One last attempt to improve the best explanation of public-key cryptography for non-techies that I’ve seen

by Joey deVilla on June 12, 2017

You may want to read (or at least skim) these two article before reading this one:

The original analogy

Last week, I posted an article featuring images from my slides based on Panayotis Vryonis clever way to explain public-key cryptography, a.k.a. asymmetric cryptography, to non-techies, as covered in his blog post, Public-key cryptography for non-geeks. The analogy uses a public key, a private key, and a box with a special lock:

Here’s a quick visual summary of how the box analogy works:

As I said earlier, it’s clever. Not only have I had great success using it to help non-techies understand what the whole public key/private key deal is all about, but those non-techies have also had great success doing the same.

The analogy’s flaw

The analogy was just fine, but then this guy had to jump in and ruin everything:

That’s Dr. Robin Dawes, my computer science professor at Crazy Go Nuts University, who has forgotten more about traversing graphs than I will ever learn.

He tweeted about a flaw in the analogy:

Or, to summarize the flaw graphically:

The flaw in the analogy can also be used to fake a digital signature:

Of course, that’s not how public-key crypto actually works, but the flaw adds some confusion to the analogy.

So I made an analogy where there are two locks — one for encryption, one for signing — that use the same public/private key pair:

My approach works, and it even lets you demonstrate both signing and encrypting the same message — you lock the same box with both locks. The problem is that in using two locks, you lose a key point made by Vryonis’ analogy’s use of a single lock: that public-key crypto does both encryption and digital signatures.

Back to the original analogy…with a twist!

Here’s a solution proposed by Matthew Ernest in a comment to the original article:

The change I would propose is to replace the two unlocked states/one locked state with one unlocked state/two locked states.

a) It is clearly shows that there is no way to apply the same key twice and end up in an unlocked state

b) It matches the system being modeled in that the output is different when encrypting with public vs. private key (two different locked states), but unlocking results in the same plaintext (only one unlocked state) if you start from the matching encrypted output and does nothing if you do not start form the matching encrypted output.

My reaction:

Tim and Eric 'Mind Blown'

So here are my revised graphics, based on Matthew’s suggestion:

Thanks, Matthew! That was an excellent suggestion.

Credit where credit is due

Once again, I’d like to extend my thanks to…

Panayotis Vryonis, who came up with the analogy that’s been so incredibly helpful…

Dr. Robin Dawes, who chimed in about the flaw in the analogy (and being a wonderful professor)…

Matthew Ernest for his excellent suggestion (I don’t have an image for him, so he gets Batman)…

…and the two gentlemen pictured above. No, they’re not extras from That 70s Show; they’re Martin Hellman and Whitfield Diffie, the computer scientists who pioneered public-key cryptography, without whom we wouldn’t have all sorts of things including secure communications, ecommerce, and this article.

Leave a Comment

Previous post:

Next post: