate all the prime numbers)

Denis Dionigi Del Grande just for the record: (1) not every asymmetric cryptography system requires prime numbers (look for elliptic curve cryptoghraphy en.wikipedia.org/wiki/Elliptic_curve_cryptography) and (2) since prime numbers are infinite you can't compute *all* prime numbers (I know what you mean but it is just a clarification to be preciser).

I may be completely wrong or misundertood your question, but let's see: instead of having to meet in secrecy, you can give your public key to anyone and everyone to see and encrypt messages with, but only you (or anyone you've given the private key to) can decrypt the messages. This way two spies could simply share their public keys so that the other spy can encrypt the message using it, but only the spy with the private key can decrypt it.

how do they share their public keys?

YumekuiNeru Right, I guess that would be troublematic... If the spies were modern people, they could simply publish the key online anywhere (like a pastebin file) and the other person could simply copy it from there. It doesn't matter if other people copy the key because they can only use it to encrypt messages, not decrypt them. I don't think I've properly understood this myself, so someone please correct me if I'm wrong.

Rented Mule No, you've got it right. Since it doesn't matter who has the public key, you could simply e-mail me and I could send it to you. Or post it on a tiny url page. Or post it to a mailbox. Or on Facebook. Once you have the public key, you can use it to encrypt "shared secret" keys that're used for encrypting messages to each other. Which is part of the simplification here: Public Key or Asymmetric Cryptography is just one part of a grandiose system, designed to allow you privacy and safe passage in the tumultuous internet waters.

Rented Mule yes but how do you as a visitor of a pastebin file know that the person who published that key is the person you think, or how do you know that key is the same as the one the person published?

I know, right! His name is Obee-Juan!

Nosey Nick And even that is a simplification when it comes to things like perfect forward secrecy. Because if someone records the communication you described and only later gets hold of the private key of one of the communication partner they can decrypt everything. If I understand it correctly this is fixed by another step where both communication partners generate yet another temporary asym. key pair, exchange the temp. public keys encrypted with the other public keys and use the temp. keys to exchange the symm. key and then immediately throw away the temp. asym. keys. Or something like that. Then the sym. key can never again be decrypted, even if the private key of both communication partners get leaked.

i know riight

+Chosen One 41 A key looks something like this... -----BEGIN CERTIFICATE----- MIIDBzCCAe+gAwIBAgIJAL6xD+LpwcWhMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNjAxMDYxNDIwNDZaFw0yNjAxMDMxNDIw NDZaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB BQADggEPADCCAQoCggEBAM1YVdJj10e/4pkXo9I029HrxWTR6TDN9sc82KkxggeX 5e33bSTwtxI6f7e0dO07bjPvrN/tTebdKRTK83wu62mdjuajVWgWecUp0AtP7GYs 9WfLfecWRlydKpaUh2gyVL7oM/jnMKFi49YeRxpYPwqX+D/C5QB4I8yAiwolcosN 9amL6E7JT3vIR8Gne5xit0lpaW86uw92dyB1WHkFUQkj3ny5MEhXYOIc4anlgDWC vL2LhpwCpgLagKE+3/wTAWjLgFAB75xKqfYbb3FZSUzz6xUBhQ1XsgoBTbcGhvc8 UeQ0Ok6w1XDm41DxEUvB3FqJt76W0YW4cSob2X+Rf+MCAwEAAaNQME4wHQYDVR0O BBYEFG8cYrrtLs8Sc4RJgc8hsxiwUoSAMB8GA1UdIwQYMBaAFG8cYrrtLs8Sc4RJ gc8hsxiwUoSAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHxX9Q1b WxLC10ZrIAkArULUwOmjTRfUZ+Ty+6hw6SJ+2W39iDRpacN+IguNos/f1opYfz6b lTkIH7OMyuTGQ0HeoUO7h37jxE9qNABtZAVWz93WZvqYtC0PH1cXVRhIlQB5W7fd +89gBI1ptFmhGS2SOlOt4pa4G4XSMqsYoDk69pvg5v6egs1kBcmdC1MvLAb9SFBz /OEWSlaIA1dpJxmV4VKQPKMcNAouAbgWIareCOQcGjEnS5o5lp/U3HFhqigWGnGB NsLMrZeGdnEwXlx6uoYIU9W5Z/F+ji8RkY8jOugvYybQth35B3PuTluNUYMviEJE b+fCWkRdkh7CBm0= -----END CERTIFICATE-----

You can, but that's like having "f(x) = y" and deriving x from y. If you have x, you just run the function to get y. But if you have y, you'll have to go through all possible x values to see which one ends as y. If you take the example of 1024-bit keys, that's 2^1024 possible values to check. It would just take too long to go through them all.

+Chosen One 41 the quick answer is: Yes it is possible but the time it would take to guess the very large random prime numbers used to generate the keys is so big, it would take millions of years to guess them. So this technique works because current computer processing is limited. And even if it didn't take 1million years, even if it only took 10 years to decrypt a communication based on public/private key. Would it be useful to find that facebook password or credit card number used today in 10 years? For all communication that is not "government secret" level this would mean you can't do anything useful with the info you get.

