Secure Communication in an Insecure World: Part 1

Suppose we wanted to have a conversation in complete, guaranteed privacy. You and I aren't within whispering distance. Instead we're communicating online, a public forum. Cryptographers call this an insecure channel.

Suppose also that we trust each other enough not to leak details of the conversation, whether accidental or not, to a third party without permission. We would have two options:

  1. arrange to meet somewhere we both trust is totally private
  2. use cryptography

Scenario 1 is tricky to guarantee if we're making arrangements over insecure channels (e.g. phone or email). Somebody could tail us or bug the meeting location. The other option is to use cryptography.

What's Cryptography?

Cryptography isn't magic--it's just math. Don't worry, though. We don't need to know exactly how the math works to understand what it depends on and what it can do.

Toy Example

You may have cracked small substitution ciphers when you were a kid. These are the puzzles where each letter of the alphabet decodes to some other letter, and you have to work out the hidden message by finding the substitution mapping. Common tactics include substituting the most frequent letters in the code with the most common letters in English. The mapping between encoded and decoded letters is known as the cipher's key.

Substitution cipher

Your knowledge of the key gives you two powers:

  • to decrypt anything that was ever encrypted with that key
  • to encrypt whatever you want

If anyone else knows this key, they too have the same powers.

Pretend for a moment that substitution ciphers aren't very easy to crack. If it helps, there are similar ciphers that are much more difficult to crack. You create a key, and encrypt the message you want to send me. Now you can send me that message over Facebook, Twitter, email, phone or any other insecure channel and know that anyone else who sees it can't decrypt it because they don't have the key. One problem, though: I don't have the key either, so I can't decrypt it.

A Loud Whisper

How do we establish a secure line of communication over an insecure channel? If we both need to know the same key, while ensuring nobody else knows that key...well, we're back where we started trying to send a secure message over an insecure channel. But all is not lost.

Substitution ciphers and the like are known as symmetric ciphers, which just means there's exactly one key, and with it comes the power to both decrypt and encrypt. As you might have guessed, there's another category of ciphers called asymmetric ciphers, and they can fix our problem. Rather than both of us encrypting and decrypting messages using the exact same key (symmetric), we'll do it using different keys (asymmetric).

The Protocol

You want to use an asymmetric cipher to send me an encrypted message over an insecure channel. Let's walk through the steps:

  1. You obtain a copy of my public key from a trustworthy source.
  2. You encrypt the message using my public key.
  3. You send me the encrypted message over an insecure channel.
  4. I decrypt the message using my private key.

Anyone with access to my private key can decrypt the message you sent me. Everyone else can see the encrypted message, but can't make sense of it. Astonishingly, that's true even if they have access to the public key you used. The math makes it really computationally expensive to reverse the encryption process if all that's known is the public key and the message. Anyone can mix them together, but you need the special secret wedge to pry them apart. My friend Jackson put it well:

Sounds like a house key turning a lock to lock a house, but when locked, something else falls into place so it can't be unlocked with that key.

Exactly. The only way to unlock the door is to use a special unlock key. By design, nobody has the time or resources to reconstruct the unlock key, even if they have unrestricted access to both the lock and the lock key. The security of your message, and other encrypted messages people send to me using the same public key, depends on my ability to keep my private key private.

Okay, now I want to send you a secure message over an insecure channel. We'd do the same thing, but with your keys instead. I encrypt the message using your public key, and you decrypt it using your private key. My public and private keys play no role in encrypting secrets sent to you (or anyone else, for that matter).

Unresolved Issues

There's at least few issues we haven't resolved yet:

  1. How do each of us create our own public and private keys?
  2. Where do we publish our public keys?
  3. What prevents somebody from changing my published public key to their own, so messages intended for me are visible to them instead?

There are good answers, but I'll save those for a follow-up post. We've already covered a lot of ground. Reach out to me on Twitter at @mekajfire if you have any other questions.

Teaching Numbers by Counting

Using a definition to teach a young child what numbers are is pointless. Unless you start with finite fields, any reasonable definition would have to be self-referential. Both angles are far outside of reach for somebody who can't even name a few numbers.

No Absolute Truth

Another flaw in the definition-first approach is it assumes a standard definition of numbers exists. The truth is numbers are defined in different ways according to the context in which they're used. In fact, sometimes those definitions aren't even consistent with each other. Computers, for instance, use binary instead of decimal and therefore exhibit different rounding errors. They also can't represent numbers that take more space than their limited memory provides, so they often use approximations. Even pure mathematicians opportunistically choose definitions to explore the properties of different systems. There is no authoritative fundamental foundation for mathematical inquiry.

Be careful about telling a child their answer is wrong. Under certain assumptions, their answer may be perfectly justified. Therefore, it's more productive to ask how they came to that conclusion.1 This is exactly how mathematical discoveries are made, so don't discourage it! If it's clear you're both working with the same assumptions, but somehow compute different answers try to find where the calculations diverge. There must be an explanation, and finding it will be a learning experience for both of you.

Let's explore some productive ways to help a child learn about conventional number systems.

First Steps

Finger counting is a good start. In addition to improving motor control, it introduces concrete examples and builds a foundation for the abstract notion of quantity.

A child who is asked, "how old are you?" may respond by holding up a few fingers and saying a number. We infer that they understand quantity, small numbers, and how to use their fingers and words as representations of those numbers. Of course, they may be parroting, but asking "how many fingers am I holding up?" or "how old will you be after your birthday?" can clarify their comprehension level.

As with any tool, fingers as a representation of numbers are ideal in some situations and totally impractical in others. Eventually the child needs to learn about numbers beyond 10.

Toward Infinity

A number line that labels numbers from 1 to 10 corresponds to the finger-counting expert's understanding of numbers. With time and effort, the child can learn to recognize the written numbers as another representation of the physical and verbal manifestations they already know.

number line 1 through 10

Now that the child can think about numbers both in terms of quantity and position on the number line, it's worth exploring "bigger" and "smaller" (or "greater" and "less"). If the child is already comfortable with the claim that more fingers means bigger numbers, then it the next step is recognizing numbers grow bigger as we move to the right on the number line. The rightmost number, 10, is bigger than the rest.

Is 10 the Biggest Number?

Of course we know it's not, but the child may think it is. Extending the number line to the right and asking, "can there be bigger numbers?" sets the stage for more. If they're skeptical, ask "what if you had an extra finger like this kitten?"

polydactyl kitten from Wikipedia

Once they're convinced there must be a quantity one more than ten, add a tick mark on the number line where 11 belongs.

number line 1 through 10 and beyond

There's no need to call the new number "eleven". After all, numbers eventually get large enough that they cease to have standard names. Don't bother labeling it "11", either. The syntax of Arabic numerals is more consistent than names, but right now the focus is building intuition for countably infinite sets.
To make this more concrete, trace the child's hands on paper. Ask them to draw another finger on one of their hands.

tracing around right hand

When they do, add another mark to the number line. Repeat this process until they're doing it on their own. Make sure each new tick mark is put just to the right of the previous one.

Eventually they'll run out of room either on the number line or the hand traces. Get a pile of paper, pull one off the top, and encourage them to continue. After they've gone through a few pages, ask them to whether there will be more numbers when the paper runs out. At this point they're probably comfortable imagining having indefinitely many new fingers, so the notion of obtaining arbitrarily many pieces of paper hopefully won't be much of a stretch.

Admittedly, $\aleph_0$ is a huge leap from not knowing any numbers larger than 10, but the same could be said for 100 or 1000. The motivation is to build a conceptual foundation for future lessons.

The child may get frustrated. Taking the time to understand why will help you figure out how to proceed.

  • They're sick of drawing fingers and number line ticks, but still interested in the ideas.
    • Show them tally marks, and convince them it represents the same idea.
  • They understand the concrete numbers, but struggle with the idea that they can never reach "the last number".
    • Teach them the song that never ends.
    • Convince them that a genie who refills wishes will always be in debt.
    • Have them cut a piece of paper in half, and cut one of those halves in half, and so on until they're left with a piece that's difficult to cut. Show them a magnifying glass and ask whether it would help them make another cut. Ask whether they can imagine doing this forever if they had magic scissors.
    • Demonstrate process with exponential growth like wheat and chessboard problem.
  • The concrete numbers larger than 10 are still too abstract.
    • Show them a table of written numbers from 1 to 100, in rows of 10. Given them a table with some blanks and have them fill it in.
    • Count to higher numbers out loud.
    • Label more marks on the number line.
    • Write a random number and teach them how to write the next biggest number.
    • Play with base-10 blocks. Say or write a number and have them make a pile of blocks representing the quantity of that number.
  • They just need a break.
    • That's fine--it's a lot to process. Bring it up again later, if they don't first.
  1. David Tall's "A Child Thinking About Infinity" demonstrates the value of judgment-free inquiry. http://homepages.warwick.ac.uk/staff/David.Tall/pdfs/dot2001l-childs-infinity.pdf