In search of a pedagogically simple example of asymmetric encryption routine?How does asymmetric encryption work?Asymmetric format preserving encryption?Lightweight Asymmetric encryption algorithmAuthenticated encryption using asymmetric keysActivation keys and asymmetric encryptionStream cipher example for an introductory cryptography courseLooking to verify my understanding of RSA math

How dangerous are my worn rims?

How is the speed of nucleons in the nucleus measured?

Is right click on tables bad UX

Redirect output on-the-fly - looks not possible in Linux, why?

Bothered by watching coworkers slacking off

What’s the BrE for “shotgun wedding”?

Why is there such a singular place for bird watching?

How to explain the strange behaviour about Function Nothing

Does the US Armed Forces refuse to recruit anyone with an IQ less than 83?

In search of a pedagogically simple example of asymmetric encryption routine?

Is there a pattern for handling conflicting function parameters?

How to "Start as close to the end as possible", and why to do so?

How to cope with being on standby

Young adult short story book with one story where a woman finds a walrus suit and becomes a walrus

What does a textbook look like while you are writing it?

Colleague's grant application resembles my PhD thesis

Determining if auto stats update is in progress

How is this situation not a checkmate?

What are some ways to season that don't rely on garlic and onions?

"last" command not working properly

As an interviewer, how to conduct interviews with candidates you already know will be rejected?

The oxidation state of iodine in iodoxybenzoic acid

How can I find places to store/land a private airplane?

Determine the Winner of a Game of Australian Football



In search of a pedagogically simple example of asymmetric encryption routine?


How does asymmetric encryption work?Asymmetric format preserving encryption?Lightweight Asymmetric encryption algorithmAuthenticated encryption using asymmetric keysActivation keys and asymmetric encryptionStream cipher example for an introductory cryptography courseLooking to verify my understanding of RSA math






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;

.everyonelovesstackoverflowposition:absolute;height:1px;width:1px;opacity:0;top:0;left:0;pointer-events:none;








2












$begingroup$


(I am not a cryptography expert; I do write software)



I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.



Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?










share|improve this question











$endgroup$




migrated from security.stackexchange.com 7 hours ago


This question came from our site for information security professionals.














  • 1




    $begingroup$
    Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of pow). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
    $endgroup$
    – fgrieu
    7 hours ago


















2












$begingroup$


(I am not a cryptography expert; I do write software)



I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.



Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?










share|improve this question











$endgroup$




migrated from security.stackexchange.com 7 hours ago


This question came from our site for information security professionals.














  • 1




    $begingroup$
    Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of pow). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
    $endgroup$
    – fgrieu
    7 hours ago














2












2








2





$begingroup$


(I am not a cryptography expert; I do write software)



I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.



Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?










share|improve this question











$endgroup$




(I am not a cryptography expert; I do write software)



I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.



Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?







public-key algorithm-design pedagogy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 hours ago









Patriot

1,3892 gold badges7 silver badges26 bronze badges




1,3892 gold badges7 silver badges26 bronze badges










asked 9 hours ago









Travis GriggsTravis Griggs

1112 bronze badges




1112 bronze badges





migrated from security.stackexchange.com 7 hours ago


This question came from our site for information security professionals.











migrated from security.stackexchange.com 7 hours ago


This question came from our site for information security professionals.









migrated from security.stackexchange.com 7 hours ago


This question came from our site for information security professionals.









  • 1




    $begingroup$
    Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of pow). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
    $endgroup$
    – fgrieu
    7 hours ago













  • 1




    $begingroup$
    Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of pow). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
    $endgroup$
    – fgrieu
    7 hours ago








1




1




$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of pow). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
$endgroup$
– fgrieu
7 hours ago





$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of pow). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
$endgroup$
– fgrieu
7 hours ago











5 Answers
5






active

oldest

votes


















2














$begingroup$

This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.



In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.



In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.






share|improve this answer









$endgroup$














  • $begingroup$
    Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
    $endgroup$
    – Travis Griggs
    7 hours ago










  • $begingroup$
    I love the "open padlock" metaphor. I don't know why I've never run across it before!
    $endgroup$
    – schroeder
    2 hours ago


















1














$begingroup$

There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.






share|improve this answer








New contributor



postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





$endgroup$










  • 2




    $begingroup$
    This is almost a link-only answer. Could you explain a bit more?'
    $endgroup$
    – kelalaka
    3 hours ago


















1














$begingroup$

I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.



