Ciphers have been used to encrypt and decrypt sensitive date since 3,000 B.C. However, their importance and relevance for day-to-day information security became important with the expansion of the internet and the escalating volumes of sensitive data exchanged online every day.
The history of ciphers and encryption is a compelling one. It has included a constant battle between cryptographers (encryption) and cryptanalysts (decryption), with repeated cryptographic algorithm development cycles, attempts to break an existing cipher algorithm, followed by the creation of a new cipher algorithm to replace the broken one.
The same battle goes on today but with a greater emphasis on creating stronger and stronger keys, so a new key is ready and waiting when an existing key is factored/hacked (or shows signs of weakening). If you spend any amount of time on the web, you’ve come into contact with the RSA algorithm in your daily life: its influence is everywhere. The RSA algorithm was first publicly introduced in 1977 by Ron Rivest, Adi Shamir and Len Adleman. Much has changed since then, as new algorithms have been introduced to replace broken ones or those on the verge of being broken. However, as computing power increases, so does the threat that next generation of RSA algorithms will be factored, too. As always, it’s only a matter of time.
To better understand what the future holds in the war against the cybercriminals — and the major new developments waiting in the wings — let’s look back at some important cryptographical milestones.
The oldest-known ciphers are said to be hieroglyphics (ancient Egyptian script) on monuments, dating back more than 5,000 years. They were considered undecipherable until the 19th century. However, if history tells us one thing, it’s that nothing remains sacrosanct in the world of security forever!
During the first century B.C., we saw the emergence of the Caesar cipher — one of the most famous methods of cryptography and frequently used by the Roman emperor Julius Caesar. This cipher worked by substituting each letter in the original message for another letter located in a fixed number of positions down the alphabet. This fixed position was only known by the sender and receiver (known as shift ciphers). However, these ciphers can be easily decrypted by trying out a maximum of 26 shift numbers. If they had had the technology to use a random shift, they could have effectively increased the number of permutations (to 26 x 25 x 24 x …. = 400000000000000000000000000!), making message decryption far more difficult.
The Caesar cipher is based on the substitution cipher encryption method that rearranges the sequence of characters based on a fixed rule. These are the most commonly used cryptography systems throughout history. However, substitution ciphers can all be decrypted using frequency analysis where linguistic parameters are incorporated to guess pre-encrypted letters based on how often they appear.
War brings the need for stronger encryption
The development of modern communications and the need to keep sensitive data hidden precipitated a surge in cryptography and cryptanalysis during the First World War. The advent of mechanical cipher machines increased the probability of decrypting even the most complex ciphers. These machines also enabled the creation of more complex encryption methods. For previous generations, none resonates more with the public consciousness than the redoubtable Enigma.
Invented by German engineer Arthur Scherbius in 1918, Enigma cryptography featured polyalphabetic substitution encryption. This unit contained multiple rotors (known as scramblers) embedded with the 26 letters of the alphabet and a plugboard. This machine was able to carry out single alphabetic character conversions. For each letter input on the keyboard, the scrambler rotated one gradation, enabling easy encryption or decryption using a key that changed with each input letter.
Under threat of invasion by Germany, Poland invented their own encryption machine, known as Bombe. However, with the ongoing improvements to Enigma and the ability to create an increasing number of encryption patterns, it was uneconomical for Poland to continue its cryptanalysis work. In 1939, two weeks before the start of the Second World War, Poland passed on its research findings and decryption work to Britain. With this information, Britain was eventually able to decrypt the German army’s pattern for Enigma and the Enigma code was finally broken.
Widely regarded as the father of computer science and artificial intelligence, Alan Turing devised the huge electro-mechanical ‘Bombes’ — forerunners to modern computers. The Bombes were the key to Bletchley Park’s war-time triumph in the decrypting of Enigma, known as Ultra. Information gained from decrypting communications about German movements and battle plans remained an important data source for the Allies until the end of the 1938–45 war. This breakthrough remained highly confidential so that Germany would continue to use Enigma with complete faith until the end of the war. However, the fact that Enigma had been decrypted didn’t become public knowledge until 1974.
Since World War II, the tools that cryptographers and cryptanalysts use has shifted from mechanical machines to stronger and stronger computers. With the growth of the internet and the spread of the computers and smart phones, the importance of day-to-day information security is no longer thought of as only a military or government concern. Which takes us back to the never-ending battle to stay one step ahead the cybercriminals and the questions we must answer. How can we stay one step ahead? What new deterrents are waiting in the shadows?