Surprisingly, it can be done. As it relies on sophisticated mathematics, it’s not easy to find an equivalent to this digital world operation in our day-to-day physical world, but we can try, so please bear with us. Suppose that instead of sending keys to my friends, I send them an open box that I alone can open once closed. When my friend wants to send a message to me, all she has to do is to put the message in that box, close it, and give it to a messenger. When I get the box, I know that nobody has been able to read the message but my friend and I. But wait a minute, how can I be sure that this is actually my friend who sent me the message? Well, my friend also sends me an open box that she alone can open once closed. I take her box, I put a message in it showing that I have read her message, for example by repeating part of it, and I send her back the box, closed. She alone can open her box, and voila, we have exchanged a secret message without having to share keys.

We just distribute boxes, and we don’t need a complex distribution system of shared keys. Of course, in order for this to work, it must be impossible to dismantle the boxes. In our day-to-day physical world, it is very hard to build such boxes, or very expensive, or both. That scheme wouldn’t work on a big scale. But in the electronic world, that’s another story. Instead of boxes, we send a piece of mathematics, a number, over the network. And a key is just another number that we mix with the first one. We won’t spell out the mathematics, large numbers factorization, elliptic curves, and the like. We’ll just mention that the box scheme is called asymmetric key cryptography, as participants to the system all have different keys. Actually, we need to introduce two more concepts, that are unfortunately a little confusing: in asymmetric key cryptography, the key that I keep private is very naturally called my private key, whereas the box I send out, which is public, is not called public box, which would have made things simple, but instead public key, that really makes things hard to understand, but such is life; it’s not just the religious that are obscure from time to time.

As one might imagine, as clever as the box scheme is, it still requires sending boxes around, and at some scale, that becomes cumbersome; if everybody sends boxes to everybody, even digitally, that’s too much to bear. We need box distribution centers, where anybody in need of one can find it. For example, let’s say that I want to send a secret message to somebody I have never met before, say a banker in Mongolia. I’m going to contact the Mongolia distribution center, and ask them for the banker’s box. But then, you are saying, how do I trust that Mongolia distribution center? Is there anybody who can vouch for them? In fact there is: around the world, there are a few distribution centers that are so much used that everybody knows them. Their public key is published everywhere on the network, it’s embedded in our computers when they are sold to us, they form the root certificates that make the whole system work. We’ll refer you back to Chapter 8 for a more detailed discussion of just what a certificate is. Anyway, as we said earlier, there is always a top trust infrastructure: it is one of those top distribution centers. A famous one is the Verisign top (root) certificate authority, named after the company that pioneered the use of asymmetric key cryptography for distributing public keys. I can ask Verisign for the box of the Mongolia distribution center to make sure if I need to.

Keeping with our box analogy, a certificate is not a bland box that we would send around, but rather a box that has written on it information on who sent it, together with indications on how serious is the sender, and also associated data like, for example, how long the box can be used before it is considered too old to be reliable. While that information may be written in clear on the box, it is easy to check that it is genuine information, since it is possible to also put inside the box a secret message that verifies what’s on it. So now we are ready to understand how a digital trust infrastructure works. At the beginning, there is a top authority, which is so well-known that their boxes are available to everybody without any doubt as to whom it belongs to. Then this top

Book available at Midori Press (regular)
Book available at Midori Press (signed)
Book available at Amazon (regular)