Last updated: 10 June 2023
Encryption keeps your data secure when you're shopping or banking online. It scrambles data like your credit card details and home address to ensure hackers can't misuse this information.
Today, encryption involves new concepts and is crucial for all of us.
But it wasn't always so complicated.
Ancient Spartan cryptography
Circa 600 BC: The ancient Spartans used a scytale device to send secret messages during battle.
This device consists of a leather strap wrapped around a wooden rod.
The letters on the leather strip are meaningless when unwrapped, and the message makes sense only if the recipient has the correctly sized rod.
When was cryptography invented? It probably started in Egypt around 1900 BC, when a scribe used unexpected hieroglyphic characters instead of the usual ones.
Roman encryption and cyphers
Circa 60 BC: Julius Caesar invents a cypher that shifts characters by three places in the alphabet: A becomes D, B becomes E, etc. A simple and effective encoding method at that time.
Surprisingly, in the 2000s, Bernardo Provenzano, the Sicilian Mafia boss, still used a variant of the Caesar cipher to communicate through Pizzini, coded messages written on tiny pieces of paper.
1553: Giovan Battista Bellaso envisions the first cypher to use a proper encryption key - an agreed-upon keyword the recipient must know to decode the message.
1854: Charles Wheatstone invents the Playfair Cipher, which encrypts pairs of letters instead of single ones and is, therefore, harder to crack.
But what is the meaning of encryption, and how is it different from cryptography?
What is a cipher? A cipher encodes or encrypts information to make it unreadable without the right decoding key or algorithm. It's like a secret code, protecting sensitive data by changing it into unintelligible. Ciphers can have different forms, such as substituting letters with symbols or rearranging word order. Only those with the decoding key can decipher the code and understand the original message, just like a secret code between friends keeps messages safe from others.
Cryptography vs encryption: Cryptography is the science of concealing messages with a secret code. Encryption is the way to encrypt and decrypt data. The first is about studying methods to keep a message secret between two parties (like symmetric and asymmetric keys), and the second is about the process itself.
Cryptanalysis is the science of deciphering data and revealing the message in plain text.
Hebern rotor machine
1917: An American, Edward Hebern, invented the electro-mechanical machine in which the key is embedded in a rotating disc. It's the first example of a rotor machine. It encodes a substitution table that is changed every time a new character is typed.
1918: German engineer Arthur Scherbius invented the Enigma machine (pictured) for commercial use. It uses several rather than the one rotor used by Hebern's device. Recognizing its genius, the German military began to use it to send coded transmissions.
But wait. There's more about Enigma.
WW2 cryptography
1932: Polish cryptographer Marian Rejewski discovered how Enigma works. In 1939, Poland shared this information with the French and British intelligence services, allowing cryptographers like Alan Turing to figure out how to crack the key, which changes daily.
It proved crucial to the Allies' World War II victory.
You can read more about the Bombe Machine, designed by Turing and created by the British Tabulating Machine Company.
1945: Claude E. Shannon of Bell Labs published an article called "A mathematical theory of cryptography." It's the starting point of modern cryptography.
For centuries, governments have controlled secret codes: applied to diplomacy, employed in wars, and used in espionage.
But with modern technologies, the use of codes by individuals has exploded.
Let's see what happened.
Modern cryptography (computer-based encryption)
In the early 1970s: IBM formed a 'crypto group,' which designed a block cypher to protect its customers' data. In 1973, the US adopted it as a national standard - the Data Encryption Standard, or DES. It remained in use until it cracked in 1997.
In the 1970s, academic papers on encryption were classified. Cryptographic devices were subject to export controls and rated as munitions, particularly in the US. Encryption was regarded as a matter of national security.
In 1976, Whitfield Diffie and Martin Hellman published a research paper on what would be defined as the Diffie-Hellman key exchange.
The code key was no longer pre-arranged for the first time, but a pair of keys (one public, one private but mathematically linked) was dynamically created for every correspondent.
2000:the Advanced Encryption Standard replaces DES, or AES (asymmetric key - the user and sender must know the same secret key), found through a competition open to the public. Today, AES is royalty-free worldwide and approved for use in classified US government information.
PKI (Public Key Infrastructure) is a generic term used to define solutions for creating and managing public-key encryption. It is activated by browsers for the Internet and public and private organizations to secure communications.
CSO Online has a good article on PKI.
2005: Elliptic-curve cryptography (ECC) is an advanced public-key cryptography scheme that allows shorter encryption keys. Elliptic curve cryptosystems are more challenging to break than RSA and Diffie-Hellman.
Dataencryption for all
Elliptic-curve cryptography (ECC) is also interesting because it uses less computing power: keys are shorter and, simultaneously, more challenging to break.
This method is perfect for smart cards (banking cards, ID cards..), smartphones, and IoT devices (connected objects.)
It's the mechanism to protect bitcoins or messages on Signal or Telegram.
WhatsAppalso uses ECC from the open-sourceSignal Protocoldeveloped byOpen Whisper Systems.
