Hi, folks, in this video, we're going to take some time and look at the way public key cryptography can be used to send a secret message. So we're going to start playing with the concepts of Diffie and Hellman. And you recall in previous video, we said that Alice and Bob, or whose sender or receiver, are in some sense doing something locally to generate their key pair, there's no key distribution center. And the key pairs are set up such that encrypt with secret, decrypt with public and so on. So let's assume, and we'll pop up a little chart here that shows Alice and Bob and is their pre-condition, we'll list out what they have, what they know, or what they've been setup with. And the setting up is called infrastructure and for public key it's called public key infrastructure, PKI, which you may have heard of. Tends to be a lot of work to set up PKI for a typical setting. But for now let's assume Alice is going to have both a public and secret key pair which Alice generated locally, pushed the button, ran the RSA algorithm, boom! Pair pops up, PA, SA. But she also has the public key of Bob because we're going to make the assumption that everybody knows everybody else's public key. Is that fair enough? Similarly Bob, what does Bob do? Runs an algorithm locally, generates PB, SB, has that key pair. He didn't have to go to a key distribution center, for he did it locally. But also has PA, has Alice's public key. Everybody's got everybody's public key. And we can throw Eve in there too, Eve is the eavesdropper. I don't care what Eve's public key pair is. Yeah, she generates her own key pair, but who cares? But she does know PA and she does know PB, fair enough? That's the precondition. Now, what I'm going to do is Alice is going to encrypt a message. And what are the things she can encrypt with? Well, there's PA, SA, PB. Let's encrypt with PB. Let's see what happens when I encrypt something with the public key of the recipient. When I do that, the message goes across to Bob. And when it gets to Bob, Bob can decrypt it because Bob has the secret key. But let's think about Eve in the middle of this. Can Eve read an encrypted message and using public key of B. Well. what needs to be present to decrypt it? SB, Bob has that, Eve does not. Eve can't read the message. So the message is like your credit card number, or something. Then, in theory, I can blast this across the whole internet to some online retail store. The retail store gets the credit card number, nobody else can, fair enough? So it's secret, but could Eve have somehow crafted this message? Let's say it's not a credit card, let's say it's a note asking Bob to do something. Well, can Bob be confident that that was actually produced by Alice? Well, what was the message using the public key of B? Everybody's got the public key of B. So do I have authenticity? No! So this is kind of interesting. This shows that one of the options here, taking a message m and having hours encrypted with the public key of the recipient makes it secret, but does not respect authentication properties. It doesn't prove that you are you. Let's go back to credit cards. If you send a credit card to a company, do they usually care who you are? Well, it depends on the business, right? [LAUGH] I think they probably do, but a lot of times they don't. So this might be very useful protocol, but what do we say about conventional cryptography? We love that fact that we had secrecy and we had our Authentication, we liked that. We didn't like if we lose one of those properties and that's what's happened here. So this is not going to do it, it's not acceptable. You want secrecy and authentication. So what can we do? How can we solve this? Well, for the answer, you'll have to wait for the next video. I'll see you on the next one.
