In search of a pedagogically simple example of asymmetric encryption routine?How does asymmetric encryption work?Asymmetric format preserving encryption?Lightweight Asymmetric encryption algorithmAuthenticated encryption using asymmetric keysActivation keys and asymmetric encryptionStream cipher example for an introductory cryptography courseLooking to verify my understanding of RSA math
How dangerous are my worn rims?
How is the speed of nucleons in the nucleus measured?
Is right click on tables bad UX
Redirect output on-the-fly - looks not possible in Linux, why?
Bothered by watching coworkers slacking off
What’s the BrE for “shotgun wedding”?
Why is there such a singular place for bird watching?
How to explain the strange behaviour about Function Nothing
Does the US Armed Forces refuse to recruit anyone with an IQ less than 83?
In search of a pedagogically simple example of asymmetric encryption routine?
Is there a pattern for handling conflicting function parameters?
How to "Start as close to the end as possible", and why to do so?
How to cope with being on standby
Young adult short story book with one story where a woman finds a walrus suit and becomes a walrus
What does a textbook look like while you are writing it?
Colleague's grant application resembles my PhD thesis
Determining if auto stats update is in progress
How is this situation not a checkmate?
What are some ways to season that don't rely on garlic and onions?
"last" command not working properly
As an interviewer, how to conduct interviews with candidates you already know will be rejected?
The oxidation state of iodine in iodoxybenzoic acid
How can I find places to store/land a private airplane?
Determine the Winner of a Game of Australian Football
In search of a pedagogically simple example of asymmetric encryption routine?
How does asymmetric encryption work?Asymmetric format preserving encryption?Lightweight Asymmetric encryption algorithmAuthenticated encryption using asymmetric keysActivation keys and asymmetric encryptionStream cipher example for an introductory cryptography courseLooking to verify my understanding of RSA math
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
.everyonelovesstackoverflowposition:absolute;height:1px;width:1px;opacity:0;top:0;left:0;pointer-events:none;
$begingroup$
(I am not a cryptography expert; I do write software)
I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.
Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?
public-key algorithm-design pedagogy
$endgroup$
migrated from security.stackexchange.com 7 hours ago
This question came from our site for information security professionals.
add a comment
|
$begingroup$
(I am not a cryptography expert; I do write software)
I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.
Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?
public-key algorithm-design pedagogy
$endgroup$
migrated from security.stackexchange.com 7 hours ago
This question came from our site for information security professionals.
1
$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument ofpow
). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
$endgroup$
– fgrieu
7 hours ago
add a comment
|
$begingroup$
(I am not a cryptography expert; I do write software)
I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.
Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?
public-key algorithm-design pedagogy
$endgroup$
(I am not a cryptography expert; I do write software)
I am working with some youth (ages 11-13) and wanted to explore for an hour or so some basic cryptography. Doing symmetric ciphers is pretty straightforward. It's easy to explain the various "two key" metaphors of asymmetric encryption, but I'm finding it hard to find a good easy-to-work mathematical example of asymmetric encryption. There are lots of good examples of RSA broken down, but even with small numbers you get into "big" numbers fast because of the power functions.
Is there a good example of a "toy" algorithm to illustrate the asymmetric encryption/decryption process?
public-key algorithm-design pedagogy
public-key algorithm-design pedagogy
edited 2 hours ago
Patriot
1,3892 gold badges7 silver badges26 bronze badges
1,3892 gold badges7 silver badges26 bronze badges
asked 9 hours ago
Travis GriggsTravis Griggs
1112 bronze badges
1112 bronze badges
migrated from security.stackexchange.com 7 hours ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 7 hours ago
This question came from our site for information security professionals.
migrated from security.stackexchange.com 7 hours ago
This question came from our site for information security professionals.
1
$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument ofpow
). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
$endgroup$
– fgrieu
7 hours ago
add a comment
|
1
$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument ofpow
). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.
$endgroup$
– fgrieu
7 hours ago
1
1
$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of
pow
). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.$endgroup$
– fgrieu
7 hours ago
$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of
pow
). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.$endgroup$
– fgrieu
7 hours ago
add a comment
|
5 Answers
5
active
oldest
votes
$begingroup$
This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.
