Key exchange and authentication

Key exchange algorithm

Let's try fooling the pirates by mixing the colors: One person has one color, the other person has second color. They pass colors to each other and mix them. This is the Key colors.

- pirates can do the same, assuming equal proportions) To go deeper, you can try to pass information about proportions, but this comes down to the same thing - pirates will find out everything you tell your friend.

{Have real paints and experiment with mixing them in different proportions}

Propose the solution analogical to the key exchange algorithm * 

* The main idea of Diffie-Hellman algorithm is the following: http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange

Paul comes up with a number A that he doesn't show anybody, Lilly comes up with B. 

Paul comes up with number C to Lilly. of course pirates can see it. 

Then Paul does something with A and C and sends the result to Lilly. Lilly applies B to the that thing and as a result gets the Key.

Lilly also sends Paul a function of B and C and when Paul applies A to that result he gets exactly the same Key.

Pirates can not derive the key, so Paul and Lilly can encrypt their messages with the Key and decrypt them.

We use the similar analogy - two parties pick any color each, this is their secret color. They share the third "common" color. 

One person sends the mix of his secret color with the common color to the other person. The other person does the same. Upon receiving the mix each of them adds their secret color to it.  As a result since they mixed 3 colors in the same proportions they get the same Key color. The pirates can see the mixes, but they can't come up with the Key color, since if they mix the two mixes passed around the proportion of the common color will be different than that of the Key color.

The "wrong" assumption here is that if you have a mix A+B and color A, you can't figure out exactly what color B is. This is not true, but for practical purposes it's not obvious and we can use this assumption.

Walk through the whole algorithm. Make sure the colors match on two sides and the pirate color is different.

Authentication

To make sure the person is real, create "color police" who gives a unique color to each individual. (private key). When the initial mix of private+public colors is received by a person, he verifies the authenticity with color police by giving the public color. Since the police knows the private color of the person it can mix the colors and compare them.

Add security for color police - the colors need to be guarded extremely well. That's a topic for another discussion - e.g. have private colors behind a door that can be opened by only two people at the same time (two keys)

Communicating with many people

This requires every user to keep track of which colors are used in communication with which individuals.