🔍 Here’s an easy-to-understand analogy to help your non-technical friends and customers understand public keys and private keys, and how they relate to cryptography and digital signatures.
If you work in cybersecurity or any computer-related field, sooner or later, you’ll have to explain public-key cryptography and digital signatures to non-technical people. With the recent rise of remote work and stories about system breaches, computer security has become a topic of discussion even among laypeople.
After trying to explain public-key cryptography and digital signatures to some clients with varying degrees of success, I wanted to develop an analogy that explained them and was easy to remember. I’ve found that even techies get confused by the formal definitions, and many non-technical explanations just seem unsatisfying.
That’s when I stumbled upon Panayotis Vryonis’ article, Public-key cryptography for non-geeks. It became my go-to analogy until my computer science professor, Dr. Robin Dawes pointed out a flaw. I refined it with his help, and a suggestion from Matthew Ernest, and the result is below. I hope you find it helpful when trying to explain these concepts to anyone!
Imagine a box with a special lock, as pictured below:
The lock has three positions:
- When the lock is at the “9:00” position, the box is locked, and its contents are inaccessible.
- When the lock is at the “12:00” position, the box is unlocked, which means you can open it and view its contents.
- When the lock is at the “3:00” position, the box is locked, and its contents are inaccessible.
In order to avoid wandering into endless “What if...?” tangents, assume that it’s prohibitively costly to pick the lock or break the box.