What is Encryption? Cryptography’s history and the encryption basics.
One could say that modern electronic, digital computers—the archetype of all computing devices we use today—initially became a reality as a result of encryption.
Or, more precisely, the need to decrypt encoded ciphers.
Nearing the end of World War II, the Germans used a sophisticated encryption machine called the Lorenz SZ—which the British nicknamed “Tunny” (tunafish)—and were the successors to the Enigma machines that had been thwarted by Alan Turing’s bombe machine.
Due to the complexity of these Tunny machines’ ciphers, which used 12 mechanical wheels to generate pseudorandom key streams to scramble up messages into indecipherable gibberish, cryptanalysts at Bletchley Park needed a far more efficient way to decipher coded messages of such a sophisticated nature.
To do so, a set of machines known as Colossus was created to unscramble these high-level German military intelligence messages faster than before—the world’s first programmable, electronic digital computers—and were responsible for decrypting thousands of messages from Axis officers that proved essential to winning the war.
These machines were large, a total of only twelve were ever built, but these days one would be hard-pressed to not have a portable pocket-sized computer within a couple meters of you at all times—and with this increased presence in our daily lives, as well as the invention of the internet, comes a need to protect ourselves and our personal information from cyberattacks.
Whether it be public and private keys on the blockchain or green locks on your web browser, to do so computer scientists are utilising cryptography to battle bad actors on the digital frontier—an ancient art that has been part of human culture for millennia.
A history decoded
Modern cryptography, as the name suggests, is a relatively recent invention, but as long as there have been humans there have been those that wanted to conceal certain information.
From the earliest times, people used symbols, numbers and pictures to obscure a message so only those that knew what they meant could make sense of it. This gave them a distinct advantage to gather under persecution for example, or maintain valuable trade secrets.
Today, we have valuable historical artefacts and records of how cryptography was used throughout history, from which we can derive an interesting link from encryption of old to today’s complex protocols that keep us, our information and our data safe.
- About four thousand years ago, around 1900 BC, there is evidence of an Egyptian scribe that used non-standard hieroglyphs.
- Hebrew scribes around 500-600 BC used a cipher known as ATBASH—a substitution cipher where the first letter of the alphabet would be replaced by the last, and the second letter would be replaced by the second-to-last, etc.
- The Greeks used a device known as a scytale that worked by writing the alphabet on a long strip of leather (which, when not be used for decoding messages, could be used as a stylish leather belt) and then wrapping it around a stick in a spiral fashion; once wrapped, the letters above and below could be used instead of the original letter—only those with the exact same staff with the same diameter could decode the cipher.
- Famously, Julius Caesar used a simple cipher which shifted the alphabet a fixed amount of letters to the left or right to encode his messages.
- Leon Battista Alberti invented the first polyalphabetic cipher in 1466 that needed a specific tool—a cipher disk that works much the same as a decoder ring—in order to create a cipher and a matching disk to decipher the encoded text. The Alberti cipher remained unbroken until the 1800s.
- In 1666 Samuel Morland invented the first mechanical cipher that used a series of gears and wheels, called rotors, to encrypt a message. A gear was essentially like one of Alberti’s cipher disks. Every time a letter was typed, the gear would rotate, and if each gear position meant a different cipher key, then it would take a while to discover which cipher key was the correct one as the gear would have to rotate fully again before resetting.
- In WWII the Germans used the Enigma machine which functioned much like one of Morland’s rotor machines but had multiple gears. If each gear had 36 positions, (A-Z and 0-9), then adding another gear would make 36×36 different combinations or a 1296 character key. Enigma machines had three gears and a host of other different settings that would change after every message.
While these ciphers certainly baffled humanity for a time and grew exponentially more complex, nowadays computers can make short work of such encryption methods. If given enough time and processing power, computers can find the correct password or key by brute force—which is the act of trying every possible combination until you reach the correct one.
As such, for the modern era, the name of the encryption game is to make that process as difficult as possible by taking it up a notch—so that the time it takes a computer to find the correct key is not hours or days, but millions of years or a technically infeasible amount of processing power
A key to the cipher
Rooted in the Greek word kryptos meaning ‘hidden or secret’, encryption in its most basic form describes the act of changing something, be it text or speech or hand signals, so that only a select few that are “in-the-know” can understand the information being shared, whiles others cannot.
Cryptography, then, is the study of secure communication, and encryption is a subset of that field that describes the process of turning text (known as plaintext in modern-day cryptography) into code. The actual code, i.e. the document of nonsense letters and numbers, is known in cryptography as a cipher and in modern-day digital cryptography is denoted as ciphertext.
