I’ve had it in my head that an important part of teaching security online is understanding, at least in a general way, that data can (and should) be encrypted while traveling over a network. I struggled a bit last year with this, because I really wanted to end up with public-key encryption, which is non-intuitive and difficult even for adults to understand. The strategy I ended up with was to start simply. We began with Caesar’s Cipher, and worked through a simple decoding using 3D-printed decoders. Then we discussed the weaknesses of that scheme (only having 26 possible keys), and how it might be improved.
We discussed Vigenere ciphers, which might have an almost limitless number of keys, and how they might be broken with a lot of work.
I briefly talked about Enigma, one-time pads, and Navaho code-talkers. These make great stories, because they can be put in a historical context that the kids understand.
Finally, I discussed the main problem with all of these schemes, which is that you have to share a key beforehand. This is where cryptography gets conceptually difficult. To illustrate the difficulties, I put a decoder ring in a box to send to a teacher across the room. Then, I looked at a particular student (I had one I could pick on safely!), and remarked that he looked kind of shifty, and might steal the decoder ring in transit. The student, of course, played his role brilliantly. I had the class debate on ways I might safely get the box and ring to the teacher. Finally, I had an idea! I put a lock on the box and passed it over. Unfortunately, we soon realized that the teacher did not have the key. We debated whether I could pass the key as well, with the shifty kid in the middle of the room. Finally, the teacher realized she could put her own lock on the box, and pass it back. Then I could take my lock off, and the box was left with just the teacher’s lock on it.
This made for a good example of using two different keys for secure transport. A more difficult leap was trying to get the kids to see the public/private key structure, so that a message encrypted with a public key is decrypted with a private key, and vice versa. I saw a number of lightbulbs, and of the two classes I tried this on, I think one class mostly got the idea. The other was maybe 50-50. Which I think is pretty good, considering the difficulty of the concepts and the 15 minute window I had for public key encryption. In any case, I emphasized the point that there are very complicated and secure encryption systems in use, and that nothing is unbreakable. If the students get that, I’ll be satisfied with the time we spent on it.