Simple version of asymmetric encryption

Question

I'm searching for an example of a simple, asymmetric encryption algorithm, which could be used to present someone, who is not fluid in maths, how asymmetric encryption works. An obvious example of asymmetric encryption algorithm is RSA, but this algorithm requires far more knowledge than an average person might have.

A trivial example might be f(x, pub) = x * pub = c and g(c, priv) = c * priv = x, under assumption, that priv = 1 / pub.

However, this example is trivial, because pub and priv are directly related to one another and having public key you can easily derive private one. And frankly, this is actually symmetric algorithm stretched to look like asymmetric rather than truly asymmetric.

So I'm searching for a demo asymmetric encryption algorithm, which:

• Requires minimum mathematical knowledge to understand fully (in contrast to RSA, where you have to understand chinese rest theorem, small Fermat's theorem, modulo calculus etc.)
• Is nontrivial (eg. having public key and cipher you cannot easily find the private key or plaintext and by easily I mean eg. a simple formula)
• Does not have to be secure (eg. bruteforce attacks may be easy to perform)

Is there an algorithm, which matches these requirements?

---

I've been trying to invent such algorithm by myself and my thinking is as following: we need to find a function f(c, pub), which causes some information to be lost in the process, which is not recoverable easily. The same information is in the priv key, which allows to restore the original information.

An example of a function, which causes information loss is obviously modulo, because it doesn't have a direct reverse function. I mean direct, because knowing the integral part of division, you may reverse the modulo. I however cannot think of an algorithm, which could take advantage of this property. Or else other function, which has this property of being "reversible under specific conditions".

Answer 1

''However, this example is trivial, because pub and priv are directly related to one another and having public key you can easily derive private one. And frankly, this is actually symmetric algorithm stretched to look like asymmetric rather than truly asymmetric.''

Your example hits the point:

''A trivial example might be f(x, pub) = x * pub = c and g(c, priv) = c * priv = x, under assumption, that priv = 1 / pub.''

In the RSA algorithm the situation is similar:

Each participant has a public key $(n,e)$ and a private key $d$ such that $d$ is the inverse of $e$ modulo $\phi(n)$, where $\phi$ is the Eulerian phi-function.

An adversary knows $n$ but not the factorization $n=pq$ into distinct primes $p,q$ and so he/she does not know $\phi(n)$ which is $(p-1)(q-1)$.

Answer 2

Often physical examples work better than digital for demonstration purposes. Asymmetric encryption would then be a padlock.

Suppose someone wants to send you an item in a chest. If the chest has a regular key lock, the sender needs to have a copy of the key to lock it, and you need a copy to unlock it. So the sender needs to send you a copy of the key in addition to sending you the chest.

Now, if it's a padlock chest, you can send out a bunch of padlocks. Only you have the keys to unlock them, but anyone can lock them. So the sender can simply get one of your padlocks and use it to lock the chest.

Now, suppose someone is intercepting your post. If a key is send, they can simply make a copy, and then use it to open the chest. If they intercept a padlock, making a key that can open it is that much more difficult. Of course, they could swap the padlock - but that's a problem that can happen with digital asymmetric cryptography as well.