In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.
In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.
$endgroup$
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
add a comment
|
$begingroup$
There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.
New contributor
$endgroup$
2
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
add a comment
|
$begingroup$
I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.
I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.
I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.
We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368
. [1].
Given two integers g
and x
, Python can quickly compute the integer r = pow(2, x, p)
[2]. However, for large random x
, the problem of finding x
from r
is believed intractable by all computers that exist today.
During a so-called key generation phase, Alice chose a large secret integer PrivateKey
, and from that compute and publish Publickey
. In Python that's 4 lines:
import secrets
p = 2**3753 + 3**2368
PrivateKey = secrets.randbits(500)
Publickey = pow(2, PrivateKey, p)
In order to send a message M
of b
bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:
- obtains Alice's
Publickey
- chooses a large random
x
usingsecrets.randbits(500)
as above - computes
s = pow(2, x, p)
- computes
r = pow(Publickey , x, p)
- keeps the low-order
b
bytes of thatr
- transforms message
M
using XOR with the aboveb
bytes, giving ciphertextC
- sends
s
andC
to Alice
Upon receiving s
and C
, Alice deciphers as follows:
- finds the length
b
of the ciphertextC
- computes
r = pow(s, PrivateKey , p)
which will be the samer
as in encryption [3] - keeps the low
b
bytes of thatr
- transforms ciphertext
C
using XOR with the aboveb
bytes, giving the original messageM
.
The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.
[1] That p = 2**3753 + 3**2368
is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1
(because that's customary, and is the case for about half the primes).
[2] pow(g, x, p)
is defined as the integer r
in the interval [0, p)
such that g
multiplied by itself x
times is r
above some multiple of p
. Python's pow
computes that r
quickly by a method similar to:
- set
r
to1
- while
x
is not zero- if
x
is odd - compute
(r*g)%p
givingr
- compute
(g*g)%p
givingg
- compute
x//2
givingx
- if
[3] By applying the definition of pow
at the beginning of [2], it follows that the values of r
computed by the sender and Alice both are pow(2, x*PrivateKey, p)
.
$endgroup$
add a comment
|
$begingroup$
The classical trapdoor cage for lobsters is a good analogy.
The lobsters can enter very easily -> Everybody can encrypt with the public key
The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.
This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)
And, you can buy some trapdoor for demonstration, at least for mice.
$endgroup$
add a comment
|
$begingroup$
To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.
Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.
New contributor
$endgroup$
add a comment
|
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "281"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f74642%2fin-search-of-a-pedagogically-simple-example-of-asymmetric-encryption-routine%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.
In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.
In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.
$endgroup$
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
add a comment
|
$begingroup$
This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.
In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.
In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.
$endgroup$
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
add a comment
|
$begingroup$
This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.
In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.
In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.
$endgroup$
This might not be the mathematical example you are looking for, but it is an easy-to-understand metaphor.
In symmetric encryption, Alice and Bob each have a copy of the same key. They exchange messages by putting them in a box locked with a padlock that can be locked and unlocked with the keys. The padlock needs a key to be locked. They then exchange the locked box between themselves, using postal services.
In the corresponding asymmetric encryption metaphor, the public key is an open padlock, and the private key is the corresponding key. Alice gives identical padlocks to everyone asking for it. Bob gets one. Bob puts its message with his open padlock in a box, locks it with Alice's padlock, then sends it to Alice using postal services. In the same way, Alice can reply to Bob, and so on. Alice and Bob do not need to share the same key, and the open padlocks can be stolen or copied without consequences.
answered 8 hours ago
A. HerseanA. Hersean
2883 silver badges9 bronze badges
2883 silver badges9 bronze badges
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
add a comment
|
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
Yes, we'll do this. I've found lots of good examples like this. The problem then becomes "but how do you do that in math?" And with only massive numbers and lots of steps, it's just "another kind of magic." I want to be able to take a "Hello World" message of a few characters, and then let them see how a math algorithm (even if easily intuited) can do this. Once they can see that, then you can talk about trap door functions and their role in the process.
$endgroup$
– Travis Griggs
7 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
$begingroup$
I love the "open padlock" metaphor. I don't know why I've never run across it before!
$endgroup$
– schroeder
2 hours ago
add a comment
|
$begingroup$
There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.
New contributor
$endgroup$
2
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
add a comment
|
$begingroup$
There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.
New contributor
$endgroup$
2
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
add a comment
|
$begingroup$
There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.
New contributor
$endgroup$
There is probably little sense in trying to explain the math before they get a good high-level grasp of what's happening. And for that, there is a paint-mixing analogy, http://maths.straylight.co.uk/archives/108.
New contributor
New contributor
answered 4 hours ago
postoronnimpostoronnim
1111 bronze badge
1111 bronze badge
New contributor
New contributor
2
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
add a comment
|
2
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
2
2
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
$begingroup$
This is almost a link-only answer. Could you explain a bit more?'
$endgroup$
– kelalaka
3 hours ago
add a comment
|
$begingroup$
I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.
I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.
I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.
We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368
. [1].
Given two integers g
and x
, Python can quickly compute the integer r = pow(2, x, p)
[2]. However, for large random x
, the problem of finding x
from r
is believed intractable by all computers that exist today.
During a so-called key generation phase, Alice chose a large secret integer PrivateKey
, and from that compute and publish Publickey
. In Python that's 4 lines:
import secrets
p = 2**3753 + 3**2368
PrivateKey = secrets.randbits(500)
Publickey = pow(2, PrivateKey, p)
In order to send a message M
of b
bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:
- obtains Alice's
Publickey
- chooses a large random
x
usingsecrets.randbits(500)
as above - computes
s = pow(2, x, p)
- computes
r = pow(Publickey , x, p)
- keeps the low-order
b
bytes of thatr
- transforms message
M
using XOR with the aboveb
bytes, giving ciphertextC
- sends
s
andC
to Alice
Upon receiving s
and C
, Alice deciphers as follows:
- finds the length
b
of the ciphertextC
- computes
r = pow(s, PrivateKey , p)
which will be the samer
as in encryption [3] - keeps the low
b
bytes of thatr
- transforms ciphertext
C
using XOR with the aboveb
bytes, giving the original messageM
.
The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.
[1] That p = 2**3753 + 3**2368
is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1
(because that's customary, and is the case for about half the primes).
[2] pow(g, x, p)
is defined as the integer r
in the interval [0, p)
such that g
multiplied by itself x
times is r
above some multiple of p
. Python's pow
computes that r
quickly by a method similar to:
- set
r
to1
- while
x
is not zero- if
x
is odd - compute
(r*g)%p
givingr
- compute
(g*g)%p
givingg
- compute
x//2
givingx
- if
[3] By applying the definition of pow
at the beginning of [2], it follows that the values of r
computed by the sender and Alice both are pow(2, x*PrivateKey, p)
.
$endgroup$
add a comment
|
$begingroup$
I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.
I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.
I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.
We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368
. [1].
Given two integers g
and x
, Python can quickly compute the integer r = pow(2, x, p)
[2]. However, for large random x
, the problem of finding x
from r
is believed intractable by all computers that exist today.
During a so-called key generation phase, Alice chose a large secret integer PrivateKey
, and from that compute and publish Publickey
. In Python that's 4 lines:
import secrets
p = 2**3753 + 3**2368
PrivateKey = secrets.randbits(500)
Publickey = pow(2, PrivateKey, p)
In order to send a message M
of b
bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:
- obtains Alice's
Publickey
- chooses a large random
x
usingsecrets.randbits(500)
as above - computes
s = pow(2, x, p)
- computes
r = pow(Publickey , x, p)
- keeps the low-order
b
bytes of thatr
- transforms message
M
using XOR with the aboveb
bytes, giving ciphertextC
- sends
s
andC
to Alice
Upon receiving s
and C
, Alice deciphers as follows:
- finds the length
b
of the ciphertextC
- computes
r = pow(s, PrivateKey , p)
which will be the samer
as in encryption [3] - keeps the low
b
bytes of thatr
- transforms ciphertext
C
using XOR with the aboveb
bytes, giving the original messageM
.
The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.
[1] That p = 2**3753 + 3**2368
is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1
(because that's customary, and is the case for about half the primes).
[2] pow(g, x, p)
is defined as the integer r
in the interval [0, p)
such that g
multiplied by itself x
times is r
above some multiple of p
. Python's pow
computes that r
quickly by a method similar to:
- set
r
to1
- while
x
is not zero- if
x
is odd - compute
(r*g)%p
givingr
- compute
(g*g)%p
givingg
- compute
x//2
givingx
- if
[3] By applying the definition of pow
at the beginning of [2], it follows that the values of r
computed by the sender and Alice both are pow(2, x*PrivateKey, p)
.
$endgroup$
add a comment
|
$begingroup$
I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.
I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.
I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.
We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368
. [1].
Given two integers g
and x
, Python can quickly compute the integer r = pow(2, x, p)
[2]. However, for large random x
, the problem of finding x
from r
is believed intractable by all computers that exist today.
During a so-called key generation phase, Alice chose a large secret integer PrivateKey
, and from that compute and publish Publickey
. In Python that's 4 lines:
import secrets
p = 2**3753 + 3**2368
PrivateKey = secrets.randbits(500)
Publickey = pow(2, PrivateKey, p)
In order to send a message M
of b
bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:
- obtains Alice's
Publickey
- chooses a large random
x
usingsecrets.randbits(500)
as above - computes
s = pow(2, x, p)
- computes
r = pow(Publickey , x, p)
- keeps the low-order
b
bytes of thatr
- transforms message
M
using XOR with the aboveb
bytes, giving ciphertextC
- sends
s
andC
to Alice
Upon receiving s
and C
, Alice deciphers as follows:
- finds the length
b
of the ciphertextC
- computes
r = pow(s, PrivateKey , p)
which will be the samer
as in encryption [3] - keeps the low
b
bytes of thatr
- transforms ciphertext
C
using XOR with the aboveb
bytes, giving the original messageM
.
The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.
[1] That p = 2**3753 + 3**2368
is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1
(because that's customary, and is the case for about half the primes).
[2] pow(g, x, p)
is defined as the integer r
in the interval [0, p)
such that g
multiplied by itself x
times is r
above some multiple of p
. Python's pow
computes that r
quickly by a method similar to:
- set
r
to1
- while
x
is not zero- if
x
is odd - compute
(r*g)%p
givingr
- compute
(g*g)%p
givingg
- compute
x//2
givingx
- if
[3] By applying the definition of pow
at the beginning of [2], it follows that the values of r
computed by the sender and Alice both are pow(2, x*PrivateKey, p)
.
$endgroup$
I would hate lying to any audience and presenting something as asymmetric crypto, when it is actually a poor caricature of that. Most introductions using RSA fall into that trap because the numbers used are unrealistically small, and the oversimplified system allows to check a guess of plaintext, and to decipher letter by letter with less effort than it takes the legitimate receiver to decipher. On top of that, the math in RSA is relatively complex: even adults with some math background get lost on computing d from p, q, and e.
I'll thus use a simpler system: ElGamal encryption, which uses much simpler math.
I believe that a sizable fraction of a 17yo audience would be able to understand and even reproduce it. But only a very small fraction of 11-13yo would. It took centuries of effort to find asymmetric crypto, that's for a reason.
We'll agree on a large number obtained in Python with p = 2**3753 + 3**2368
. [1].
Given two integers g
and x
, Python can quickly compute the integer r = pow(2, x, p)
[2]. However, for large random x
, the problem of finding x
from r
is believed intractable by all computers that exist today.
During a so-called key generation phase, Alice chose a large secret integer PrivateKey
, and from that compute and publish Publickey
. In Python that's 4 lines:
import secrets
p = 2**3753 + 3**2368
PrivateKey = secrets.randbits(500)
Publickey = pow(2, PrivateKey, p)
In order to send a message M
of b
bytes (up to 450 bytes, enough for most tweets) to Alice, someone enciphers as follows:
- obtains Alice's
Publickey
- chooses a large random
x
usingsecrets.randbits(500)
as above - computes
s = pow(2, x, p)
- computes
r = pow(Publickey , x, p)
- keeps the low-order
b
bytes of thatr
- transforms message
M
using XOR with the aboveb
bytes, giving ciphertextC
- sends
s
andC
to Alice
Upon receiving s
and C
, Alice deciphers as follows:
- finds the length
b
of the ciphertextC
- computes
r = pow(s, PrivateKey , p)
which will be the samer
as in encryption [3] - keeps the low
b
bytes of thatr
- transforms ciphertext
C
using XOR with the aboveb
bytes, giving the original messageM
.
