Clickory

Two friends build a secret number over a line a spy is listening to — how can they end up sharing a number the spy can't make?

After you watchTwo friends build a secret number over a line a spy is listening to — how can they end up sharing a number the spy can't make?

The short answer

They use a public 'number clock' of 17 (you can land on the spots 1–16) and a public starting step. Each friend secretly picks how many hops to take and shouts only the spot they land on. Then each one hops their own secret number of times again, this time starting from the spot the other friend shouted — and both land on the exact same secret number. A spy who copied the clock, the start, and both shouted spots still can't make that number, because hopping forward is easy but figuring out how many hops someone took from only their landing spot has no shortcut — you'd have to try every possible hop count.

Try this next

  • What if you made the number clock bigger — say 23 spots instead of 17? Predict first: does the spy need to try more hop counts or fewer? Then play the spy and count how many guesses 'try them all' takes — watch the work grow as the clock grows.
  • What if the spy already knew one friend's secret hop count? Predict whether the spy could now finish the handshake. Then think it through: with a secret hop count, hopping from the other friend's shouted spot lands you on the very same shared number.
  • What if both friends picked the same secret hop count? Guess whether they still land on a matching number, and whether that makes the spy's job easier. Then trace the hops — same secret each, swap, hop again — and see where they end up.

Now you — bend it

  • What if What if you grew the clock from 17 spots to a clock with hundreds of digits of spots?The spy's only attack is testing every hop count. Picture how the pile of guesses grows when the clock has more spots than there are atoms to count.
  • What if What if a man-in-the-middle quietly swapped the friends' shouted spots with spots of his own?Each friend would build a shared number with the stranger instead of each other. That's why real phones also check who they're really talking to.
  • What if What if there were a shortcut to read a hop count straight off a landing spot?Then the spy wouldn't need to try them all. The whole trick rests on backward having no formula — only forward does.

Can you prove it?Both friends end up on the exact same secret number even though neither one ever sent it. — Pick a secret for Ana and a secret for Bo. Hop Ana's secret, shout her spot; hop Bo's secret, shout his spot. Now hop Ana's secret from Bo's spot, and Bo's secret from Ana's spot. Check: both land on the same spot, because hopping a times then b times equals hopping b times then a times.

Design your own test:Predict how many hop counts the spy must try on your clock before you build it — then become the spy and count whether your guess matched.

Explain it to a 6-year-old: You and a friend can each whisper-add a secret splash, trade jars where everyone's watching, and still end up with the same color nobody else can copy.

The whole story

How it works

On a clock of 17 spots, you start on a public spot (3) and take a secret number of hops; each hop jumps you using the same public step. Going forward — hop count to landing spot — is instant. Going backward — landing spot to hop count — has no formula, so the only way is to test hop counts one at a time. Ana hops her secret a times and shouts where she lands (A); Bo hops his secret b times and shouts where he lands (B). They swap. Ana now hops a times from Bo's spot and Bo hops b times from Ana's spot, and both arrive at the same number, because doing a hops then b hops lands on the same spot as doing b hops then a hops. The spy heard the clock, the start, A and B, but never a or b — and to get either secret hop count from a shouted spot they must brute-force, trying every possibility.

What people get wrong

People think that if a spy hears everything you send, they can always rebuild your secret. But here the spy copies the whole conversation and still can't make the shared number. The secret hop counts are never sent, and the shared number is never sent either — each friend builds it on their own side. Getting a secret hop count back from a shouted landing spot is the one thing that has no shortcut, so the spy is stuck testing every possibility.

The catch

Building a secret out in the open is amazing: you never meet up and never send the secret itself, so two strangers' phones can do it across the internet. But it leans entirely on going backward having no shortcut — on our toy clock of 17 a patient spy cracks it by trying just 16 hop counts, and if a spy ever steals a secret hop count it falls apart. Meeting in person to hand over a secret is rock solid and nobody on the wire can touch it, but you have to physically meet or trust a courier every single time, which can't scale to billions of strangers.

Questions kids ask

Why can't the spy just work the secret out from the numbers they copied?

Because the clock only runs one way easily. Hopping a secret number of times to land on a spot is instant, but staring at a landing spot and figuring out how many hops it took has no formula — every spot looks equally likely. The spy heard the clock, the start spot, and both friends' landing spots, and the only way to turn one of those back into a secret hop count is to test hop counts one by one until one matches.

Is the shared secret number ever sent across the wire?

No. The two secret hop counts never leave each friend's room, and the final shared number is never sent either — each friend builds it on their own side by hopping their secret number of times from the spot the other friend shouted. Only the clock, the start spot, and the two landing spots travel across the line, and those aren't enough to make the shared number without brute-forcing a hop count.

So is this code unbreakable?

Not magically. On our tiny clock of 17 a patient spy cracks it by trying all 16 hop counts. It's safe only because real systems use a giant clock with hundreds of digits of spots, so 'try them all' would take longer than the universe has existed. It also stays safe only while the secret hop counts stay secret — if a spy steals one, they can finish the handshake just like that friend. That's why real systems also check you're really talking to your friend and not a sneaky middle-man swapping the numbers.

Does my phone really do this?

Yes — with a huge number clock instead of a tiny one. When your phone connects to a website it has never met, the two sides run this exact dance to agree on a secret key nobody listening can copy, then use that key to scramble everything they say. The 'easy forward, no shortcut backward' part is real math: hopping around the clock (modular exponentiation) is fast, but reading the hop count back (the discrete logarithm) is so slow on a giant clock that even huge computers give up.

Talk about it

  • Guess first: can two people build a secret while shouting numbers across a crowded room where everyone hears? How might that even work?
  • What's something that's quick to do but really hard to undo — like squeezing toothpaste out of the tube? Can you think of more?
  • If you never send the secret itself, where does it actually live? Where would you have to look to find it?

For grown-ups

This is the Diffie–Hellman key exchange. The number clock is the integers mod a prime P (here 17); the public step is a generator G (here 3, a primitive root mod 17); a secret hop count is a private exponent. Each side publishes G^a mod P and G^b mod P, swaps them, and raises the other's value to its own secret, giving B^a = A^b = G^(a·b) mod P — the shared key. Forward is modular exponentiation (fast); backward is the discrete-logarithm problem, for which no efficient classical algorithm is known. Crucially the security is NOT linear: there's no add/subtract trick from {G, P, A, B} to the key, unlike mixing paint, which is reversible. The toy 17-spot clock falls to brute-forcing ~16 values; real systems use primes hundreds of digits long so brute force is infeasible. Real protocols also add authentication to stop a man-in-the-middle from swapping the public values.

Keep going

What else makes you wonder?

  • If hopping forward is easy but hopping backward has no shortcut, what other everyday things are easy one way and almost impossible to undo?
  • How big would the number clock have to be before even the fastest computer on Earth gave up trying every hop count?
  • If two friends can build a secret without ever meeting, how does each one know the spot they heard really came from their friend and not a sneaky stranger?

Embed this explainer

Drop it into any page, blog, or class site — it runs on its own, free.

Open standalone
<iframe src="https://clickory.org/embed/make-a-shared-secret-in-the-open/" width="100%" height="760" style="border:0;border-radius:16px;max-width:840px" title="Two friends build a secret number over a line a spy is listening to — how can they end up sharing a number the spy can't make? — Clickory" loading="lazy"></iframe>
ages 8–11Can you mix two photos so a stranger can't read them, but your friend can? Open ages 8–11Can you really fit ALL the counting numbers into the spaces between 0 and 1? Open ages 8–11If you guess on a 3-door game show, should you switch doors after a hint? Open