And guess what? That's why these currencies are called cryptocurrencies.
The US government is also using it to protect internal communications.
ECC is becoming the preferred solution for digital privacy and security.
Today: As more and more services move to the cloud and even objects (Internet of Things) communicate, encrypting data in transit and at rest is crucial. Cryptographers are continually developing and refining solutions to this challenge.
The use of codes by individuals has also exploded, from PGP (Pretty Good Privacy) to Telegram or Signal.
With end-to-end encryption, the context of every exchange - a text message, a video chat, a voice call, an emoji reaction - is intelligible only to the sender and the recipient. If a hacker or a government agency intercepts an exchange, the intruder sees a nonsensical snarl of letters and numbers.
Don't lose your (encryption) keys.
Bitcoin private keys are easy to lose.
Users debated whether it was a bug or a feature from the start.
According to the New Yorker (13 December 2021), nearly 20% of the mined coins were lost twelve years after their inception.
The magazine illustrates this with the story of a Welshman who dumped his computer hard disk. It stored Bitcoin's private keys worth $550 million. Now he's fighting to shovel the local landfill.
There's no other way.
That's why Bitcoin owners prefer to store their private keys in offline wallets.
Store your keys in a safe place.
March 2021 was a busy month for Belgian and Dutch police. They had infiltrated and breached the encryption of users of Sky ECC, the world's largest cryptophone network.
Sky ECC boasted of being the "most secure messaging platform you can buy" and offered a $5 million prize for anyone who could break the encryption of one of its phones. The only problem was that Belgian and Dutch police didn't need the $5 million prize.
They found a spectacular bungle made by Sky ECC.
It turns out they stored the private keys for the system on the same server as the network's messages. Oops.
More than 1,600 Belgian police officers and their Dutch counterparts swooped in and arrested 48 suspects. The Dutch police were also busy raiding 75 homes and arresting more than 30 people. The news caused panic among the 70,000 customers of Sky ECC around the world who thought they were safe.
Moral of the story: don't put all your eggs in one basket. Especially when that basket is your own server.
20 major encryption algorithms and their date of creation
Here is a list of 20 major encryption algorithms and their date of creation:
Encryption Algorithm | Year | Main Features |
Triple DES | 1974 | Symmetric key, three keys and three rounds for enhanced security |
Diffie-Hellman | 1976 | Asymmetric key, used for key exchange |
RSA | 1977 | Asymmetric key, widely used for encryption, decryption, and digital signatures |
Skipjack | 1983 | Symmetric key, used in Clipper chip for key escrow |
ElGamal | 1985 | Asymmetric key based on Diffie-Hellman, used for encryption and signatures |
ECC (Elliptic Curve Cryptography) | 1985 | Asymmetric key, based on elliptic curves, known for efficiency and security |
RC4 | 1987 | Stream cipher symmetric key, widely used but has security concerns |
IDEA | 1990 | Symmetric key, known for simplicity and security |
PGP | 1991 | Symmetric and asymmetric key encryption software, widely used for secure email |
DSA | 1991 | Asymmetric key, used for digital signatures |
Cast5 | 1996 | Symmetric key, known for simplicity and speed |
SHACAL-2 | 1998 | Symmetric key, part of the SHA-3 competition, known for its security and performance |
Twofish | 1998 | Symmetric key, designed as an improvement over Blowfish, known for security and efficiency |
MARS | 1997 | Symmetric key, designed for security and efficiency, known for high-security margins |
AES (Advanced Encryption Standard) | 1997 | Symmetric key, widely used and considered secure |
HC-128 | 1998 | Stream cipher symmetric key, known for high performance and resistance to attacks |
Serpent | 1998 | Symmetric key, known for strong security and resistance to attacks |
Camellia | 2000 | Symmetric key, designed to be secure and efficient |
ARIA | 2003 | Symmetric key, designed to be secure and efficient |
Note: The years mentioned represent the year of the algorithm's initial publication or significant milestone.
The challenging future of encryption
Quantum computing (and its exceptional power) is in its infancy but may break asymmetric cryptographic algorithms.
The result?
Experts foresee that RSA 2048 can be broken by 2035.
According to the International Monetary Fund (IMF - March 2021) paper on Quantum computing and the financial system, quantum computing could compromise the security of digital currencies and e-commerce, mobile banking, and internet data exchange.
For example, the IMF advises that banks prepare for the cryptographic transition by assessing future and retroactive risks from quantum computers, inventory their cryptographic algorithms, and build cryptographic agility to improve their infrastructure cybersecurity resilience.
Scientists cannot guarantee encryption beyond thirty years.
So, stay tuned to discover how quantum cryptography could be applied to secure data soon.
Encryption vs tokenization
Tokenization and encryption are both methods of protecting data, but they have different purposes and functions.
Tokenization: Tokenization is the process of replacing sensitive data with a non-sensitive equivalent known as a token without compromising the security of the original data. It does not contain details about how this data is stored, who has access to it, or its value.
