[MUSIC PLAYING]
 In previous episodes,
Kelsey explained
how you could crack
RSA encryption
with an algorithm capable
of quickly factoring
ginormous numbers into primes.
Now that might give
you the impression
that fast factoring
algorithms would
compromise all digital
security, but not so.
For instance, YouTube's
encryption of this video
would be unaffected, and
that's because the essence
of encryption isn't really about
factoring or prime numbers,
per se.
So what is it about?
Internet communications
between Alice and Bob
are visible to
eavesdroppers like Eve,
who have access to the
intermediary computers that
relay internet traffic.
That's why Alice and Bob
encrypt communications,
so that their messages won't
be understood by others, even
when they're seen by others.
How can Alice and Bob do that?
In the next few episodes, we'll
discuss some different ways
they can exchange
information securely,
along with their pros and cons.
There's some cool
math underlying
many of these methods, and we're
going to work our way up to it.
But before we do, I think
it's important to clarify
how cryptography
actually operates,
at least at a flowchart
level, because as you'll see,
you can achieve essentially
unbreakable encryption
without any esoteric
mathematics.
And I think seeing
how that works first
will furnish crucial
context for understanding
why fancier stuff like finite
fields and cyclic groups
need to come into play at all.
So let's start with
some cryptography 101.
To send encrypted
communications,
Alice and Bob could
concoct some private scheme
for converting plain text
to and from ciphertext.
But how would they know that
scheme is actually secure?
I mean, designing
cryptosystems is hard,
and quantifying their resistance
to attack is even harder.
A clever eavesdropper might
well expose a flaw in the system
that Alice and Bob
never anticipated.
As a practical
matter, the only way
to really build confidence
in any encryption scheme
is to allow experts
to scrutinize it.
But this seems to
create a catch-22.
To serve its purpose, the
details of an encryption scheme
must be kept secret.
But to spot the
vulnerabilities in that scheme,
you need to make
those details public.
The modern solution
to this problem
comes in the form
of what are called
key-based cryptographic
protocols.
Alice and Bob agree on a number,
called the key, usually big,
often random, but with
some constraints that
might depend on the specifics
of the protocol they use.
To encrypt a message to Bob,
Alice mixes it with the key
and scrambles the
results according
to a prescribed procedure.
To decrypt the
ciphertext, Bob then
runs it through a
related set of procedures
that will spit out
garbage unless he
mixes in the same key.
Crypto schemes like this are
called symmetric key systems
because they use the
same key at both ends,
and they allow us to have
our cryptographic cake
and eat it, too.
On the one hand, their security
properties or well-vetted
because the
algorithms are public,
and thus analyzed to death.
On the other, because they also
require a secret ingredient,
the key, each time they're
used, these schemes
are de facto private.
One of the most
widespread and most robust
symmetric key protocols is
called the Advanced Encryption
Standard, or AES.
It's used by both the
US federal government
and private companies,
including YouTube.
And guess what.
Under the hood, AES
has nothing to do
with factoring huge numbers
or with prime factors
or with any of the
sexier math you often
hear discussed in popular
treatments of encryption.
That's not to say that AES
isn't based on interesting math.
It is.
But conceptually speaking,
it's pretty basic,
which is a big part
of why it was selected
by NIST in the first
place as the US encryption
standard for the 21st century.
Crudely speaking,
all AES does is
multiple rounds of shuffling,
swapping, and scrambling
that end up looking
random and that
are ridiculously hard
to undo without knowing
the original key.
Here's a rough analogy.
Imagine that Alice
has a deck of cards
arranged in some
meaningful order
that she wants to send to Bob.
She cuts the deck in half and
shuffles the halves together
according to some rule,
maybe one from the left
and two from the right,
and three from the left
and two more from the right,
then back to one from the left,
and so forth.
Now she shuffles the
deck like this 100 times
and hands the
scrambled deck to Eve.
Even if Eve knew that 100 rounds
of shuffling had taken place,
it would be a nightmare to
recover the original card
sequence unless she also knew
the shuffling rules so that she
could apply it in reverse.
AES is more elaborate
than this, but it operates
on a similar principle.
The one, two, three,
two rule in our example
plays the role of
the secret key.