+Chosen One 41 the last layer you encrypted is the first layer you need to decrypt. Let's say there's p1, p2, s1, s2, (public key 1, public key 2, secret key 1, secret key 2). If you encrypt with p1, it must be decrypted by s1, and vice versa. Same for the second pair. So if you encrypt with s1 then p2, the other person first needs to decrypt the text using s2, then must decrypt the ciphertext generated by your private key, s1. The order matters. Rigorously (yes, I know I am using a key to mean cipher function but this is simpler to explain): Given a message M, the intermediate ciphertext becomes C = s1(M). The cipher text that the other person actually received is encrypted with their public key, p2: C' = p2(C). This means that C' = p2(s1(M) ) (by substitution). To decrypt, we apply the inverse functions in reverse order, M = p1( s2( p2( s1( M ) ) ) ), since s2 is the inverse of p2 and p1 is the inverse of s1,. First we get back to C by applying s2(C') to get C (since p2 ( s2 ( s1 ( M) ) ) ) = s1(M). Then we apply p1 ( C ) = p1( s1( M ) = M. The order is what makes this secure.

If anyone asks, just say "lots of math" and big numbers rendering infeasibility unless you possess a super computer.

Yeah. It does put my teeth on edge a bit. They should try taking it out with a de-esser or something.

Allan Meters it's ASMR for me. Very relaxing

Using the pointy end of the marker is worse to me.

I always write like that xD even when I have normal pen

Sends shivers across my body

+Jan Sten Adámek Why and how? I'm interested to know.

+Jan Sten Adámek can you explain those attacks or forward me a link please?

Jan Sten Adámek thx I'll look at it :)

+Lobster with Mustard and Rice Was there a link sent? I'm also interested in this example, can you forward to me?

+David Engelhardt if it got forwarded to you can you just post it publicly. pls

Operational security eludes many

You mean like this? developers.google.com/accounts/docs/OAuth2Login

***** That's for authentications. I'm thinking more about encryption, and getting that technology into the public sphere. Even with PGP and similar tools, meant to make this easy, it's really only used by the few, because it's not easy, and it requires the recipient to install special software as well. What if Google, Apple, Microsoft and other providers were tied into the public key services, and would automatically handle for instance authentication of incoming messages, should they have been signed, and in turn help you to generate the private key needed, and get its public key exported to the servers, in a nearly seamless manner.

Asbjørn Grandt you mean, so people could share encrypted and signed files with their friends? So for example if you circle someone on Google+ you get a copy of their public key and you can send files intended for them only?

***** That's not a bad idea. But also if someone sends you a signed message on for instance Gmail, it'll ask if you want to verify it. I know there are plug-ins (probably) and other email clients can do this. I would just like it to be built in, and active by default.

Most email software support encryption with S/MIME, but for webmail the user needs to install addons.

Well, you might now it is significant, but the problem is actually decrypting it. Sending lots of garbage to each other fills the system with unnecessary data and reduces efficiency/availability and so on.

3 years passed and I hope you dont need it :)

@@prana6854 not need just want

@@larax222 i would honestly like to see it too, i'm scrolling through the comments not finding anything

Not sure if this helps, but here goes. This is the most widely used assymetric crypto system out there en.wikipedia.org/wiki/RSA_(cryptosystem)

Math.

Joe Alias Ok XD I'm not saying "I can't believe it works", I'm just saying I don't understand it.

palmomki Yeah I just gave you the super super short version.

Joe Alias I had a feeling you meant that. By the way, ***** the page is a bit too far for me, but I think I can see that the point I didn't understand isn't explained there (or maybe it's just not said explicitly). What I actually didn't understand is how can the two keys be interchangeable without being compromised. (How can it be that the private key decrypts a public encryption and the public key decrypts a private encryption avoiding that the private key is reachable) I would guess that in this case you could somehow obtain the private key by analyzing how both the encryption and decryption with the public key work, because if they can decrypt each other it means that both the public encryption and decryption processes are strictly related to the private key. In brief, it seems to me that there are actually many data about the private key in the public key itself.

I know, right? They didn't even mention Captain Kirk!

Oh that's awesome to know you also let Mr Brown trade for you ...he is such a genius in crypto market ..

I used to make loss trading crypto until I found people talking about the expertise of sir brown when it comes to the crypto market ...meeting sir Brown changed my life ..I no longer have to worry about debts because I invest another so I make huge profit trading with him

Please does anyone have an Idea how I can reach out to sir brown..its urgent ..

OK that's easy..all you need to do is connect with him on LinkedIn as

Sir Obrowne

+sghost128 If you speed it up to 1.5x, it almost sounds like him too! ;) Only with clear enunciation.

TheVoidReturnsNull And less motorcycles.

workaround: Put a folder for public keys on an ftp server and just en/decrypt messages yourself (using software like OpenPGP), afterwards, paste the messages whereever you wanna send them to

I'm talking about domain verification (https). Self Signed Certificate triggers on browser "a not secured website".

oh, that's what you mean. Yeah, that stuff sure is expensive

yeah and piss me off really hard too

There's a limited supply of prime numbers (edit: within a given finite range which can be stored on the computer), and a very large demand. That's why it costs money.

nunya biznez What... Did you read the whole thing and realize there isn't anything you could do but complain about it's length? Or is this another misdirection trick? Are you saying you don't have the mental fortitude to understand and reply appropriately? Do you ever think that maybe anger isn't the driving force in the universe? Why do you feel the need to project your anger issues onto everyone?

Jonathan Jardine

+nunya biznez nice nick. no, you're not trolling at all... OK (for the audience), not just evildoers (even though law enforcement knows their identity *because* they encrypted a message...), but also people installing software, publishing official documents, talking with attorneys, discussing trade secrets over the internet like before software is public, self-defense against terrorists and other criminals, talking with their bank, logging into any sites on the internet, buying anything on the internet, thwarting spies, checking for viruses... the list just goes on & on.