Lesson 11 of 96 in this sequence

11%

Not completed yet

Saved on this device only — not synced to an account yet.

Learning path

Step 11 of 96

Continue the sequence

ResumeReturn to this step ReviewRevisit the core idea RemediateGet repair practice Next stepChoose the next lesson manually

Completion

Review objectives and instruction
Complete the activity with manual learner confirmation
Answer every understanding-check item
Show completion feedback and reward only after the learner finishes the check

Progress

Step 11/96
15 content types
AI help source context available
Auto-advance blocked

Review objectives and instruction

AI help

Available only with source grounding, privacy limits, age controls, and measurement.

AI source context

Keeping Data Secret with Public-Key Encryption · Machines and Society (Systems & Impact) · 3A-NI-06 · public-key cryptography

Evidence: local lesson AI-help metadata only; source-grounding, privacy, age-safety, and measurement hooks do not prove real model quality, production telemetry, child AI approval, or AI tutor production readiness

Production AI readiness not claimed

AI source context

Assessment shape

Local lesson assessment shape is complete.

Local shape only; production answer-attempt telemetry, live ownership/RLS evidence, mastery interpretation, release, and production readiness are not claimed here.

Objectives: 5
Activity: Prompt ready
Quiz items: 3 items, 3 answer keys, 3 explanations
Reward: Completion reward ready

Assessment progress stays manual: do not auto-advance through uncertain answers, failed writes, consent, media, payment, learner choice, or AI-assisted checks.

Learning-loop evidence: Content-map contract only; persistence and production learner-progress writes require route/API evidence.

Manual policy: assessment, media, consent, payment, learner choice, failed writes, and AI-uncertain help stay under learner control.

Prerequisite: Complete or review How the CPU Runs Programs with the Fetch-Execute Cycle

AI guardrails

Privacy

Do not send raw child free text without consent
Use source excerpts and non-identifying progress state only
Asset is not registry-gated

Age safety

Apply academy audience controls before AI-help claims
Keep child learner AI paths behind guardian/product review evidence before readiness claims

Measurement

Log AI help usage by surface and asset slug
Evaluate answer quality against source-grounded rubric before production-readiness claims
Tie remediation prompts to completion, retry, or review outcomes

Local AI-help guardrails only; they do not prove guardian approval, production telemetry, model evaluation, release, deployment, or AI tutor production readiness.

Source and rights

Source path: koydo-app/scripts/curriculum-authoring
License: ai-generated-koydo
Attribution: Attribution decision needs owner review
AI provenance: claude-opus-4-8

Source review gates: attribution_missing

Local source evidence only; this does not prove publication rights, attribution approval, AI provenance clearance, release, deployment, or production readiness.

Route review

Current route: /library/academy/computer_science/en/lesson/public-key-cryptography
Route source: Fallback route needs owner canonical review
Candidate route: /library/academy/computer_science/en/lesson/public-key-cryptography

Local route evidence only; fallback candidates need owner-approved canonical route policy before route writes, production discoverability, or readiness claims.

Content gates: canonical_target_web_missing_uses_library_fallback

lessonslessonslesson objectivesmedia scenesdrillspractice setsquizzesfeedbackcharacterscitationsconcept mapsprogressresumereviewremediationnext steps

Keeping Data Secret with Public-Key Encryption

with Byte

Byte stands at a glowing digital post office, holding an open padlock in one hand and dropping it into a transparent mailbox while whispering the secret key safely into their own pocket.

Explain the difference between a public key and a private key in an asymmetric encryption system.
Identify why sharing a public key does not compromise the security of encrypted messages.
Compare symmetric and asymmetric (public-key) encryption by describing what each requires before communication can begin.
Describe what happens when someone attempts to decrypt a message with the wrong key.
Describe at least one real-world application that relies on public-key cryptography.

Key terms

Asymmetric encryption: Encryption using a mathematically linked key pair instead of one shared secret.
Public key: The freely shared key used to encrypt messages or verify signatures.
Private key: The secret key, never shared, used to decrypt or sign messages.
Key distribution problem: The difficulty of sharing a secret key safely over an insecure channel.
Trapdoor function: A function easy to compute forward but infeasible to reverse without secret information.

