Divide into groups for these activities.
You have to send a present to a friend by post - or it might be a top secret report written by a government agent. The present (report) is so valuable that you decide to put a lock on the parcel to protect it during transit. However, you cannot send the key or the combination through the post because it might be intercepted and compromise the present (someone could open the parcel, see what was inside and then seal it again without you knowing).
How can you arrange to send the present securely locked without a key and still have your friend open it without receiving the key or combination? (There is more than one way to do this. A prize if you can think of more than one!)
You need to know the average age (or salary) of a group of people (parents as most pupils in a class will be roughly the same age). However, you don't want the individuals to reveal this sensitive information to the rest of the group. How can this be done?
A protocol is a rule or set of rules that define how communication will take place, sometimes between people (as in diplomacy) and, in our case, sometimes between computers. A cryptographic protocol defines the way that data will be encrypted and decrypted, processed and transmitted.
We are familiar with basic operations in Maths such as addition and multiplication. In Computing there are additional operations called logical operations; these include NOT, OR and AND.
Earlier we saw how binary numbers consist of two digits, 0 and 1 and the term 'binary digit' is shortened to 'bit'. The 'NOT' operation produces the opposite of the current state so in binary NOT 0 = 1 and NOT 1 = 0.
This is like putting a minus sign in front of a number to make it negative. It is also like a light switch and a transistor, both of which can be either on or off: NOT ON = OFF and NOT OFF = ON.
The OR operator works with 2 or more bits as follows:
| Input Bit 1 | Input Bit 0 | Output |
| 0 | 0 | 0 |
| 0 | 1 | 1 |
| 1 | 0 | 1 |
| 1 | 1 | 1 |
If either input is a 1 then the output is 1.
The AND operator works with 2 or more bits as follows:
| Input Bit 1 | Input Bit 0 | Output |
| 0 | 0 | 0 |
| 0 | 1 | 0 |
| 1 | 0 | 0 |
| 1 | 1 | 1 |
If either input is 0 then the output is 0; output is 1 only if all inputs are 1.
Logical inputs and outputs are processed in computers by 'logic gates', groups of transistors arranged in such a way that they produce the pattern shown above. The output from one logical operation can be used as input to another, this is how computers are created. Image. Image.
Logic gates can be combined to encrypt binary data by taking the original binary value and running it through a combination of logic gates so that it is scrambled out of all recognition. If the process of scrambling is complex enough this should create a 'one-way' function like the one we saw earlier with the ice cream vans on the graph. It is easy to encrypt the data through the logic gates but much harder to decrypt the data without knowing what the logic gates are.
Use the sample circuit provided to encrypt sample data. Convince yourself that the original data cannot be found from the output, that the gates serve as a one-way function. This means that anyone can have a copy of the circuit and encrypt data but no one can work back from the output to the original input value - that is how a one-way function should work.
One person might encrypt a piece of data and send it to someone else. What might a person do with this encrypted data?
One particular way it can be used is to create a decision with a binary outcome, for example any question that can be answered 'Yes' or 'No' or the toss of a coin. In this case there is no meaning in the original data, it is not a letter or a number or a code, it is just a series of 1s and 0s. The recipient looks at the data and uses it to make a decision, but what decision? Can you figure out a way to use the encrypted data?
The logic circuit used above may not be as secure as we first thought. If someone finds a flaw in the logic and breaks the one-way nature of the encryption process then he can exploit the process and turn it to his advantage.
Look at the table of inputs and outputs and see if you can spot any flaws in the logic. If there are flaws then how might they be exploited? The person encrypting data could cheat if there were different values with certain properties that produced the same output. The recipient could cheat if he could determine the input from the output.
Design your own logic circuit and see if you can avoid the problems identified. Can you make it easy for one person or the other to cheat, that is the sender or the receiver?
The system would work better if each person had their own logic circuit for encrypting data and obtaining output. The logic gates could be made public so it could be shown that for any person's logic circuit a given input produced a given output. Then a person can put the same data into two circuits and combine the two outputs with an AND function.
Using AND and OR gates only the input value 000000 will always produce 000000 and 111111 will always produce 111111. By adding a NOT gate the circuit will not do this.
Six bit values are not big enough for security purposes as it is possible to construct a table of inputs and outputs and thus work back from the output to the input. 32 bit values would make it much harder to do this by hand but computers could build tables of inputs and outputs and work back from output to input.
Encrypting data has many uses in the modern world of computers. A digital signature is a way of signing an electronic message with a private key available only to the person who uses it. For every private key there is a public key that can be used to verify that the signature is the correct one for a particular person so it is known for certain that the message came from them.
A digital certificate is practically the same as a digital signature and is used by many large organisations to verify the sender's identity. Certificates and signatures are bought from a certificate authority such as Verisign.
In online Poker it is necessary to keep hands secret from other players when dealing a hand.
Accounts of public key encryption often feature two characters known as Alice and Bob. Let us assume that Alice wants to send a message to Bob; a very short message of a single character will do to begin with.
One way to create public and private keys is with the ingenious method using prime numbers, exponents and modulo division but we will begin with something simpler, a map (or graph) with numbers on it. There will be two maps for each person, one public that everyone can see and the other private that only the owner can see.
The private map is identical to the public map except that some nodes have been enlarged because they are special. To send a message to Bob Alice finds the value of her message (e.g. 65 for 'A'), she finds 16 numbers that add up to 65 and she places these at random on the nodes of Bob's map.
Alice now chooses one node or intersection and adds up the number there and the numbers at the connected nodes. This is repeated for all nodes on the map. Each node now has two numbers, its original value and the newly found total of adjacent nodes. Alice now sends Bob a copy of his map with only the totals displayed. Even if this falls into the wrong hands it cannot be deciphered because only Bob can unlock the code with his private copy of the map.
To decode the message Bob notes the nodes on the map from Alice which are marked as special on his private map. He then adds the values of the nodes at those locations and finds that they add up to the value of the message.
You can now try out the technique, this time using the new map. Take a single number as before, place suitable values on the public map that add up to this value and then pass it to another group. See if anyone can decrypt the number without the private map. Use the private map to decrypt the message.
Devise your own public and private maps. The private map is created in the same way as the graph/street map for the ice cream van problem was devised, by creating a small number of sub-graphs and then joining them to disguise them. Each sub-graph has a central node and three sub-nodes.
Click Back to return
