cryptography

Alice wants to send a message to Bob. Once the message is send on the web, it is quite easy to intercept it. Therefore, Alice will translate it in a language that only Bob is able to re-translate in English.

Assumptions:
- On this web people talk only English;
- Dictionaries are available only if a user releases it;

(We will see after that this is basically how works cryptography)

THIS IS HOW IT WORKS:

Alice and Bob have each two one-way dictionaries of a language (in cryptography will can this a key pair)

Private keys are secret. Alice for example is the only having the Farsi -> English dictionary (and Bob the Swahili -> English).

Public keys are freely accessible for anyone on the web. Bob for instance released in free access the English -> Swahili dictionary (his public key).

He is the only one able to re-translate it in English (because his private key Swahili -> English is not available for others), so if someone want to send him a message, he use his public key.

So, when Bob wants to send a message to Alice, he looks on the web for Alice’s public key and he uses it to translate (= encrypt) his message in Farsi. Then he sends it to Alice threw the web.
If someone wants to intercept the message, well, he can but he won’t be able to read it because it is in Swahili (= encrypted). Alice is actually the only one able to read it because she’s the only one who have the Farsi -> English dictionnary.
Once Alice received the message, she uses her Farsi -> English dictionary (associated with her public dictionary), to translate it in English.

IN CRYPTOGRAPHY, IT IS THE SAME:

Instead of talking only English, people talk a human language. What they can’t read is a weird encrypted code even more complicated that Farsi or Swahili. So, a cryptographic function encrypts a human language message in a weird meaningless code.
When Bob wants to send a message to Alice, he looks for her public key, so he has to translate his message in Farsi. English words alphabetically sorted in this one-way dictionary.

Bob just looks for the word he needs to translate and uses the translation, quite easy.

But imagine that you intercept the message.

You know that Bob sent it to Alice, which means that it is in Farsi. Alice publicly released the English -> Farsi dictionary, this is the only thing you can use to decrypt in English the message.

The problem is the dictionary is sorted English, so randomly in Farsi. For each word in the message you have to look in the whole dictionary. Quite difficult, it will take you dozens of hours. (You wish you had the Farsi -> English dictionary to read it in some minutes: but this one Alice keeps it secret).

This means that the message is readable, but in a really difficult way. This is exactly the same for cryptography. It is easy for a computer to encrypt a message (just some milliseconds), but it is extremely difficult to decrypt it. Actually with the current technology, it would take centuries for all computers on earth to break a good encryption (so it doesn’t worth it and we consider that it is unbreakable). For the recipient of the message, it just takes an instant because he has the private key associated with the public key he had released (with which the sender encrypted the message).

Every code is breakable in theory, but in practice it is so hard that you would never do so. This is why this kind of encryption is called PGP (Pretty Good Privacy).

When Bob sends a message to Alice, he knows she is the only one who read it. But how Alice knows that it is Bob who sent it? Indeed, as the English -> Farsi dictionary is available to all, you could also send a message to Alice and say that you are Bob.

This is why encryption keys have a second function, they are also used to sign messages. To do so your private key is able not only to decrypt messages sent to you, but also to encrypt. And the public key can also be used to decrypt only something encrypted with the private key associated.

SIGNING THE MESSAGE:

If we come back to our dictionaries keys, it means the private key is composed by two dictionaries, and the same for the public one.

Now when Bob sends a message to Alice he writes it in Farsi (using the public key of Alice) in order to be sure she will be the only one able to read it. But more than that, at the end of his message, he writes something like “now you are sure it is me”, but writes it in Kyrgyz as he has the English -> Kyrgyz dictionary in his private key.

Alice will receive this:

Good luck for you to read this. But for Alice, it is simple: with her private key, she translates the whole message in English.

She knows by his public key that Bob signs in Kyrgyz, otherwise he won’t have given a Kyrgyz to English dictionary. So she uses the Kyrgyz->English dictionary, if it makes some sense in English she is sure it was him.

If you want to send her a message pretending you are Bob, you would need the English->Kyrgyz dictionary to sign if Kyrgyz as Bob do, but this dictionnary only Bob has it: you can’t pretend you are Bob.