Anyone who takes information security seriously cannot do without encrypting electronic data. But where do the origins of cryptography actually lie? What methods were used before the invention of computers, and what does the future hold for digital encryption? A brief overview of the multifaceted history of cryptography.
From an instrument of war to an IT standard.
The topic of encryption is omnipresent for us today. Only those who protect their data and computers according to the latest security standards can fend off cyber attacks and avoid data leaks. Cryptography is not an invention of modern times: even the ancient Romans used encryption methods. Before the invention of the modern computer, however, cryptography played a role primarily in times of war. In ancient times, generals protected secret messages for planned conquests using methods they had developed themselves. During the two world wars in the 20th century, the great powers fought a race to find the best encryption machines — and to see who could decipher the enemy’s messages first. Today, cryptography is almost entirely confined to the digital realm. A wide variety of IT solutions help protect messages and data from unauthorized access. Our journey through the history of cryptography shows how it all began and what the future holds.
The beginning: steganography makes messages disappear.
Experts argue about exactly where the origins of cryptography lie. Some assume that the hieroglyphs of the ancient Egyptians already represented a form of encryption. For others, the first surviving form of the secret exchange of messages is so-called steganography: this is not cryptography in the true sense of the word, because it served more to conceal than to encrypt communication. In ancient times, for example, the Romans used various forms of steganography. Around 50 AD, for example, the officer Pliny the Elder writes on parchment with the liquid of the plant Thithymallus. The dried sap becomes invisible on the paper. Only with a candle, which one holds behind the parchment, the writing appears again. If you don’t have any thithymallus at hand, you can also use lemon juice for this procedure. Several hundred years before Pliny, a far more radical, inhumane steganography method is said to have been used: slaves are abused as bearers of secret messages; their heads are shaved and messages are burned or tattooed into their skin. Once the hair has grown back, they are sent to the recipient of the message, who shaves the slave’s head again and then reads the message.
A key as an exclusive secret: Caesar’s cipher.
One of the first forms of cryptography in the true sense was probably used by the Spartans around 500 BC — unsurprisingly for military purposes. They invented the so-called scytale, a cylindrical wooden stick with a fixed diameter. A narrow strip of parchment paper is wrapped around the stick and the secret text is then written along the scytale. Unwrapped, the message can only be read by those who have an identical wooden stick as a recipient. A few centuries later, the Roman general Julius Caesar invents an encryption method that is new for those times: the so-called Caesar cipher. This method is based on a very simple symmetrical encryption along the alphabet. Each letter of a message is replaced by another letter. To do this, a shift is specified beforehand — for example, by three places along the alphabet. The recipient of the secret message is informed of the correct shift so that he can decipher the ciphered text. The Romans also used a specially developed deciphering disk for this purpose. From today’s perspective, by the way, Caesar’s cipher is considered very insecure, since it can be quickly cracked by pure trial and error.
Reading by keyword: the Vigenère cipher.
In contrast to the insecure Caesar cipher, the 16th-century variant of the Frenchman Blaise de Vigenère relies on the use of a keyword to encrypt messages. Although the Vigenère cipher is also based on shifting letters using the alphabet, here the keyword determines how many alphabets are used for the letter shift. Thus, the first letter of the keyword determines the alphabet for the first letter of the plaintext, the second letter determines the alphabet for the second plaintext letter, and so on. For easier decryption, one uses a so-called Vigenère square. And even though Vigenère’s method is extremely insecure compared to today’s encryption methods, it was considered almost unbreakable far beyond the inventor’s lifetime.
Enigma: Duel of the machines.
One of the most famous encryption machines of the past century is the so-called Enigma. Built in 1918, the machine, which at first glance looks like a conventional typewriter, was used during the Second World War, especially by the Wehrmacht. The secret inside the Enigma: three interchangeable rollers, each with 26 electrical contacts. Each contact is assigned to a letter of the alphabet and lights up a small lamp on the display panel. However, all the rollers are interlocked and rotated according to a complicated system, so that each letter pressed is encrypted individually. This means, for example, that the name ANNA is transformed into the letter sequence OKIG — because the A and N from the original word are always encoded by new letters. Only if the recipient knows all the necessary settings can he decode the message. In 1941, a team led by the British computer scientist Alan Turing cracked the Enigma.
