Explaining encrypted messaging: A fairy tale of magic keys 

Published 2016-09-15 on flowinho.io

category | knowledge privacy encryption messenger security

With Whatsapp now sending meta-data to facebook a lot of family-members started to ask me: whats this all about?
So i decided to come up with a series about encrypted messaging.

This is part one of a three articles spanning series trying to explain encrypted messaging to less technologically knowledgeable people. Part one: telling a heavily simplified version of cryptographic history regarding encrypted messaging.

Once upon a time

Once upon a time there was a princess that was deeply in love with the prince of of Faraway, a rivaling kingdom. While her love was pure, she found herself in quite the misery. Since both kingdoms, her own and that of her loved one hated each other, no on should ever know of their relationship. Of course, they wanted to exchange love letters, but the royal horse-mail of both kingdoms would eventually open letters and check them for treachery, so they had to find another way!

Try 1: The code word

At first, the princess thought about using a code word that only she and her loved one knew about. By shifting the letters using the code word she managed to turn her love letters into unreadable text. But how to deliver the code word to the prince? She gave the letter and the code word to her most trusted friend, the castles baker, and told him to bring both to the prince.

What she didn’t knew: said baker couldn’t resist his curiosity and read the code word.

So while this method worked for a while, the princess eventually found out about the baker reading all her love letters - and of course the responses from the prince.

Try 2: The locked box

After the disappointing let-down of using the code word, the princess came up with quite the good idea: she put her love letters into a beautifully crafted wooden box, crafted by the kingdoms most talented wood-worker. Only she and the prince owned the keys needed to open and lock this box.

This system worked quite good. However there was another problem: the rider that delivered the initial key to the prince was attacked by villains, which took advantage of their fortune and made a copy of the key. After finishing the copy they delivered the key to the prince.

From this point on, the villains would open all boxes, read its contents, lock it again and send it forth to the prince. They got pretty rich by reporting the contents of the letters to the king, who payed generously when told about the secret love of his daughter. But this time again, she found out.

The princess was infuriated. Was everyone in this world an enemy of her love?

Try 3: The princess and the fairy

This was the time when the princes overheard a dialogue between her father and his first knight: there was a fairy sighted in the northern caverns, a powerful magical being named Zimmerma which was able to fulfill any desire.

The princess decided to secretly meet with the prince and talk to the fairy, explaining their misery to her and how they failed protecting their precious thoughts.

Worry not! I know exactly how to solve your problem. May your pure love prosper and may you and your loved one live a wonderful life.

The fairy created two magical key rings, one for the princess, one for the prince, and gave both of them an individual secret key, one only they could use.

The fairy started explaining:

Place those key rings on the market place of your hometown! Every time someone wants to to send you a message, tell them to grab that key. Worry not, as the key ring will produce an indefinite number of the same key forever. Whenever someone uses this key, their message will turn into a magic lock, one that can only be opened by the keys I just gave you. This way, everyone will be able to send you a message, while only you will be able to open and read it.

The princess and the prince immediately followed the advice of the fairy and it worked: nobody else besides them was ever able to read their messages again, but everyone was able to send them messages!

Rumors of their perfect system started spreading throughout the world, and the fairy wondered how much people came to her for the very same reason: being able to use the same system as the prince and the princess, because apparently, nobody wants someone else to read their messages.

Explaining the fairy tale

The events described in the fairy tale are fictive, but it still tells the story of encrypted messaging in a very simplified way.

The code word is known as the Caesar Ciper, an encryption method dating all the way back to the romans. The sender would use a specific code word to substitute the original text with a non-readable gibberish. The drawbacks of this method are obvious: everyone in possession of the word used to encrypt the message was able to decrypt it as well.

The locked box tells the very basic story of Symmetric encryption. This kind of encryption is still used nowadays, but faces the problem of both parties requiring access to the keys and the problem that the messages can be read and re-encrypted before being delivered to the recipient. Symmetric encryption has its use-case but is overall considered less secure than public-key based encryption.

The villains in the fairytale are a metaphor for a what’s called a man-in-the-middle attack.

The system introduced by the fairy in the princess and the fairy is a basic description of any public-key based encryption method, with PGP (pretty good privacy) being one of the most famous.

This encryption system is also known as asymmetric encryption.

Key servers serve as the modern day market place, delivering the recipients public key to everyone that wants to encrypt a message. The message can then only be encrypted and read by the possessor of the private key.

This system successfully defeats the problem of someone eaves-dropping on your conversation. It also assures that nobody is able to read and re-encrypt your message. The key servers provide a comfortable way of distributing your public key to the outside world.

Sidenote: Because asymmetric encryption requires a high computational effort, most encryption takes place by exchanging symmetric keys using asymmetric algorithms. Symmetric keys require less computational effort, so bigger chuncks of data can be transfered. One example of such a key exchange is the Diffie-Hellman key exchange.

Why all this?

Telling the fairy tale and briefly explaining the real world mechanics behind it is necessary to provide a basis of knowledge that is required for the next parts of Explaining encrypted messaging.

Please keep in mind that there are way more methods of encryption and that symmetric and asymmetric encryption are a tid-bit more complex than described above. This article aims to explain encryption in an understandable way.

Special thanks

Special thanks to my talented and awesome colleague Mesut Kaya who drew the images in the articles. Feel free to visit his Twitter-Account, iammesutkaya

Next up: Explaining encrypted messaging: What on earth is meta-data?

This post appeared first on flowinho.com, on 9/15/2016