Oh sorry, I'm starting to, talk in route 13.

Let's translate this back to non route 13.

the terminology, the two kind of themes we've been following over the last couple

of lectures and this lecture, are confidentiality and integrity.

And confidentiality is hiding, right, shielding information.

Not leaking information to people that you don't want to show it to.

And integrity is making sure that you know who you're dealing with.

And then the previous lecture, we really talked about kind of real light

approachable ways of ensuring confidentiality with things like Caesar

cipher. And then integrity using a simple message

digest, that, based on a shared secret. So, the problem with all of those things

that we just saw, is that they require a shared secret.

And the problem in the world of the internet is, it's just really difficult.

For every one of us before we establish well, before we can make any purchases or

whatever at Amazon, that we somehow have to drive to Amazon headquarters.

And, and get a shared secret from Amazon. Open up a book and say okay, hi Chuck, I

see who you are and here's our shared secret, and you walk away.

And as long as you carry that shared secret while you go.

And if the shared secret is lost, it's difficult to review, revoke.

So, as the internet and, and frankly in general, as security needed to be able to

work at arms length. Meaning that you couldn't always bring

everybody together and hand out shared secrets.

And then have them go to the far reaches of the world and communicate.

public key encryption was identified, as an extremely elegant solution to this

problem. And so it was proposed by Diffie and

Hellman in 1976. And it relies on two keys.

It's asymmetric, meaning we're not using the same key to encrypt as decrypt, the

way we were in the previous lectures. These are asymmetric.

There is a public key, which is actually, does not need any protection whatsoever,

and a private key. And the idea is they're generated inside

of a computer. You generate the public key and the

private key. You send out the public key, the public

is used to do the encryption. And then private key is used to do the

decryption. And they're related mathematically, in a

way that's well understood, but difficult to compute for a key length that's large

enough. So, there's a public key and a private

key. So, I'd like you to take a look at this

little video up on YouTube of Diffie, Hellman, and Merkle, the, the inventors

of this. and I think it's a great video.

I would love it if this were my video, but I didn't produce this video.

So so take a quick look. So, one of the things about this public

private key encryption is now that we know about it, it's like wow, it's pretty

obvious. And frankly Caesar and the Germans and

everybody could have used this idea. They just hadn't thought of it yet.

And the other thing that's kind of interesting if you look into the story of

this, is that the first reaction people got when they started thinking about this

is like it can't be this easy. Now, it's sort of both easy and hard but,

but the concept is real elegant and really beautiful, and that is that we

have this public key. So, the public key is part of a public

private pair, and it's used to do the encryption.

The beautiful, beauty is it's computation and difficult to recover that private key

from the public key and the encrypted text.

A key thing is, is it's not impossible. And that's kind of one of the interesting

philosophies of security that, that we started at the very beginning in talking

about security. The perfect security is kind of

impossible to achieve, unless you simply don't send anything.

And so, public private key, asymmetric keys is, is well understood as to how you

would break it. Everyone knows how to break it.

The problem is, is that computers aren't fast enough to break it, and when

computers get faster we'll just make the keys bigger.

So, the mathematics of this makes it impractical to break.

I mean literally impractical to break. Now I think we can safely assume that,

governments probably have enough computation to crack these once in a

great while. I mean, they're not cracking every

transaction between you and target when you want to buy something.

But if they really have to, they can record the encrypted transmissions.

And if they really had to and took a long time, I have no idea how long it would

be, they can break it. So, that's actually kind of a neat way to

think about this. By revealing it all, frankly, any

computer scientist could make a name for them their whole life if they proved that

there was something wrong with this. By revealing the algorithm, revealing the

cracking technique, if someone can come up with a better cracking technique, it

is like, fame and glory forever. Which means that, we're pretty sure that

there's no good way to crack this other than the brute force mechanism, that

requires a large amount of computation. So, if you're going to use public private

key encryption, you have to generate a pair.