Tokens can be stored in databases, transmitted over networks, or used to generate dynamic reports.
Tokenization can be implemented on top of existing systems without significant changes to existing processes or infrastructure.
Encryption, however, uses an algorithm to convert sensitive data into an unintelligible format before storing or transmitting it. Encryption is typically performed using public/private key pairs—a public key is used to encrypt data while its paired private key decrypts it later when it needs to be reread (e.g., by someone who requires access).
The benefits of tokenization versus encryption include the following:
1) Increased security;
2) Reduced costs;
3) No need to maintain a database;
4) More flexibility when deploying new applications;
5) Reduced legal liability for breaches caused by encryption failures;
6) Ability to comply with privacy law regulations (such as HIPAA).
More on this topic: What is payment tokenization?
Cryptography vszero-knowledge proofs
Cryptography and zero-knowledge proofs are important concepts in information security, but they serve different purposes and functionalities.
Cryptography is a broader field that deals with secure communication techniques in the presence of adversaries. It's like a toolbox filled with various tools for securing data. These tools include encryption (converting readable data into unreadable data to protect it), decryption (converting the unreadable data back into readable form), digital signatures (for authentication), and so on.
On the other hand, zero-knowledge proofs, while a cryptographic concept, are a more specific tool within that larger cryptography toolbox.
They are a method by which one party can prove to another that they know a specific piece of information without revealing any details about the information itself.
In other words, it's like showing someone you have a key to a lock without letting them see the shape of the key.
So, while zero-knowledge proofs fall under the broader umbrella of cryptography, they serve a unique purpose that differentiates them from other cryptographic techniques. It's a way of proving knowledge without giving away the knowledge itself, which is not the primary function of many other cryptographic methods.
What is steganography?
And one last word on... steganography.
Steganography is a technique used in information security where the aim is to hide a secret message within another ordinary, non-secret message.
This is done in such a way that an observer cannot detect the presence of the secret message. The word "steganography" comes from Greek and means "concealed writing".
It differs from cryptography, where the existence of the message itself is not disguised, but the content is encrypted. In steganography, the very existence of the message is concealed.
Common examples of steganography include hiding a text message within the least significant bits of an image or a sound file or using invisible ink to write on a physical medium - we've all done this with lemon juice when we were kids, right?
It is used in various applications, from digital rights management to covert communication and secret data storage.
Cryptography-related contents
- Cryptography in 100 words: The Indian Times
- Cryptanalysis and type of attacks - Geek for Geeks
- A brief history ofpioneering women in technology
- Digital currenciesand crypto money: the central banks strike back
- What is quantum cryptography?CSO - 12 March 2019
As a seasoned expert in the field of encryption and cryptography, my deep understanding of the subject matter enables me to provide comprehensive insights into the concepts mentioned in the article. My knowledge spans the historical evolution of cryptography, the development of various encryption methods, and the contemporary challenges faced by encryption technologies.
The article begins by highlighting the significance of encryption in securing personal data during online activities such as shopping and banking. It delves into ancient cryptographic practices, including the use of the scytale device by the ancient Spartans and the earliest instances of cryptography in ancient Egypt.
The concepts of ciphers and cryptography are elucidated, emphasizing that a cipher encodes or encrypts information to make it unreadable without the correct decoding key or algorithm. The distinction between cryptography and encryption is clarified, with the former being the science of concealing messages with a secret code and the latter being the process of encrypting and decrypting data.
The narrative then progresses through key historical milestones, such as Julius Caesar's cipher, the Playfair Cipher, and the invention of rotor machines like the Enigma during World War II. The article highlights the role of individuals like Marian Rejewski and Alan Turing in deciphering encrypted messages, contributing to the Allies' victory.
The transition to modern cryptography is explored, with a focus on the development of computer-based encryption in the early 1970s. The Data Encryption Standard (DES) and its eventual replacement by the Advanced Encryption Standard (AES) are discussed. Public Key Infrastructure (PKI) and elliptic-curve cryptography (ECC) are introduced as significant advancements, particularly in ensuring digital privacy and security.
The article also covers recent events, such as the infiltration of the Sky ECC cryptophone network by Belgian and Dutch police, underscoring the importance of robust encryption practices. A list of major encryption algorithms and their respective dates of creation is provided, offering a comprehensive overview of cryptographic evolution.
The article concludes by addressing future challenges, specifically the potential impact of quantum computing on existing asymmetric cryptographic algorithms. It touches on the emergence of quantum cryptography as a potential solution and emphasizes the need for organizations to prepare for cryptographic transitions.
Additionally, the article briefly explores the concepts of tokenization and its benefits over encryption in certain scenarios. It touches on cryptography versus zero-knowledge proofs, highlighting their distinct purposes within information security. Finally, steganography, a technique for hiding secret messages within non-secret ones, is introduced as another facet of information security.
In summary, my expertise allows me to dissect and expound upon the intricate concepts of encryption, cryptography, and related topics covered in the provided article.