Basically, think of encryption as a process that turns this phrase (the plaintext),
I have a lovely bunch of coconuts
into to this phrase or string (the cipher),
Conceptualize encryption as a padlock that secures a piece of data, and only those with the right key or code phrase will know which key is the correct key to unlock it. This secures data by obscuring its contents, and in order to decrypt it a very specific and complex calculation has to be done by a computer using a key as a guide.
Decryption, thus, refers to the process of describing a cipher and turning it back into plain text again.
Combinations upon permutations upon variations
Instead of using mechanical machines to jumble up letters and numbers like in the old days, these days computers use sophisticated encryption algorithms to thwart any attempts of other computers to decrypt information.
Modern-day encryption algorithms consist of mathematical equations so complex that only other computers can calculate them in a reasonable time frame—and that’s only if they know the key; figuring out what the correct key is, based on the infinite number of possible permutations, would still take a computer hundreds of thousands of years. Making the process as difficult as possible is the aim of encryption.
There are two basic types of encryption: symmetric and asymmetric.
Please note that the following examples are oversimplified for ease of understanding; things are a little bit more complicated.
Symmetric-key encryption, also known as private-key and secret-key cryptography, works on the basis that there is one shared key to both encrypt and decrypt a ciphertext, i.e. the same algorithm/key/cipher that is used to scramble the message is what is used to decode it again—hence, it is symmetric.
Think of it like Anthony sending Cleopatra a secret letter than only she is allowed to read. To do so, Anthony puts the letter in a box, locks it with a padlock, and then sends the box via the post. In order to open the box, Cleopatra would need to have an identical key. Thus, both Anthony and Cleopatra have symmetrical keys.
One problem with this method is that, while it is pretty fast, it means that it is imperative that both Antony and Cleopatra’s keys are kept secret and safe. If someone that isn’t supposed to manages to get ahold of either one of their keys and makes a copy of only one of them, then they can decode the message and the entire process becomes insecure. To keep their messages safe again the locks and keys will have to be changed.
The other problem is how to get Cleopatra the copy of the key in the first place, since sending it via the post means there are lots of opportunities for someone to intercept the key and make a copy, or even pretend to be Cleopatra. This is known on the internet as a ‘man-in-the-middle’ attack.
Asymmetric-key encryption, also known as public-key cryptography/algorithms, on the other hand, is a little bit more secure in the sense that there are two keys for every box: one to lock it and then a different one to unlock it—i.e. one for encryption and a different one for decryption.
In this case, think of the Anthony and Cleopatra’s box as post office box with one key that unlocks the deposit opening and another key that then opens the box itself.
The first key is called the public key and, as the name implies, it is public: anyone can get a copy of this key to unlock the letter slit and send Anthony a letter—all they’ll need is the correct post box number. The second key is called the private key and there is only one of them that exists. It is the only key that opens Anthony’s post box—no one else can open Anthony’s box and read his mail because no one else has Anthony’s key. If Anthony wants to send Cleopatra a return message, he would know her public key and Cleopatra would have her own private key.
In this way, no keys need to be sent via post or internet, because both Anthony and Cleopatra have their own and there is no possibility of someone intercepting the keys—as long as they keep their keys safe.
The benefit of this system is that, since they each have different keys if one key is somehow intercepted, the other person’s post box still remains secure.
The only downside is that there is usually a company that cuts the keys and gives them to you, so there is a possibility of a third-party—i.e. the company who’s system you are using to send, encrypt and decrypt messages—of having a copy of your keys.
To combat this there is End-to-End encryption (E2EE) which means that the keys are generated and stored exclusively at the endpoints—Anthony and Cleopatra’s devices—and the third-party is basically kept out of the loop. In this case, the third party might cut the keys, but they do so blind and with gloves on; they just provide the metal for the key and the grinder to cut it.
In this modern age, we all use the internet almost constantly: we send personal emails and instant messages, many of us do our banking and our purchasing online, we work online and store our documents in the cloud. In order to use these services, we have to trust these sites with our personal information like our ID numbers and credit card numbers.
Why? Because it’s better, convenient and efficient, because it’s the future.
But, as the near-constant news of high-profile data breaches and hacks show us, despite a company’s best intentions, something could always go wrong.
Encryption is only one of the various ways that our information is kept safe on the internet—but it is not the only way; we should always be a bit more active in ensuring that our data is safe. There are many ways that each of us can do our share, starting from having strong password policies with two-factor authentication and digital signatures to prove that you are, in fact, you.
However you do it, just remember that even the Lorenz and the Enigma machines were cracked, not by machines but by humans—because those sending the messages made mistakes and did not follow protocol. Vigilance is key.
Maybe we should all consider making our own DIY scytales to encrypt our online passwords, just to be extra careful—I know I could do with a new belt.
You can find out more about Digital Cabinet at www.digitalcabinet.co.za