One of the things that I find dismaying is the lack of general understanding of public key cryptography. This is an attempt to rectify some of that in simple terms, without math or talk of elliptic curves or very large prime numbers or random seeds, presented as an easy-to-comprehend familiar analog.
Assume first an unbreakable lock. Yeah, I know, I just lost you. In the physical world, there’s no such thing. Every lock can be picked, or if not picked, then opened with bolt-cutters or worse. Let’s ignore those things for the time being, just for the sake of getting our heads wrapped around how public key cryptography works. I can explain the unbreakable part later.
For our unbreakable lock, we have a key. This is the only key we have, and no one else has a copy of this key. In order to ensure that no one else can open our lock, we must keep this key secret. We must never let go of it, or share it, or hand it to someone else who can easily make a copy of it. We can, however, back it up and make copies for our own use, as long as those copies are similarly never shared. In order for us to trust the security of the lock, the security of its associated key is paramount.
Furthermore, let’s up the ante a little bit and assume that we’re in a bizarro fantasy world where you’re surrounded by people with photographic memories who really are out to get you. You’re not just paranoid. If you so much as use your key in plain sight, any one of them can, from memory, reproduce your key and open your lock, taking anything you wished to secure, including your own identity (in effect, they can pass themselves off as you and act on your behalf without your knowledge).
Your lock is then equivalent to a public key in public key cryptography. You can show it to anyone. You can pass it around, secure in the knowledge that it is unbreakable. To protect something you need only secure it with that lock.
Let’s say you hand that open lock to someone else, so that they can send you something securely. All they need to do is put what they’re sending to you in some container and close the lock. They can’t reopen it, because they don’t have the key, only you do. They know at the moment they close the lock that only you (or rather, only the holder of the key associated with that lock, whether that is you or not) will ever be able open the lock and receive what they sent.
This is equivalent to asymmetric encryption. The public part of the public/private key pair is used to encrypt something so that only the holder of the private key (the key that fits the lock) is able to decrypt it, even though the entity performing the encryption doesn’t have or need the private part.
There’s a healthy amount of skepticism in this bizarro fantasy world, though. Many of its inhabitants don’t believe that lock is yours, and you are asked to prove ownership (incidentally, this is how you prove you own the Bitcoin you spend). You can’t just wave your key in front of anyone, though, because as soon as you do all those photographic memories will go to work and everyone will be able to produce the key that opens that particular lock. Instead, you have to prove that you own the lock without ever showing the key.
Easy enough… you turn around and, making sure no one is looking over your shoulder, you open the lock. Hide your key once more, and then display the opened lock for everyone to see.
This is how signatures work. You have proven ownership of the private key associated with the public key, without ever showing the private key itself.
Now, for the unbreakable part. The reason our lock is unbreakable is because in public key cryptography we’re talking about a mathematical relationship between the public and private keys, through a cryptographic formula that is available for all to see and review. This isn’t a simple mathematical relationship, but it is one that has been reviewed and examined by some of the very best mathematicians worldwide, all of whom have varying interests in securing this relationship or breaking it. Those with a vested interest in breaking the relationship or finding some algorithmic flaw that would allow the private key to be determined or reverse-engineered or brute-forced, given the public key, have come up with nothing (so far). Those with a vested interest in securing the relationship and coming up with something even better have been unable to (again, so far), and have posited that it would take more energy than what is available in the universe to crack this code. There is plenty of incentive to crack it, the person or people that can would then be able to single-handedly control and manipulate the world’s wealth and information.
Think about this, though… Let’s assume that some moustache-twirling villainous type has found a flaw in the algorithm, and with dreams of unlimited wealth and power has decided to keep that information to him- or her self. There are many others worldwide, who don’t share that villain’s desire or ideology, and who would be looking at those same algorithms with the knowledge to understand them and their implications, bent on preventing exactly that situation from occurring…outing the villain and at least rendering his plans ineffective by publishing information about the flaw and fixing it, if possible. This has happened many times already, through RC2, MD5, DES, Triple-DES, SHA1, etc., just to name a few algorithms whose weaknesses have been found.
Even when the reward for cracking these algorithms is nearly unlimited wealth, power and control, on an individual level it’s far easier to get someone to show their private key through malware, key-loggers, screen captures, human error, misplaced trust, and the like; or simply beat it out of them. All those photographic memories out there can then take a picture of it and steal your wealth, your identity, your life. We, as people, are the weakest link.
No comments:
Post a Comment