I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.



I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.




We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368. [1].



Given two integers g and x, Python can quickly compute the integer r = pow(2, x, p) [2]. However, for large random x, the problem of finding x from r is believed intractable by all computers that exist today.



During a so-called key generation phase, Alice chose a large secret integer PrivateKey, and from that compute and publish Publickey. In Python that's 4 lines:



import secrets
p = 2**3753 + 3**2368
PrivateKey = secrets.randbits(500)
Publickey = pow(2, PrivateKey, p)


In order to send a message M of b bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:



  • obtains Alice's Publickey

  • chooses a large random x using secrets.randbits(500) as above

  • computes s = pow(2, x, p)

  • computes r = pow(Publickey , x, p)

  • keeps the low-order b bytes of that r

  • transforms message M using XOR with the above b bytes, giving ciphertext C

  • sends s and C to Alice

Upon receiving s and C, Alice deciphers as follows:



  • finds the length b of the ciphertext C

  • computes r = pow(s, PrivateKey , p) which will be the same r as in encryption [3]

  • keeps the low b bytes of that r

  • transforms ciphertext C using XOR with the above b bytes, giving the original message M.

The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.




[1] That p = 2**3753 + 3**2368 is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1 (because that's customary, and is the case for about half the primes).




[2] pow(g, x, p) is defined as the integer r in the interval [0, p) such that g multiplied by itself x times is r above some multiple of p. Python's pow computes that r quickly by a method similar to:



  • set r to 1

  • while x is not zero

    • if x is odd

    • compute (r*g)%p giving r

    • compute (g*g)%p giving g

    • compute x//2 giving x



[3] By applying the definition of pow at the beginning of [2], it follows that the values of r computed by the sender and Alice both are pow(2, x*PrivateKey, p).






share|improve this answer









$endgroup$






















    1














    $begingroup$

    The classical trapdoor cage for lobsters is a good analogy.



    The lobsters can enter very easily -> Everybody can encrypt with the public key



    The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.



    This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)



    And, you can buy some trapdoor for demonstration, at least for mice.






    share|improve this answer











    $endgroup$






















      0














      $begingroup$

      To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.



      Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
      Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.






      share|improve this answer








      New contributor



      binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      $endgroup$
















        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "281"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: false,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        noCode: true, onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );














        draft saved

        draft discarded
















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f74642%2fin-search-of-a-pedagogically-simple-example-of-asymmetric-encryption-routine%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        5 Answers
        5






        active

        oldest

        votes








        5 Answers
        5






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        2














        $begingroup$

        This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.



        In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.



        In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.






        share|improve this answer









        $endgroup$














        • $begingroup$
          Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
          $endgroup$
          – Travis Griggs
          7 hours ago










        • $begingroup$
          I love the "open padlock" metaphor. I don't know why I've never run across it before!
          $endgroup$
          – schroeder
          2 hours ago















        2














        $begingroup$

        This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.



        In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.



        In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.






        share|improve this answer









        $endgroup$














        • $begingroup$
          Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
          $endgroup$
          – Travis Griggs
          7 hours ago










        • $begingroup$
          I love the "open padlock" metaphor. I don't know why I've never run across it before!
          $endgroup$
          – schroeder
          2 hours ago













        2














        2










        2







        $begingroup$

        This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.



        In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.



        In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.






        share|improve this answer









        $endgroup$



        This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.



        In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.



        In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 8 hours ago









        A. HerseanA. Hersean

        2883 silver badges9 bronze badges




        2883 silver badges9 bronze badges














        • $begingroup$
          Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
          $endgroup$
          – Travis Griggs
          7 hours ago










        • $begingroup$
          I love the "open padlock" metaphor. I don't know why I've never run across it before!
          $endgroup$
          – schroeder
          2 hours ago
















        • $begingroup$
          Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
          $endgroup$
          – Travis Griggs
          7 hours ago










        • $begingroup$
          I love the "open padlock" metaphor. I don't know why I've never run across it before!
          $endgroup$
          – schroeder
          2 hours ago















