Sunny is a software engineer and Rubyist at DigitalOcean where he works on building managed storage products. He has been using Ruby since he started learning to program in 2016. Like Ruby, he's passionate about encapsulating complicated concepts in simple language.View the profile
About the talk
You may not know it, but you use prime numbers every day. They play a major role in internet security in the form of encryption.
In this talk, you will learn the inner workings of how the internet uses prime numbers to keep your data private as it travels over the wire. We will cover topics such as symmetric and asymmetric encryption, and why prime numbers are just so damn hard to crack. By the end, you will understand how to encrypt and decrypt data yourself with just the Ruby standard library.
So come join me as we demystify HTTPS using code, color theory, and only a pinch of math 🤓.
Sunny is a software engineer and Rubyist at DigitalOcean where he works on building managed storage products. He has been using Ruby since he started learning to program in 2016. Like Ruby, he's passionate about encapsulating complicated concepts in simple language. When he's not breaking production, he can be found trying to figure out how to pipe all his troubles into /dev/null.
How's it going? My name is Sonny. Be in today. I'll be talking to you about how prime numbers keep it in a secure myself. I work on the Mana Source Products team so things like day basis of service or static sites so suffice it to say that I work and on the internet every day of my life as mangoes. Have there so many parts the internet that I have to understand you have to me the Internet. Seem like a very chaotic Place. Lot of moving Parts in the chaos. So there are many things I don't understand about it. Because of that, there are days where I feel like I have no idea what I'm doing. If
that's a pretty information and things going to click the phone, the place. And it seems to actually make a lot more sense and seemed to be a little bit less chaotic. And I had one of my learning more about kind of security and how you're into insecurities, use in the context of the internet, tsingtao, prime numbers factor, and all this. And this presentation was born and I had about a year ago, and as we go through this, I hope that many of you have a very similar quick moment. And by the end of this, I hope that many
of you will not only understand better understand how it works. But I understand how the NSA has a whole works. The question we asked me to talk right now is what is so special find numbers? You know if that keeps mentioning prime numbers? What is so special about them? Is that prime numbers are unique 24. I asked you. How did the numbers, how many combinations of numbers? Can you multiply together to get the number 24 with quite a few answers. 8, * 3/6, * 4/12, * 2.
Wild kind of music. Are you ge there? Still appreciate the generates mean that it's not raised to be intensive. So I can ask a computer, a computer for me, a large number of prime number on the order of a thousand, if it's long. And there's no way from a computer to do that quickly, computer to check, if a large number is Prime. And Arcee even very a very large prime number or odd number So, those three things make kind of special, but more importantly, it makes him useful person to called encryption
for anyone who does not know, where is a process of turning data or a message in, turn on Rebel, Rebel format called a cipher. Encryption is a be the main focus of this talk because infection is the foundation of Internet Security things such as messaging, a friend, or even simple things like Ray username password, encryption and it was all of that. Today's presentation from a deep dive into encryption today. Doesn't mention recovering encryption in the department has such as as much. I appreciate the
offer talking about how keys are using Chris encryption. So public and private keys. And finally we talkin about how prime numbers Factor if I've heard all of this. So by the end of May self using basic math, hope you are too. Before I get into, I could dive into the topic. So if you're attaching a person called a one-way function, so if you are from this moment of a function, then encryption is a special type of function called a trapdoor function. Now, if you are from, there's what would my functions been nowhere? I'm going to find that as well. So a one-way function
is a function, that's very simple to go. Simple to ask you one direction and very, very hard to reverse in the opposite direction. So the context of encryption say we had a message and say we had an encryption key and it's very easy to know, process, to basically using encryption key to lock the message into a safer. If you could do that now, given only the cipher in the encryption. Key is very difficult to reverse that process and get to turn a separate back into meth do. That is what makes us or
is it when we function, but If you have a some special information for the trap door, then it becomes actually very easy to reverse. So this special information is the decryption key. So if you have the safer and you have, there is very easy to reverse the process and turn the cipher back into the message. So that is an option at a high level. As I said before, there are different types of encryption and the type of encryption with a pan of how it uses these keys. That'll be covering Nexus different types of encryption,
encryption and decryption of has the symmetric. Encryption, can be very fast, is why? If you would like to use my transcription is also a little fragile, because since were using the same key for the encryption and decryption is pretty fragile, because if a single point of failure is compromised, then the encryption process breaks down. Because of this, since you have to use the same key for the caption decryption, it becomes difficult to pass and cut the messages because you have to
have to be sure that whoever you're passing through the messages with depressing party because of that is Metro Corrections. Tenzi only used for something called the data at rest encryption get arrest so they bases files route to devices that's best or one of the most commonly used these cases for smashing cription. Not a problem is, David isn't always addressed before. They invaded is moving through the internet. It's in transit. And as I mentioned, encryption use the same key for both encryption. Do you
stop two different parties? Margie use special connection to communicate. They would have to agree on a Suzuki ahead of time and the most, the most secure way to do that is for both of the price. So I can meet in person, is Rachel, do that in the internet because I'm in New York, can you get someone in Japan? It's kind of up to do that during these times. So we need is a way to go safely and anonymously passages treatment keys for each process. So it's a symmetric key encryption and a suit or a private key for depression.
