I’ll borrow an analogy for a simplified description of how public key encryption works from Simon Singh. Imagine a sturdy metal box that can be locked shut with a padlock. Let’s say Alice wants to send a message to Bob and she wants no one but Bob to read her message (descriptions of encryption systems traditionally use “Bob and Alice”). Bob buys a padlock from the hardware store, puts the unlocked padlock in the box, keeps the key, and mails the box to Alice. When Alice receives the box, she puts the message in the box and locks it shut with Bob’s padlock. Then she mails the box back to Bob. When bob receives the box, he unlocks the padlock with his key, opens the box and reads Alice’s message.
On the internet, Bob uses a digital padlock, or public key that is used to encrypt his emails and the NSA has a skeleton key for Bob’s padlock.
Frenkel describes how the NSA uses their digital skeleton key to read your emails:
In this article Frenkel expresses his concern that if the NSA is putting backdoors into our encryption systems, this makes us vulnerable malicious hackers:
Who’s to say that the sophisticated math the NSA has been keeping secret from the rest of the world will not be discovered by someone else?
You can hide a formula, but you can't prevent others from finding it. One might only need a pencil and a piece of paper to do that. And once the secret is out in the open, it’s not just Big Brother that will be watching us—other “brothers” will be spying on us, intercepting our messages, and hacking our bank accounts.
The NSA has this backdoor, as Frenkel points out, because of the problem of generating random numbers. Computers are deterministic and therefore only capable of generating pseudorandom numbers exposing your public key (your digital padlock) to backdoors (the NSA skeleton key).
A simple analog method of generating random keys comes from the early 20th century called the One Time Pad. By all accounts it is unbreakable if used properly (use each key only once). You can try it yourself if you have a Scrabble or Upwords set.
Scrabble Game or Upwords game
Bag, hat, coffee can, etc.
Select the 26 letters of the alphabet from your Scrabble game.
Put the letters in your bag and shake well to sufficiently mix them up. Thrust your hand into the bag and stir the tiles around a bit, then pull one tile out of the bag.
For this demonstration I use an ordinary sheet of computer printer paper. I’ve divided my sheet into two columns, one marked “In” and the other column marked “Out.” Write the letter on your tile under both “In” and “Out” columns.
Put the Scrabble tile back in your bag. Shake well. Thrust your hand in the bag and stir the tiles for a bit. Pluck a tile from the bag. Write the letter in the “In” and “Out” columns on your paper. Repeat.
You can repeat this process to generate a key long enough to be useful for sending short messages. For example, there are a maximum of 140 characters in a tweet, but the longer the key the more tedious the process. I've created a rather short key just long enough to demonstrate how to encrypt “hello world.”
Some of you, dear readers, who are keen observers may notice a problem with the random distribution of letters in my key. I was focused more on photographing the procedure and failed to sufficiently randomize my tiles.
Use your scissors to cut the paper in half. You keep the half with the “In” key and give the half with the “Out” key to your friend with whom you wish to secretly communicate.
To encrypt your message “hello world,” first eliminate the spaces. The message then becomes “helloworld.” When the letter “h” in “helloworld” is passed through the key, it becomes the letter “g.” Recall how Frenkel talks about modulus math or clock arithmetic. In this case we’re using a clock with 26 hours.
As in the picture above “h” is the eighth letter of the alphabet, or H = 8. The letter “y” is the twenty-fifth letter of the alphabet, or Y = 25. Start at the letter H and count 25 letters down the alphabet toward the letter “Z.” By the time you count to 18, you run out of letters so you have to start at the beginning of the alphabet (A) and count the remaining 7 where you arrive at the letter G. 8 + 25 = 7 (mod 26). You can try this online modular arithmetic calculator by entering “26” in the “Modulus m =” box, entering “8” in the “a =” box, entering “25” in the “b =” box, and clicking the “a + b” button. 7 will appear in the “Result =” box.
When you have finished passing all the letters through the Scrabble Cipher key, the original “helloworld” is encrypted as “gtqddeloms.”
To decipher the message, your friend uses the “Out” key. The letter “g” is the seventh letter of the alphabet, or G = 7 and “y” is the 25th letter of the alphabet, or Y = 25. This time instead of counting down the alphabet, you count up the alphabet. Start at the letter G and count 25 letters up the alphabet toward the letter “A.” By the time you count to 6 you run out of letters so you have to start at the end of the alphabet (Z) and continue counting the remaining 18 letters until you arrive at the letter H. 7 – 25 = 8 (mod 26). Click the “a – b” if you want to try the online modular arithmetic calculator.
You and your friend can only use the “In” and “Out” keys once and then they must be destroyed. If you want to secretly communicate many times then you’ll need to create many keys and a numbering system for the “In” and “Out” keys (you can simply number each “In” and “Out” key 1,2,3…). You’ll have to send the number of the “In” sheet along with the encrypted text so your friend knows which “Out” sheet to use to decipher the text. This process is tedious but effective. You can meet regularly to have a nice game of Scrabble and then create enough keys to secretly communicate until the next game of Scrabble. (Note: you can also use Boggle cubes, but you might want to use two sets for the 26 letters of the alphabet and it couldn't hurt to roll the Boggle cube on the table top after you take it out of the bag).
For programmers it’s relatively simple to write a program to generate random numbers. Because computers are deterministic, they would be pseudorandom which is fine for computer games but not for data encryption. You might consider connecting a Geiger counter to the computer and use the Americium-241 from a smoke detector as your radioactive source. Generate your random number seed when the Geiger counter detects an alpha particle.
Radiometric dating is used by, say, geologists to determine the approximate age of rocks because radioactive decay occurs at a predictable rate. This works for large groups of atoms. It is impossible, however, to predict when a particular nucleus will decay. Your Am-241 source emits alpha particles randomly and if your program generates a random number seed when the Geiger counter detects an alpha particle, it should be an actual random number as opposed to a pseudorandom number. Do check with Federal, State, and local regulations before taking apart a smoke detector. Also USB Geiger counters can be kinda pricey.
If you want to use a computer to generate your random numbers and a printer to print your One Time Pad sheets, you might want to consider “air gapping it,” or isolating from your home network. That is, not connected via Ethernet or wirelessly to your home network (and thus to the internet) to prevent spyware or other malicious software from being surreptitiously installed on it.The One Time Pad is a low tech method for communicating secretly. But, now that we know how the NSA has been hacking our emails, we can revise our encryption standards for secure communication and commerce on the World Wide Web.
NOTE: For One Time Pad sheets, clandestine service officers have used small swatches of silk because silk compresses well and can be hidden in tiny nooks and crannies such as the spine of a hard cover book or inside the barrel of a fountain pen. Rice paper has also been used for One Time Pad sheets—once the key has been used it can be eaten or dissolved in a glass of drinking water if you don’t have a lighter handy to burn it.