The philosophy behind the 'secure' SSL connection or The Postman Always Rings Twice
Maybe you have asked yourself, how a 'secure, encrypted connection'
to your bank could be built up, when no passwords or keys
were exchanged before?
Imagine a travel suitcase with two locks. Now you have a postman, who transports this from you (point A) to somebody else (point B). And you don't want the postman have a look into your box. How can you do that without having to hand over the keys? Letting the postman transporting box and keys at the same time won't do!??Now to the solution:
You lock your box with a lock. The 'private key' you keep in your pocket.
Now you hand over the box to the postman. He transports the locked box to point B.
The other person, the receiver, now locks the box with a second lock, also keeping his 'private key' in his pocket.
The postman transports the box back to A, knocking on your door the second time. In his hands: The box, but now - double locked.
Now you remove your lock with your 'private key', keeping now lock and key in your pocket.
The postman now transports this box, just 'single locked', but still locked, the content invisible, inaccessible for the postman, back to B.
The postman now knocking the second time on B's door, brings the box, which indeed, still is locked - but no problem - B has the key to unlock his own lock - in his pocket!
So lets summarize: The box was locked all the time, it was transported. The postman so had no chance to have a look into. No key was transported. You (A) and the receiver (B), often called "Alice" and "Bert" in cryptographic papers, never had to hand over the keys to the postman. You and the receiver held the keys privately in their pocket, all the time.
Isn't that just simple?? Just by transporting a box with two locks two times back-and-forth, the need to reveal a key (handing over a key to the postman) simply becomes - void.
This is the core idea
behind any 'public key'
Imagine, that US patent law allows to patent such simple mechanisms, forcing the world to pay billions of $$$ license fees!!!Now to the mechanism, how to emulate this suitcase with two locks.
From math you might know, that factoring a product of two primes takes long. Testing a long random number for being prime, is easy, see Wikipedia. So you easily might generate long primes
and multiply them, with another person having no chance to split them up again. How can Alice and Bert now use this for emulating this suitcase with two locks?
Alice constructs a long prime (p) and a second long one (q). Alice now sends the product of these two primes to Bert:
A -> (p*q) -> B
Bert also constructs two long primes (v) and (w) and multiplies them (v*w). Bert, having received (p*q) multiplies (p*q) with v and w, sends this back to Alice:
B -> (p*q*v*w) -> A
Alice now removes p by dividing the product (p*q*v*w) by p and sends it back to Bert:
A -> (q*v*w) -> B
Bert, knowing v and w well, can divide (q*v*w) by v and w and now has - q!!!
q is the 'secret' prime now, with which Alice and Bert can encrypt their whole (SSL/SSH/...) traffic!!
Lets see, what the postman saw:
The product of p and q. No chance for him to reconstruct p or q. The product of (p,q,v,w) -> no chance to reconstruct v or w. The product (q,v,w) -> still no chance to reconstruct q.
The core idea
behind is a simple regrouping
of 4 primes:
(p x q) x (v x w) is regrouped to p x (q x v) x w
That's all you can know about SSL
and 'asymetric key encryption'
Again, for using this 'stupid mechanism'
the world yearly pays billions of $$$ of patent fees to US security companies, namely #RSA
. For being allowed to use just two simple core ideas from 7th class math: A suitcase with two locks and a regrouping of four primes
What a shame, this US patent law! A multi billion industry built upon knowledge of 7th class mathematics!