The amazing thing is that the sender needs nothing secret to send a confidential message to Alice, something that symmetric crypto does not allow.
[1] That p = 2**3753 + 3**2368
is a prime with a simple form because that's easier to key (yet not so simple as to enable SNFS attacks); is more than 128-bit larger than our maximum message size of 450 bytes (because that avoids a mostly theoretical attack); and such that pow(2, (p-1)//2, p) == 1
(because that's customary, and is the case for about half the primes).
[2] pow(g, x, p)
is defined as the integer r
in the interval [0, p)
such that g
multiplied by itself x
times is r
above some multiple of p
. Python's pow
computes that r
quickly by a method similar to:
- set
r
to1
- while
x
is not zero- if
x
is odd - compute
(r*g)%p
givingr
- compute
(g*g)%p
givingg
- compute
x//2
givingx
- if
[3] By applying the definition of pow
at the beginning of [2], it follows that the values of r
computed by the sender and Alice both are pow(2, x*PrivateKey, p)
.
answered 1 hour ago
fgrieufgrieu
85.8k7 gold badges191 silver badges377 bronze badges
85.8k7 gold badges191 silver badges377 bronze badges
add a comment
|
add a comment
|
$begingroup$
The classical trapdoor cage for lobsters is a good analogy.
The lobsters can enter very easily -> Everybody can encrypt with the public key
The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.
This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)
And, you can buy some trapdoor for demonstration, at least for mice.
$endgroup$
add a comment
|
$begingroup$
The classical trapdoor cage for lobsters is a good analogy.
The lobsters can enter very easily -> Everybody can encrypt with the public key
The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.
This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)
And, you can buy some trapdoor for demonstration, at least for mice.
$endgroup$
add a comment
|
$begingroup$
The classical trapdoor cage for lobsters is a good analogy.
The lobsters can enter very easily -> Everybody can encrypt with the public key
The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.
This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)
And, you can buy some trapdoor for demonstration, at least for mice.
$endgroup$
The classical trapdoor cage for lobsters is a good analogy.
The lobsters can enter very easily -> Everybody can encrypt with the public key
The lobsters can not get out without the opening the lock. Only the key owner of the lock can open -> Only private key holder can decrypt.
This analogy one more merit: There is a negligible chance that some lobsters can escape -> there is a negligible chance that you can find the key by trying some values ( assuming the scheme is secure)
And, you can buy some trapdoor for demonstration, at least for mice.
edited 1 hour ago
answered 3 hours ago
kelalakakelalaka
11k3 gold badges28 silver badges55 bronze badges
11k3 gold badges28 silver badges55 bronze badges
add a comment
|
add a comment
|
$begingroup$
To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.
Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.
New contributor
$endgroup$
add a comment
|
$begingroup$
To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.
Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.
New contributor
$endgroup$
add a comment
|
$begingroup$
To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.
Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.
New contributor
$endgroup$
To teach 11-13 yo kids, i wouldn't talk about symmetric/asymmetric crypto cause, IMHO, it's far too complicated and will probably be boring for that audience.
Instead, i would mostly talk about Caesar Cipher because it's easy to understand and they can experiment by themself.
Then, to conclude, i would have some words about "real life" crypto, but no more than 10/15 minutes.
New contributor
New contributor
answered 5 hours ago
binarymbinarym
101
101
New contributor
New contributor
add a comment
|
add a comment
|
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f74642%2fin-search-of-a-pedagogically-simple-example-of-asymmetric-encryption-routine%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
$begingroup$
Unfortunately, the simplest we have that is real assymetric crypto with modern security requires the notion of modular exponentiation. That can be done in a few lines of python, though (thanks to the optional third argument of
pow
). Would you be interested in that ? The candidates are RSA, and ElGamal encryption. The second is actually simpler if you do not want to fool the audience by oversimplifying.$endgroup$
– fgrieu
7 hours ago