        $begingroup$
        Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
        $endgroup$
        – Travis Griggs
        7 hours ago




        $begingroup$
        Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
        $endgroup$
        – Travis Griggs
        7 hours ago












        $begingroup$
        I love the "open padlock" metaphor. I don't know why I've never run across it before!
        $endgroup$
        – schroeder
        2 hours ago




        $begingroup$
        I love the "open padlock" metaphor. I don't know why I've never run across it before!
        $endgroup$
        – schroeder
        2 hours ago













        1














        $begingroup$

        There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.






        share|improve this answer








        New contributor



        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        $endgroup$










        • 2




          $begingroup$
          This is almost a link-only answer. Could you explain a bit more?'
          $endgroup$
          – kelalaka
          3 hours ago















        1














        $begingroup$

        There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.






        share|improve this answer








        New contributor



        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        $endgroup$










        • 2




          $begingroup$
          This is almost a link-only answer. Could you explain a bit more?'
          $endgroup$
          – kelalaka
          3 hours ago













        1














        1










        1







        $begingroup$

        There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.






        share|improve this answer








        New contributor



        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        $endgroup$



        There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.







        share|improve this answer








        New contributor



        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        share|improve this answer



        share|improve this answer






        New contributor



        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.








        answered 4 hours ago









        postoronnimpostoronnim

        1111 bronze badge




        1111 bronze badge




        New contributor



        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.




        New contributor




        postoronnim is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.












        • 2




          $begingroup$
          This is almost a link-only answer. Could you explain a bit more?'
          $endgroup$
          – kelalaka
          3 hours ago












        • 2




          $begingroup$
          This is almost a link-only answer. Could you explain a bit more?'
          $endgroup$
          – kelalaka
          3 hours ago







        2




        2




        $begingroup$
        This is almost a link-only answer. Could you explain a bit more?'
        $endgroup$
        – kelalaka
        3 hours ago




        $begingroup$
        This is almost a link-only answer. Could you explain a bit more?'
        $endgroup$
        – kelalaka
        3 hours ago











        1














        $begingroup$

        I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.



        I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.



        I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.




        We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368. [1].



        Given two integers g and x, Python can quickly compute the integer r = pow(2, x, p) [2]. However, for large random x, the problem of finding x from r is believed intractable by all computers that exist today.



        During a so-called key generation phase, Alice chose a large secret integer PrivateKey, and from that compute and publish Publickey. In Python that's 4 lines:



        import secrets
        p = 2**3753 + 3**2368
        PrivateKey = secrets.randbits(500)
        Publickey = pow(2, PrivateKey, p)


        In order to send a message M of b bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:



        • obtains Alice's Publickey

        • chooses a large random x using secrets.randbits(500) as above

        • computes s = pow(2, x, p)

        • computes r = pow(Publickey , x, p)

        • keeps the low-order b bytes of that r

        • transforms message M using XOR with the above b bytes, giving ciphertext C

        • sends s and C to Alice

        Upon receiving s and C, Alice deciphers as follows:



        • finds the length b of the ciphertext C

        • computes r = pow(s, PrivateKey , p) which will be the same r as in encryption [3]

        • keeps the low b bytes of that r

        • transforms ciphertext C using XOR with the above b bytes, giving the original message M.

        The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.




        [1] That p = 2**3753 + 3**2368 is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1 (because that's customary, and is the case for about half the primes).




        [2] pow(g, x, p) is defined as the integer r in the interval [0, p) such that g multiplied by itself x times is r above some multiple of p. Python's pow computes that r quickly by a method similar to:



        • set r to 1

        • while x is not zero

          • if x is odd

          • compute (r*g)%p giving r

          • compute (g*g)%p giving g

          • compute x//2 giving x



        [3] By applying the definition of pow at the beginning of [2], it follows that the values of r computed by the sender and Alice both are pow(2, x*PrivateKey, p).






        share|improve this answer









        $endgroup$



















          1














          $begingroup$

          I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.



          I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.



          I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.




          We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368. [1].



          Given two integers g and x, Python can quickly compute the integer r = pow(2, x, p) [2]. However, for large random x, the problem of finding x from r is believed intractable by all computers that exist today.