And it starts by charging, choosing two really large random numbers, with

hundreds if not thousands of digits that are prime.

See you kind of choose a, choose a random number really big.

And then you kind of look around for a nearby prime number and you choose two of

those. And then you multiply them, okay?

Getting an even larger number. And then, through some steps, through

some calculations, you compute the public and the private keys from that large

number. The essence of this, are those two prime

numbers. Prime numbers of course are numbers that

you only divide by themselves and one which means they have no factors.

Which means they're kind of like looking for a needle in a haystack.

And so the public and private key is really based on these two prime numbers.

If you could figure out what the prime numbers were, you'd be okay.

But the computational difficulty is finding the prime numbers that are

extremely large, and finding the right prime numbers that are extremely large.

So, it's easy to do some calculations in one direction, but not in other.

So, for example, what are the factors of 55,124,159?

Quick. But if I simply ask you what do you

multiply 7,919 to get that 55 million number.

That's easy. You do a division.

And it turns out that you can find out 6961 really easy, right?

So, if I just say what are these two numbers?

That's hard. If I say given this number, what's the

other number? That's trivial.

So, you can think of this as, the decryption is where the receiver of the

message knows kind of half of the calculation.

Where as the world doesn't know either half of it.

Doesn't know the calculation, so has to figure out both halves.

Whereas the receiver only has to figure out one half.

And so that's how asking the question of what are the factors, versus given one,

what's the other. So it, it takes a problem that's easy,

makes it computationally nearly impossible.

But again, not impossible, just nearly impossible.

Okay, so here's the notion. So, you're about to type your visa card

into a credit card into like Amazon's web page.

And so what happens is, is that Amazon will has a public key and a private key.

That they retain. And they will send you the public key

across a medium, the internet. They're going to send this to you

somehow. But the bad guys, Eve, or Charlie or

whoever they are. The bad guys.

This is Alice and Bob. Eve and Charlie are always looking.

So, Eve and Charlie could intercept it. And you assume that they can.

This is the key. Don't, don't try to pretend they can't.

Even though it's very difficult for them to do it.

But you assume they can. So, the public key comes across.

It is simply sent to you as part of the beginning of establishing a sur, secure

connection. And the bad guys see it too, or girls.

They see it too. So, the public key comes to you.

And then what you do, is you encrypt, using that public key.

And create some encrypted text, cipher text.

Which you then send back across the danger, where Eve and Charlie are

watching. And it comes across, they intercept the

encrypted text. They've intercepted the public key.

And they, they can try as hard as they like with supercomputers to derive this.

And frankly, like I said, if they had months and months and months and really

fast computers, they could. Okay, but because Amazon is in sole

possession of private key and it never left Amazon servers.

It is a very simple matter for Amazon to decrypt and get your plain text.

It happens, very quickly. Just like if you kind of know half of the

prime number calculation. Figuring out the other prime number is

really, really easy. Okay, so, so again, these people see all

of this information, and yet it's computationally virtually impossible, for

all practical purposes, to do it. And so it's beautiful, because there was

no need to protect the public key. We never had to get in the same room, and

away it goes. So you just, Amazon just blasts out it's

public key and we encrypt using Amazon's public key.

We can't decrypt it but we don't need to decrypt it.

All we need to do is send it to Amazon and voila, it works.

So, the beautiful thing is the public keys can be distributed, they can be

intercepted and it does not matter. So, with this notion of public private

key encryption in general, we made a change to HTTP.

A layer, a mini layer is in the data model.

If you remember way back, perhaps you've even forgotten about the layered model.

Remember that layered model? Application, transport, Internet.

Remember this is sort of one computer and this is the other computer.

These are their routers, routers. These are the hops.

There's like 15 of these. Remember?

Remember all this? So, it comes back now to haunt us.

Okay. So, if you recall, just sort of to, to

briefly remember that, the transport layer is responsible for the

retransmission. It gives us the appearance of a reliable,

ordered connection between the, our application and the far application.