Solving Key Distribution

Symmetric encryption needs both parties to already share one secret key, which creates a chicken-and-egg problem: how do strangers exchange that key over a channel an eavesdropper can read? Public-key cryptography dissolves this deadlock by using two mathematically paired keys. Anyone may publish a public key openly, and anyone can use it to encrypt a message that only the matching private key can decrypt. Because the private key never travels, interception of the public key reveals nothing useful. This is why asymmetric encryption underpins secure connections between parties who have never met.

Why Trapdoors Keep Secrets

The security of public-key systems rests on trapdoor functions, operations easy one way and practically impossible to reverse without secret knowledge. RSA relies on the fact that multiplying two enormous primes is fast, while factoring their product back into those primes is computationally infeasible for large key sizes. For 2048-bit or larger keys, a brute-force attack would take longer than the age of the universe on today's computers. Smaller historical key sizes have been broken, which is why key size is a security parameter that must grow as computing power increases.

Worked examples

Trace how Alice sends Bob a message only Bob can read.

Bob publishes his public key openly; Alice retrieves it.
Alice encrypts her plaintext using Bob's public key, producing ciphertext.
Alice sends the ciphertext; even she cannot decrypt it once locked.
Bob decrypts the ciphertext with his paired private key, recovering the original message.

Answer: Alice encrypts with Bob's public key, and only Bob's private key can decrypt it.

Hey, I'm Byte — and today we're solving one of the hardest problems in all of computing: how do two strangers share a secret when anyone could be listening? For centuries, secret codes required a shared secret key — both people had to already know the key before they could talk privately. But what if you've never met? You can't safely send the key because an eavesdropper could intercept it. This is called the key distribution problem. Public-key cryptography (also called asymmetric encryption) breaks that deadlock with a brilliant idea: use TWO mathematically linked keys, not one. They're called a key pair. Here's the mental model — think of a padlock: - Your PUBLIC key is the open padlock you hand out freely to anyone. Anyone can snap it shut to lock (encrypt) a message to you. - Your PRIVATE key is the only key that opens that padlock. You never share it. Only you can unlock (decrypt) messages locked with your public padlock. So the flow is: sender gets your public key → encrypts the message with it → sends the ciphertext → only you can decrypt it with your private key. Even the sender can't decrypt their own message once it's locked! If anyone tries to use the wrong key — say, their own private key or a random key — decryption fails completely, producing unreadable gibberish, because the keys are mathematically paired and no substitute will fit. The math behind this uses a 'trapdoor' — a mathematical function that is easy to compute in one direction but practically impossible to reverse without secret information. A famous example is RSA, which relies on the fact that multiplying two enormous prime numbers is fast, but factoring their product back into primes is computationally infeasible — for the large key sizes used today (2048 bits or more), it would take longer than the age of the universe with current computers. Smaller historical key sizes were broken, which is why key size matters. You see this in action every day: when your browser connects to a secure website, public-key cryptography is used during the handshake to authenticate the server and establish a shared session key. The actual data you send and receive is then protected by fast symmetric encryption (like AES). The two methods work together — asymmetric crypto sets up the secret, symmetric crypto does the heavy lifting. It's also used in email encryption, secure logins, and digital signatures — where your private key proves something came from you. Key rule to remember: encrypt with the public key, decrypt with the private key. They are mathematically paired — no other key will work.

Activity

Sort each item into the correct column: does it belong to the PUBLIC key or the PRIVATE key?

Practice

Which key should a sender use to encrypt a message only the recipient can read?

Describe how a browser uses public-key cryptography when connecting to a secure website.

Common mistakes to avoid

A shared public key is unsafePublishing the public key is intentional; only the private key can decrypt, so sharing it is by design.
The same key encrypts and decryptsAsymmetric systems use paired keys: the public key encrypts and the matching private key decrypts.

Check your understanding

Alice wants to send Bob an encrypted message so only Bob can read it. Which key should Alice use to encrypt the message?

A classmate says, 'Public-key encryption is unsafe because everyone can see your public key.' What is the flaw in this reasoning?

Which of the following best describes how public-key cryptography is used when you visit a secure website?

Recap

Public-key cryptography uses a paired public and private key to solve key distribution, letting strangers communicate securely. A trapdoor function like RSA makes encryption easy but reversal infeasible, and secure websites combine it with fast symmetric encryption.

Reflect

How does the padlock analogy help or mislead you when reasoning about real cryptographic keys?