A brief history of encryption (and cryptography)
Last updated: 07 June 2022
Encryption keeps your personal data secure when you're shopping or banking online. It scrambles data like your credit card details and home address to ensure hackers can't misuse this information.
Today, encryption involves new concepts and is crucial for all of us.
But it wasn't always so complicated.
Ancient Spartan cryptography
Circa 600 BC: The ancient Spartans used a device called a scytale to send secret messages during battle.
This device consists of a leather strap wrapped around a wooden rod.
The letters on the leather strip are meaningless when it's unwrapped, and only if the recipient has the correctly sized rod does the message make sense.
When was cryptography invented? It probably started in Egypt around 1900 BC, when a scribe used unexpected hieroglyphic characters instead of the usual ones.
Roman encryption and cyphers
Circa 60 BC: Julius Caesar invents a substitution cypher that shifts characters by three places: A becomes D, B becomes E, etc. A simple and effective encoding method at that time.
1553: Giovan Battista Bellaso envisions the first cypher to use a proper encryption key - an agreed-upon keyword that the recipient needs to know if they want to decode the message.
1854: Charles Wheatstone invents the Playfair Cipher, which encrypts pairs of letters instead of single ones and is, therefore, harder to crack.
But what is the meaning of encryption, and how is it different from cryptography?
Encryption vs cryptography: Cryptography is the science of concealing messages with a secret code. Encryption is the way to encrypt and decrypt the data. The first is about studying methods to keep a message secret between two parties (like symmetric and asymmetric keys), and the second is about the process itself.
Cryptanalysis is the science of deciphering data and revealing the message in plain text.
Hebern rotor machine
1917: An American, Edward Hebern, invented the electro-mechanical machine in which the key is embedded in a rotating disc. It's the first example of a rotor machine. It encodes a substitution table that is changed every time a new character is typed.
1918: German engineer Arthur Scherbius invented the Enigma machine (pictured) for commercial use. Rather than the one rotor used by Hebern's device, it uses several. Recognizing its genius, the German military began to use it to send coded transmissions.
But wait. There's more about Enigma.
1932: Polish cryptographer Marian Rejewski discovered how Enigma works. In 1939, Poland shared this information with the French and British intelligence services, allowing cryptographers like Alan Turing to figure out how to crack the key, which changes daily.
It proved crucial to the Allies' World War II victory.
You can read more about the Bombe Machine designed by Turing and created by the British Tabulating Machine Company.
1945: Claude E. Shannon of Bell Labs published an article called "A mathematical theory of cryptography." It's the starting point of modern cryptography.
For centuries, governments have controlled secret codes: applied to diplomacy, employed in wars, and used in espionage.
But with modern technologies, the use of codes by individuals has exploded.
Let's see what happened.
Modern cryptography (computer-based encryption)
In the early 1970s: IBM formed a 'crypto group,' which designed a block cypher to protect its customers' data. In 1973, the US adopted it as a national standard - the Data Encryption Standard, or DES. It remained in use until it cracked in 1997.
In the 1970s, academic papers on encryption were classified. Cryptographic devices were subject to export controls and rated as munitions, particularly in the US. Encryption was regarded as a matter of national security.
In 1976, Whitfield Diffie and Martin Hellman published a research paper on what would be defined as the Diffie-Hellman key exchange.
For the first time, the code key was no longer pre-arranged, but a pair of keys (one public, one private but mathematically linked) was dynamically created for every correspondent.
2000: the Advanced Encryption Standard replaces DES, or AES (asymmetric key - the user and sender must know the same secret key), found through a competition open to the public. Today, AES is available royalty-free worldwide and is approved for use in classified US government information.
PKI (Public Key Infrastructure) is a generic term used to define solutions for creating and managing public-key encryption. It is activated by browsers for the Internet and public and private organizations to secure communications.
CSO Online has a good article on PKI.
2005: Elliptic-curve cryptography (ECC) is an advanced public-key cryptography scheme and allows shorter encryption keys. Elliptic curve cryptosystems are more challenging to break than RSA and Diffie-Hellman.
Data encryption for all
Elliptic-curve cryptography (ECC) is also interesting because it uses less computing power: keys are shorter and, at the same time, more challenging to break.
This method is perfect for smart cards (banking cards, ID cards..), smartphones, and IoT devices (connected objects.)
It's the mechanism used to protect bitcoins or messages on Signal or Telegram.
WhatsApp is also using ECC from the open-source Signal Protocol developed by Open Whisper Systems.
And guess what, that's why these currencies are called cryptocurrencies.
The US government is also using it to protect internal communications.
ECC is becoming the preferred solution for digital privacy and security.
Today: As more and more services move to the cloud and even objects (Internet of Things) communicate, encrypting data in transit and at rest is crucial. Cryptographers are continually developing and refining solutions to this challenge.
The use of codes by individuals has also exploded, from PGP (Pretty Good Privacy) to Telegram or Signal.
, the context of every exchange - a text message, a video chat, a voice call, an emoji reaction - is intelligible only to the sender and the recipient. If a hacker or a government agency intercepts an exchange, the intruder sees a nonsensical snarl of letters and numbers.
Don't lose your (encryption) keys.
Bitcoin private keys are easy to lose.
From the start, users debated whether it was a bug or a feature.
According to the New Yorker (13 December 2021), nearly 20% of the coins mined have been lost twelve years after its inception.
The magazine illustrates this with the story of a Welshman who dumped his computer hard disk. It stored bitcoin's private keys worth $550 million. Now he's fighting to shovel the local landfill.
There's no other way.
That's why bitcoin owners prefer to store their private keys in offline wallets.
The challenging future of encryption
Quantum computing (and its exceptional power) is in its infancy but may break asymmetric cryptographic algorithms in the future.
Experts foresee that RSA 2048 can be broken by 2035.
According to the International Monetary Fund (IMF - March 2021) paper on Quantum computing and the financial system, quantum computing could compromise the security of digital currencies and e-commerce, mobile banking, and internet data exchange.
For example, the IMF advises that banks prepare for the cryptographic transition by assessing future and retroactive risks from quantum computers, inventory their cryptographic algorithms, and build cryptographic agility to improve their infrastructure cybersecurity resilience.
So, stay tuned to discover how quantum cryptography could be applied to secure data soon.