Categories

The simplest analogy for explaining how public-key cryptography lets you send secret messages and digitally sign messages

The Hyve team, who were runners-up at Startup Bus 2019. From left to right: Tracy Ingram, David Castañeda, Joey deVilla, Rina Bane, and Justin Linn.

My recent Startup Bus success with Hyve has had some interesting side effects, not the least of which is people asking me all sorts of questions about email and cybersecurity. I’m more than happy to answer these questions!

I’m often asked about how public-key cryptography (a.k.a. asymmetric cryptography) works. The concept of private keys and public keys isn’t an intuitive one. A couple of years back, I spent some time trying to come up with an analogy that was layperson-friendly and memorable.

After doing a little searching online, I found a good analogy, and with the help of a couple of people — including my computer science professor from Crazy Go Nuts University, Dr. Robin Dawes — improved on it. Here’s my revised analogy; feel free to use it whenever you need to explain public-key crypto!

The special box

Imagine a box with a special lock, as pictured below:

The lock has three positions:

1. When the lock is turned to the “9:00” position, the box is locked, and its contents are inaccessible.
2. When the lock is turned to the “12:00” position, the box is unlocked, which means you can open it and view its contents.
3. When the lock is turned to the “3:00” position, the box is locked, and its contents are inaccessible.

The lock’s position can be changed by two kinds of keys. The first type of key belongs to the owner of the box, and is thus called the private key:

The private key fits the lock, but it has a special limitation: it can only turn the lock clockwise — from 9:00 to 12:00, or from 12:00 to 3:00. It doesn’t turn counter-clockwise.

There’s only one copy of the private key, and as the owner of the box, you hold onto it.

There’s a second kind of key. You may have already guessed that it’s called the public key:

Like the private key, the public key also fits the lock, and it also has a special limitation — but a different one: it can only turn the lock counter-clockwise — from 3:00 to 12:00, or from 12:00 to 9:00. It doesn’t turn clockwise.

Unlike the private key, you give copies of the public key freely to other people. This lets them communicate with you.

Using the box and keys, two different things are possible:

1. People can send you secret messages. This is done with encryption.
2. You can send messages to people with proof that it was you who sent the message. This is done with digital signatures.

Sending secret messages with encryption

The idea behind sending secret messages is straightforward: you take the message and encrypt it (that is, scramble it so that it’s incomprehensible to other people), and then send it. The receiver gets the message, decrypts it (that is, performs the inverse of the operation that scrambled the message), restoring it to its original form and making it readable.

Think of encrypting the message as putting it in the special box and locking it. Think of decrypting the message as unlocking the box.

If you wanted to send a message to me, you’d use one of my boxes. Since it’s one of my boxes, I would have the private key for it, and I would have given you one of my public keys.

To send me the message so that only I would be able to read it, you’d put the message into the box and then lock it with my public key. Remember, the unlocked position is at 12:00, and public keys only turn counter-clockwise. When you lock it, you change the lock to the 9:00 position:

Once the box is locked, you’d ship it to me.

In order to read your secret message, I’d unlock the box using my private key. Remember, the lock is currently at the 9:00 position (locked), the unlocked position is at 12:00, and private keys only turn clockwise. When I unlock it, I return the lock to the 12:00 position:

With the box unlocked, I can now read the message you sent me.

Proving that I was the one who sent the message using a digital signature

I can also use one of my boxes to sign my messages in such a way that you know that they’re definitely from me and not some troll pretending to be me.

If I wanted to send you a message that was guaranteed to be from me, I’d use one of my boxes.

To send you a message in a way that proved that only I could have sent it, I’d put the message into the box and lock it with my private key. Remember, the unlocked position is at 12:00, and private keys only turn clockwise. When I lock it, you change the lock to the 3:00 position:

Once the box is locked, I’d ship it to you.

In order to confirm that the message was sent by me, you’d unlock the box using the public key I gave you. Remember, the  lock is currently at the 3:00 position (locked), the unlocked position is at 12:00, and public keys only turn counter-clockwise. When you unlock it, you return the lock to the 12:00 position:

You can rest assured that I sent the message, because in the digital signature scenario, only my private key could’ve locked the box that you unlocked with my public key.

It’s all math

You may have to remind people that the box isn’t actually a box, the things that we call the private key and public key are just really large numbers, and that encryption and digital signing are just some fancy math operations that are performed on your message (which is really just a bunch of numbers) using the private and public keys.

I’ll write up a layperson-friendly description of how the math in public-key crypto works, but in the meantime, if someone’s asking you to explain it, send them to the EFF’s article, A Deep Dive on End-to-End Encryption: How Do Public Key Encryption Systems Work?

Credit where credit is due

I found the original “special box” analogy put together by Panayotis Vryonis (pictured to the right), in his article titled Public-key cryptography for non-geeks. He came up with an analogy that treated asymmetric crypto as a box with a special lock and special keys, and it seemed to do the job nicely, and I wrote about it in this post back in June 2017.

Analogies often have limits, and it wasn’t long before my computer science prof, Dr. Robin Dawes (pictured to the right), pointed out a flaw in Vryonis’ analogy. With his help, combined with a suggestion from Matthew Ernest, I came up with a tweak, resulting in the analogy shown above. Thanks to all of them for their invaluable help!