          During a so-called key generation phase, Alice chose a large secret integer PrivateKey, and from that compute and publish Publickey. In Python that's 4 lines:



          import secrets
          p = 2**3753 + 3**2368
          PrivateKey = secrets.randbits(500)
          Publickey = pow(2, PrivateKey, p)


          In order to send a message M of b bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:



          • obtains Alice's Publickey

          • chooses a large random x using secrets.randbits(500) as above

          • computes s = pow(2, x, p)

          • computes r = pow(Publickey , x, p)

          • keeps the low-order b bytes of that r

          • transforms message M using XOR with the above b bytes, giving ciphertext C

          • sends s and C to Alice

          Upon receiving s and C, Alice deciphers as follows:



          • finds the length b of the ciphertext C

          • computes r = pow(s, PrivateKey , p) which will be the same r as in encryption [3]

          • keeps the low b bytes of that r

          • transforms ciphertext C using XOR with the above b bytes, giving the original message M.

          The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.




          [1] That p = 2**3753 + 3**2368 is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1 (because that's customary, and is the case for about half the primes).




          [2] pow(g, x, p) is defined as the integer r in the interval [0, p) such that g multiplied by itself x times is r above some multiple of p. Python's pow computes that r quickly by a method similar to:



          • set r to 1

          • while x is not zero

            • if x is odd

            • compute (r*g)%p giving r

            • compute (g*g)%p giving g

            • compute x//2 giving x



          [3] By applying the definition of pow at the beginning of [2], it follows that the values of r computed by the sender and Alice both are pow(2, x*PrivateKey, p).






          share|improve this answer









          $endgroup$

















            1














            1










            1







            $begingroup$

            I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.



            I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.



            I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.




            We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368. [1].



            Given two integers g and x, Python can quickly compute the integer r = pow(2, x, p) [2]. However, for large random x, the problem of finding x from r is believed intractable by all computers that exist today.



            During a so-called key generation phase, Alice chose a large secret integer PrivateKey, and from that compute and publish Publickey. In Python that's 4 lines:



            import secrets
            p = 2**3753 + 3**2368
            PrivateKey = secrets.randbits(500)
            Publickey = pow(2, PrivateKey, p)


            In order to send a message M of b bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:



            • obtains Alice's Publickey

            • chooses a large random x using secrets.randbits(500) as above

            • computes s = pow(2, x, p)

            • computes r = pow(Publickey , x, p)

            • keeps the low-order b bytes of that r

            • transforms message M using XOR with the above b bytes, giving ciphertext C

            • sends s and C to Alice

            Upon receiving s and C, Alice deciphers as follows:



            • finds the length b of the ciphertext C

            • computes r = pow(s, PrivateKey , p) which will be the same r as in encryption [3]

            • keeps the low b bytes of that r

            • transforms ciphertext C using XOR with the above b bytes, giving the original message M.

            The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.




            [1] That p = 2**3753 + 3**2368 is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1 (because that's customary, and is the case for about half the primes).




            [2] pow(g, x, p) is defined as the integer r in the interval [0, p) such that g multiplied by itself x times is r above some multiple of p. Python's pow computes that r quickly by a method similar to:



            • set r to 1

            • while x is not zero

              • if x is odd

              • compute (r*g)%p giving r

              • compute (g*g)%p giving g

              • compute x//2 giving x



            [3] By applying the definition of pow at the beginning of [2], it follows that the values of r computed by the sender and Alice both are pow(2, x*PrivateKey, p).






            share|improve this answer









            $endgroup$



            I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.



            I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.



            I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.




            We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368. [1].



            Given two integers g and x, Python can quickly compute the integer r = pow(2, x, p) [2]. However, for large random x, the problem of finding x from r is believed intractable by all computers that exist today.



            During a so-called key generation phase, Alice chose a large secret integer PrivateKey, and from that compute and publish Publickey. In Python that's 4 lines:



            import secrets
            p = 2**3753 + 3**2368
            PrivateKey = secrets.randbits(500)
            Publickey = pow(2, PrivateKey, p)


            In order to send a message M of b bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:



            • obtains Alice's Publickey

            • chooses a large random x using secrets.randbits(500) as above

            • computes s = pow(2, x, p)

            • computes r = pow(Publickey , x, p)

            • keeps the low-order b bytes of that r

            • transforms message M using XOR with the above b bytes, giving ciphertext C

            • sends s and C to Alice

            Upon receiving s and C, Alice deciphers as follows:



            • finds the length b of the ciphertext C

            • computes r = pow(s, PrivateKey , p) which will be the same r as in encryption [3]

            • keeps the low b bytes of that r

            • transforms ciphertext C using XOR with the above b bytes, giving the original message M.

            The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.




            [1] That p = 2**3753 + 3**2368 is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1 (because that's customary, and is the case for about half the primes).




            [2] pow(g, x, p) is defined as the integer r in the interval [0, p) such that g multiplied by itself x times is r above some multiple of p. Python's pow computes that r quickly by a method similar to:



            • set r to 1

            • while x is not zero

              • if x is odd

              • compute (r*g)%p giving r

              • compute (g*g)%p giving g

              • compute x//2 giving x



            [3] By applying the definition of pow at the beginning of [2], it follows that the values of r computed by the sender and Alice both are pow(2, x*PrivateKey, p).







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 1 hour ago









            fgrieufgrieu

            85.8k7 gold badges191 silver badges377 bronze badges




            85.8k7 gold badges191 silver badges377 bronze badges
























                1














                $begingroup$

                The classical trapdoor cage for lobsters is a good analogy.



                The lobsters can enter very easily -> Everybody can encrypt with the public key



                The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.



                This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)



                And, you can buy some trapdoor for demonstration, at least for mice.






                share|improve this answer











                $endgroup$



















                  1














                  $begingroup$

                  The classical trapdoor cage for lobsters is a good analogy.



                  The lobsters can enter very easily -> Everybody can encrypt with the public key



                  The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.



                  This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)



                  And, you can buy some trapdoor for demonstration, at least for mice.






                  share|improve this answer











                  $endgroup$

















                    1














                    1










                    1







                    $begingroup$

                    The classical trapdoor cage for lobsters is a good analogy.



                    The lobsters can enter very easily -> Everybody can encrypt with the public key



                    The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.



                    This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)



                    And, you can buy some trapdoor for demonstration, at least for mice.






                    share|improve this answer











                    $endgroup$



                    The classical trapdoor cage for lobsters is a good analogy.



                    The lobsters can enter very easily -> Everybody can encrypt with the public key



                    The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.



                    This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)



                    And, you can buy some trapdoor for demonstration, at least for mice.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited 1 hour ago

























                    answered 3 hours ago









                    kelalakakelalaka

                    11k3 gold badges28 silver badges55 bronze badges




                    11k3 gold badges28 silver badges55 bronze badges
























                        0














                        $begingroup$

                        To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.



                        Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
                        Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.






                        share|improve this answer








                        New contributor



                        binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                        Check out our Code of Conduct.





                        $endgroup$



















                          0














                          $begingroup$

                          To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.



                          Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
                          Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.






                          share|improve this answer








                          New contributor



                          binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                          Check out our Code of Conduct.





                          $endgroup$

















                            0














                            0










                            0







                            $begingroup$

                            To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.



                            Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
                            Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.






                            share|improve this answer








                            New contributor



                            binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.





                            $endgroup$



                            To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.



                            Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
                            Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.







                            share|improve this answer








                            New contributor



                            binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.








                            share|improve this answer



                            share|improve this answer






                            New contributor



                            binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.








                            answered 5 hours ago









                            binarymbinarym

                            101




                            101




                            New contributor



                            binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.




                            New contributor




                            binarym is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                            Check out our Code of Conduct.

































                                draft saved

                                draft discarded















































                                Thanks for contributing an answer to Cryptography Stack Exchange!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                Use MathJax to format equations. MathJax reference.


                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f74642%2fin-search-of-a-pedagogically-simple-example-of-asymmetric-encryption-routine%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                                Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                                Ласкавець круглолистий Зміст Опис | Поширення | Галерея | Примітки | Посилання | Навігаційне меню58171138361-22960890446Bupleurum rotundifoliumEuro+Med PlantbasePlants of the World Online — Kew ScienceGermplasm Resources Information Network (GRIN)Ласкавецькн. VI : Літери Ком — Левиправивши або дописавши її