🔐 Locks and Keys
Public and Private Keys Made Simple
In 5 minutes: Understand how public/private keys work
Prerequisite: None
🎯 The Simple Story
Alice wants to send a secret to Bob, but she doesn't want Eve to read it.
Alice's idea: Put the secret in a locked box!
Problem: Which key does Alice use?
Solution: Bob gives Alice a special lockbox:
- Anyone can put things in (public key)
- Only Bob can take things out (private key)
That's what public/private keys are!
🧠 Mental Model
Hold this picture in your head:
Public/Private Keys:
Bob's Mailbox: [📬]
╔═══════════════════════╗
║ DROP BOX (Public) ║ ← Anyone can drop mail in!
║ • Alice drops mail ║
║ • Eve drops mail ║
║ • Charlie drops mail ║
╟───────────────────────╢
║ BOB'S KEY (Private) ║ ← Only Bob can retrieve!
╚═══════════════════════╝
Public key (pk) = The drop box (share with everyone!)
Private key (sk) = Bob's key (only Bob has!)
Alice sends secret: Put in drop box → Bob uses his key → Gets secret!
Eve can't: Bob's key is private!
Think of it like:
📬 Mailbox (Anyone can leave messages, only owner retrieves)
🔒 Padlock (Anyone can snap it on, only key-owner opens)
📦 Safe deposit (Bank has public safe, you have private key)
📊 See It Happen
Let's watch Alice send a secret:
🎭 The Story: Alice and the Mailbox
Alice needs to tell Bob her secret password.
Bob has a mailbox outside his house:
- Public: Anyone can drop mail in
- Private: Only Bob has the key to open it
Alice writes "My password is 12345", puts it in an envelope, and drops it in Bob's mailbox.
Eve watches from across the street. She knows the message is in the mailbox, but she can't open it! She doesn't have the key.
Bob comes home, uses his key, opens the mailbox, and reads Alice's message.
Result: Alice and Bob both know the password. Eve saw the mailbox but couldn't read the message!
🎮 Try It Yourself
Question 1: Bob creates a public/private key pair. Who can use the public key?
Show Answer
Anyone!
The public key is called "public" for a reason. Alice can use it, Eve can use it, Charlie can use it. Anyone who wants to send Bob a secret can use his public key.
But the private key is different. Only Bob has the private key.
Answer: Anyone can use the public key (to lock messages)
Question 2: Who can unlock a message locked with Bob's public key?
Show Answer
Only Bob!
Eve might try to unlock it. Charlie might try to unlock it. But they can't! Only Bob's private key can open what Bob's public key locked.
That's why it's asymmetric: Different keys for locking and unlocking!
Answer: Only Bob (using his private key)
Question 3: Why is this called "asymmetric" encryption?
Show Answer
Because the keys are different!
Traditional (symmetric) encryption:
- Alice and Bob use the SAME key
- Key must be kept secret from Eve
Asymmetric (public/private) encryption:
- Two different keys: Public and private
- Public key is shared with everyone
- Private key is kept secret
The key to unlock the message is NOT the same key that locked it!
Answer: Different keys (public vs private) = asymmetric
🔢 The Math
Key Generation
Bob generates a key pair:
KeyGeneration():
1. Choose secret number s (private key)
2. Calculate public key pk = F(s)
3. Share pk with everyone
4. Keep sk = s private
Return (pk, sk)
Where F is a public function (we'll see Diffie-Hellman next!)
Encryption and Decryption
Alice encrypts:
Encrypt(message, pk):
1. Use Bob's public key pk
2. Lock message with pk
3. Return ciphertext (locked message)
Return ciphertext
Bob decrypts:
Decrypt(ciphertext, sk):
1. Use Bob's private key sk
2. Unlock ciphertext with sk
3. Return original message
Return message
Key point: pk unlocks what sk locks!
Visual Example
Alice wants to send: "Hello Bob"
Encryption (Alice):
"Hello Bob"
↓
Lock with(pk_Bob)
↓
Ciphertext: "Kj7$mP9q..."
Decryption (Bob):
Ciphertext: "Kj7$mP9q..."
↓
Unlock with(sk_Bob)
↓
"Hello Bob"
Eve's view: Ciphertext only! (Can't unlock without sk_Bob)
💡 Why We Care
Why Not Just Share the Same Key?
Traditional (symmetric) encryption:
- Bob generates key K
- Bob sends K to Alice (over network)
- Eve sees K!
- Eve can decrypt everything!
- ❌ Problem: Secure key exchange is hard!
Public/private (asymmetric) encryption:
- Bob generates (pk, sk)
- Bob sends pk to Alice (Eve can see it, doesn't matter!)
- Alice uses pk to encrypt
- Bob uses sk to decrypt
- ✅ Solution: Eve never sees sk!
Real-World Uses
| Application | How It Works |
|---|---|
| HTTPS websites | You verify with public key, they prove ownership with private key |
| Each person has public/private keys for end-to-end encryption | |
| Signal | Uses public/private keys for X3DH handshake |
| SSH login | Your computer has private key, servers have your public key |
✅ Quick Check
Can you explain public/private keys to a 5-year-old?
Try saying this out loud:
"Imagine Bob put a special mailbox outside his house. Anyone can put letters in the mailbox, but only Bob has the key to open it. So Alice can leave a secret note in the mailbox, and even if Eve walks by, she can't open the box to read what Alice wrote!"
Can you explain the difference?
Traditional vs asymmetric:
Symmetric: Alice and Bob use the SAME key. Problem: How to share it securely?
Asymmetric: Public key locks, private key unlocks. Bob shares public key, keeps private. No secret key exchange needed!
📋 Key Takeaways
✅ Public key (pk) = Anyone can use it (to lock)
✅ Private key (sk) = Only owner has it (to unlock)
✅ Asymmetric = Different keys for encryption and decryption
✅ Metaphor = Mailbox: Anyone can drop mail, only owner retrieves
✅ Benefit = No secret key exchange needed
✅ Security = Eve sees public key but can't decrypt anything
✅ Use case = Initial message exchange (like Signal's X3DH)
🎉 What You'll Learn Next
Now you understand public/private keys! This is essential for the Signal Protocol.
X3DH uses public/private keys to establish trust. But first, we need to understand Diffie-Hellman - how two people can agree on a secret without ever sending it over the network!
🎨 Continue: Color Mixing Paint
We'll learn how Alice and Bob can agree on a secret key so that Eve watching the entire conversation still can't figure it out!
Now you know how public/private keys work. Next: How to share a secret without sending it!