What's the big difference between symmetric is its public key and so it will always keep the key secret is always so lucky that we have to share with entire world public. It can be sure we don't trust that the public to anybody. Now we still have a private key and she always she should still always keep private key private. We are given this public. You can use that example of how we can use the public and private Keys. What do you want to send me a private message?
If you give them my public key with the color blue in this case and they can use that blue, public key to turn their yellow message into a cipher, the color green. And so then I can actually send the safer across the internet will ever be in the wants and once it arrives to me I can lend you my private key to decrypt it back. And this is secure to do is because even if a hacker or to intercept this yellow set, the screensaver as long as they don't have the product key, they won't be able to decrypt into the message because I have the product
key to use to make keys for the process. And it is because the public and the private key are the inverse of another mean that when we use them together. If they guess I should cancel, one of their house, in kind of colors colors together, they create the color white and so, in essence, essentially cancel, one another out. So when we use public and private keys to encrypt our messages, I wanted to ask and was left back with the message. So that's how we're able to
use the keys to encrypt our messages. Now with that said, is very important for sending security, but there are still weaknesses and asymmetric encryption algorithms are used to create secure internet connections in a while. We'll kind of get that little more I had but are important That kind of makes us wonder if since I met you before, encryption is so fundamental to a security. Makes me wonder, makes you wonder how secure encryption, you know, if we're depending on it to keep a day of safe. Would you be pretty comfortable that impression that should prove quite secure? The best way
to actually answer how secure is encryption is to actually dive into it and see how was implemented. And actually, that's what we doing. Will be actually picking decryption algorithm and I'm putting ourselves to see how it works and actually see how secure is out of the oven I picked. For the presentation, is the RCA Pro Shop of them in. The reason why I picked it is cuz it's one of the most commonly used is maturing out of the evidence used today. If you spray a lot of things to an SSH key ever created, position keys are slaves, used for that if you ever used gpg2, can you give me
privacy guard? Are you sure that? Well, but what's most Only known for is that she excuse in the TLs HTTP protocol if you're familiar with a TLS handshake or the TL S type of sweets so that all the different albums are used to create a security connection with your client computer. In the browser is the TSA for Suite in our state play. The pretty important role in the admission process used for a lot of things by three soccer. First rivest, Shamir nadelman And I think about it, took me years is a long time that kind of Internet
do a lot of things out there less than 5 years but has been around for so long and not only is it old how old is that are size of prime numbers or fortunately is at the longest is going to involve some math today. What are we doing some math? So time for the math Don't like math. Math is very important for encryption but because I'm trying to make, I want to make this a kind of simpler presentation behind the encryption is is one important Mastery. But I'm going to try and stick it to the stick to the most important. Facts is composed of two main parts.
There's the public had a key generation and is also the encryption-decryption actually get to pump and we have to first generate public and private keys. So that's what I'm doing right now. Are you have to actually create public and private Keys public or private keys keys are abstract. They're very concrete, things are pretty simple. Things are just numbers Caesars numbers and a contestar. Stay the public sees two numbers. You have a and N in a product.
That's the way I can tell you the part is because a private key is used for encryption to the apartment. How do we actually create a key through this simple five-step process? Y'all a mess and was right there. Don't worry it down. Suc, the first step in this process is to choose two prime numbers. Pink you plus we doing the order of two to three to four thousand as long as you keep this simple. So be today should be the same numbers and it should be on the run the same size but they can't be the same number or numbers. So
if you have an idea open right now we actually go Implement RSA encryption or are safe for a child together. And as we walk through this, you can come follow me along with your own ID. BattleTech better, right here. So we met him before, that piece is going to be 13 if she was only 17. The next step is to compute end-to-end is defined as p x q soon with it as well. What's going to be the X key shots? Okay, it's going to be 13 * 17, which is 221. And as you might have noticed
and is the first half Republic Key, Republic e&n. So, we're two steps in and we've already created. When the third step is to compute, this symbol right here in the circle with a line through it, and we'll be skipping over allowed in math theory, is a very important math concepts but you know, we'll be skipping over it. So the most relevant thing for, you know, it at Ocean of and is defined as P - 1 * 2 - 1 T - 1 * 91. As soon as case of 13 - 1 * 17 - 1 vs 192 to keep that in mind, the four-step Bucking the value eat.