And the protocol of doing 100
rounds with whatever shuffling
rule was chosen,
that's analogous
to the public algorithm.
It sounds simple, right?
Well, this combo of partially
pre-determined and partially
improvised shuffling
actually turns out
to be enormously
powerful because the only
fundamental attack
against it is to guess
the key by trial and error.
And unfortunately
for Eve, the number
of possibilities she has
to try grows exponentially
with the number of
digits in the key.
So pick a key with
enough digits,
and Eve would need many
times the age of the universe
to have a reasonable chance
of guessing correctly.
And that's even if she
had every computer that's
ever existed working together
on only that problem.
Granted, people do sometimes
devise clever attacks
against symmetric
encryption schemes.
But these attacks
typically exploit flaws
in implementation rather
than in the protocol itself.
In the interest
of completeness, I
should state that a few years
ago some researchers discovered
an attack against
AES that is slightly
better than brute-force
guessing and which
does reduce the cracking time
to only a few trillion years.
The bottom line is that AES
and its symmetric key brethren
are practically bulletproof.
Moreover, the nature
of the internal steps
makes them particularly
easy to hardwire into chips,
so these schemes
are also super fast.
And this is why symmetric
encryption is the workhorse
of modern cryptography.
Almost everything that you send
or receive via the internet
is directly encoded in this way.
And even if tomorrow Eve
discovered a new algorithm
for quickly factoring
huge numbers,
that wouldn't directly
compromise AES one iota.
Now I know what you're thinking.
If all of this is
true, then why is
everyone always like, RSA
this, and prime numbers that?
I mean, if symmetric encryption
is really so unbreakable,
why bother with anything else?
Well, you may have
already noticed
that symmetric encryption
does have an Achilles heel,
and it's not
mathematical in nature.
If you haven't
noticed it yet, I'll
let you reflect on what that
might be for a while, at least
until our next episode.
That's when we'll explore why
symmetric cryptography alone
doesn't cut it and how
alternate schemes, including
the famous RSA,
try to do better.
I'll see you next time.
 Hey, everyone, Tai-Danae here.
I want to respond to
some of your comments
from my previous
episode, Associahedra--
the Shapes of Multiplication.
So first things first,
word on the street
is I talk a little fast.
Don't worry.
I heard you loud and clear.
Funny thing is before we
started filming the episodes,
I was told to talk faster
to keep the pacing up.
But thanks to your
feedback, we now
know that you feel,
and rightly so,
that the math is far too
wonderful to let it whizz by.
So don't worry.
I plan to slow down.
All right, next up, at
the end of the episode,
I asked you to ponder why
loop concatenation is not
commutative.
Several of you, like
Pika250, had the right idea.
In the product A
times B, the red car
starts driving around
its loop first.
Then the blue car goes.
But in B times A, the blue
car starts driving first.
Then the red goes.
Since these aren't
the same, A times B
is not equal to B times A,
and so loop concatenation
is not commutative.
Next, Jacob Spear
asked a great question.
"Why aren't there edges
between every pair of vertices
on an associahedran?
For example, why do
we get a pentagon
instead of a complete
graph on five vertices?"
Great question.
If you were to look back
at the Pentagon shown
in that episode, around
5 minutes and 2 seconds,
you'll notice that there is
an edge between the top vertex
and the leftmost vertex.
That's because we
can get from one
configuration of parentheses
to another in exactly one move.
Shift the internal
parentheses from AB to BC.
But there is no edge from the
top vertex to the bottom left.
That's because getting
from the top configuration
to the one on the bottom left
requires more than one move.
First, we would have to shift
the internal parentheses
from AB to BC, as
before, but then we
would have to move the
outside set of parentheses
from ABC to BCD.
Because this requires
two moves, we
do not draw an edge between the
top and bottom-left vertices.
Lastly, Duncan Coulter
made a cool observation
about some advanced math.
This idea of paths between
paths between paths
may remind some of
you of the progression
from categories to functors
to natural transformations
and so on, and rightly so.
This infinite string
of paths between paths
is precisely the idea that
underlies infinity categories.
So, [INAUDIBLE],,
who said, "don't
think we don't see you trying
to sneak in higher category
theory, LOL," well, I'm
guilty as charged, LOL.
See you next time.