The age of computers.
Since the advent of the first computers, at the latest, the time of mechanical encryption has passed. In the 1970s, however, computers tended to be reserved for governments, research institutions, and large companies due to their high purchase price. The topic of encryption has only affected the general population since computers began to enter private households and the Internet networked the entire world — which also made the almost unrestricted exchange of data possible.
The Data Encryption Standard (DES) is considered a revolutionary milestone in computer cryptography. The people involved in its development bear witness to its significance: The client was the National Bureau of Standards (NBS) of the USA — today’s National Institute of Standards and Technology (NIST). IBM took over the development itself. The symmetric algorithm is the first widespread non-military standardized encryption method. In the symmetric variant, one and the same key are used for both encryption and decryption. At the end of the 1970s, DES was used primarily at ATMs for PIN encryption. In 1997, the company succeeded in uncovering weaknesses in the algorithm — in particular, the length of the key was too short, so that thanks to increased computer power, DES could be cracked by pure trial and error. Because the shortcomings were quickly remedied, the method is still in use today. However, it is used much less frequently than the Advanced Encryption Standard (AES), which has been better able to withstand attacks since the early 2000s thanks to new architectural concepts.
In parallel to symmetric encryption techniques, computer scientists also developed procedures based on asymmetric methods in the 1970s. The difference between this and symmetric variants such as DES or AES is that two keys are needed to decrypt the data — the so-called public key and the private key. The sender uses the first key, which is freely accessible, to encrypt the message. The private key, on the other hand, is used for decryption — and is only available to the recipient. Known methods based on this principle include the RSA method and methods based on elliptic curves.
Encryption via certificates
In the analog world, we use official identification documents to prove our identity. In the digital world, certificates can take over this function. A certificate is nothing more than a data record that provides proof of identity for people, servers, organizations, and objects. The certificate information shows, for example, who issued the certificate, for whom it was issued and how long it is valid. The most important feature is the public key, for which only the certificate holder has the corresponding private key. The public keys contained in the certificate can be used to encrypt data. The well-known protocol S/MIME is also based on asymmetric encryption and this certificate system. Anyone who wants to encrypt and sign their e-mails with S/MIME must register with a corresponding certification authority and apply for a certificate. Such a certification authority can be a trust service provider. The sender now uses the recipient’s public key to encrypt his e-mail. Only with his private key can the recipient then decrypt the message. The certificate procedure has many advantages for the communication partners: The recipient can be sure that the sender of the e-mail has been verified by an independent authority, the trust service provider. And an additional signature can also ensure that the e-mail has not been altered unnoticed during transmission.
The future: post-quantum cryptography.
Today’s “world-class” security is based not on randomness, but on our (over)confidence in the math underlying our cryptography. This is inherently vulnerable to a mind like that of Alan Turing, whose singular brilliance proved decisive in breaking the German Enigma code in World War II. An article by Carsten Stöcker in World Economic Forum discusses this topic with the title: “What a 100-year-old idea can teach us about cybersecurity.”
Post-quantum cryptography. They are the computer generation of the future: quantum computers promise unprecedented computing power but consequently pose immense risks to the security of our data. They pose a challenge to many of the encryption methods that have existed to date. How we can protect ourselves from quantum computer attacks is the subject of so-called post-quantum cryptography. Companies, governments, and scientists are already conducting intensive research into ways of developing quantum computer-resistant encryption systems. It is not yet possible to say which methods could actually become the new standard.
It involves the creation of novel cryptographic techniques that can be used with conventional computers of the present but are immune to attacks from quantum ones of the future.
One method of defense is to make digital keys larger so that a large number of permutations must be searched using brute computing power. The number of possible permutations that a quantum machine using Grover’s algorithm would have to search through, for instance, effectively squares with a simple key size increase from 128 bits to 256 bits.