So it must be a number between one and a van, just a 292. And I must also be relatively prime to n221 know what those are prime means two numbers are west of the Prime, if there's no energy require than one device info, so 12 and 13 or else a prime. But 12 and 14 are not because I supposed to 1214 between 1 and how do I get to? It must be roughly Prime to end. The one thing I found a small prime number to this case, really picking es7, but as long as it fits the criteria for wheezing 7 plus case,
I remember, if you remember a public, she is eating a sweet charity crate at public key right here. So 7 + 2 + 41 + 22. Do as of the last step is the actual Chris private key. Remember, Ocean before the public and private key or the inverse one other. So we need to find a way to find the inverse of 251 and 7. So we need to have some for a Friesian that loves to find the interests of those two numbers that gives us. It gives us an equation which is d e, x e, mod totient, n equals 1/5,
operator. Let's go back a little bit. There. So we're giving this equation, just d10e mod ocean van which equals 1 oz. So it stands for the remainder. Operator know. So you can define a definition for this equation. As d x e. She can do that to us. I thought we already actually know what the interruption in our and we can share plug with numbers in and was given D * 7. Reminder $100. Chew equals one is all I need to do now is find yourself or D and we're getting the part number for the hockey at least. I never learned how to
solve an equation that use their major operator, the cea. Now I will take time to talk about it but luckily we actually trying Brute Force our way to find the one through all possible values of D until we find the right one. So sweet to know the equation is the remainder and and if it does not equal, one thing was going to add anniversary and and is there and I'm here, but the dog ear fence. That's actually. That's right. Start. That's what is totient. 55 can see right there.
55 to see if that's the right number. Adidas. Only possibly brute force and the real. Are you not going to do that? But for us it's over. Now you got your creator of public and private key so 721r public key, our private key is 55 Dundee public panicky generation. So now it's actually fun part which is encryption and decryption. Before I show you how it works. Encryption Network, a couple things we know because Me A Reason math equation, we know it can't be reversed or easily reversed because my encryption is a
one-way function of Swords reversed. We can't use a math equation to reverse so we can use addition cuz that can reverse this weekend because I can do a math equation that can be reversed, but what The answer is I just seen before so briefly but we did see it and answer. That is actually modular operator. Everything about it, kind of sense cuz V A skew. What is X does not listen to answer? Could be 5-15-25 the anyting you would actually feel to know the original acts because it could be a multiple of saying, that's why
I pray. You're still important are prime numbers and operators keeping us here with a little birdie so I kept that prime numbers. So with that said that my driver you're so important. Here is the equation for a Christian does m. ^ e remainer n equals c. I'm picking apart. Do you have? And which is the message should be a number right now. There are there are there are ways to turn your string into number to encrypt it but we're going to stay with numbers. She going to raise your message that
Harvey cinnamon and raisin the power of Auntie Taylor major at the end and you get your message back. I noticed in the public, so that should be right now. So, what I have is, I have a server coronavirus in the computer and it listed listening in, on the endpoints. And if I pass a map of a key to the endpoint, it will, you have a key to encrypt a message and I'll return his diaper. So I should be able then, to you, about my product, key to deep fry that I'm going to send a friend request to an infant, to have my server. Would you pass it? My public. You hear, if I said, 7.1
past that paper back so you can see the safer is 185. I don't, I R B. I should, I should be able to decrypt this evening to decrypt, the power key, taking a picture of an answer. So you got my service here. You see the public key from the client client? Being me and sent me a message back the client before it to dance with the universe. So indeed, we were able to test text in Crypt and actually go into the server and show you how that how to encrypt message. So you look down here at encrypt, a message to the power bi and take a reminder 10 and that
was the average height of a cipher so that is exactly what we have been able to actually successfully encryption-decryption. So you were able to actually Remember we didn't Implement our sages to know. How is that? How are they worth? We wanted to know. Why aren't they secure as kind of main focus to the Tapas can Arthur be broken. How secure is our first dive deep into our say, or who's able to intercept a cipher, that between two people who communicating our statement and caption
to get that information. So we know that we need the private key SSD promotion process needs to safer to find an end to our benefactor and the part number and is the compose a pink, you are in luck as a key. In the public, he has a dent in it, so I'm going to do the split apart and we have our answer. We have pink cue diseases. That the problem is that, you know, that using prime factorizations of the process of turning them into or breaking apart into prime.
Factorization is is very, very hard. Give me example, you know, it's very easy to take me to prime numbers and most time together to create a single number, but given a number. I guess, I'll give you a few. What? Two numbers to pose for you to criticize? Number is very hard to do that on your head. Yes, I will do all the possible combinations to find what it is and it has it has to cut find accommodations are prime numbers that make up a pen and a fan. And is a very, very large number. There are a lot of combinations, Sodexo show how
long it take for you. If and when the order of about a Thousand Fists long, only take to generate an order three billion years to break apart. Remember our sex is even larger number that has it fits. It can use two, three, four thousand feet, large number of large numbers, Michigan vs, OSU one-way function. So prime factorization is essentially a one-way function if the numbers that are used are large enough. So this is how prime numbers are prime numbers or a prime factorization is so difficult with you.
I don't want to make you believe or make you think that are safe. Perfect. You know, they're definitely our weaknesses to arceo, Quantum, Computing, definite break our say and more calmly usually add the developer are. So if a developer in implementing our stay, if they make sense error, then it's usually easier to break our say. But even with that said are very, very important. However if you are if you are curious about what the future looks like, one of the more popular albums that are games games team is actually lifted her photography or fronts in
photography, have talked for some time. So if you have something for you, so please, if you are infinitely, more security, And overall, you know that's my talk. I hope that man is you have to look for economists and I hope that by now to make a little more sense to you. Thank you very much.
Buy this talk
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.