Cryptography is vital to the modern world. Every time you enter your password or bank details online, cryptography is used to ensure that your data remains private. Without it, everything you typed into any webpage would be open to scrutiny by all manner of malicious attackers. Thankfully, this is not the case.
Historic Ciphers
Historically, people's only option was to whisper quietly, but as you can imagine this was not very secure. Some people were lucky enough to have learnt how to read – writing something down was enough to keep it secret from just about everyone. However some people were paranoid – and so cryptography was born.
Monoalphabetic ciphers
These are a set of very simple ciphers which have been used for millennia – even Julius Caeser used one of these to communicate with his generals securely – secrecy has been terribly important to the military since people started fighting.
Monoalphabetic ciphers rely on replacing every occurrence of a letter with another letter. In the Caeser shift every letter is replaced by one that is a certain number of positions before or after it in the alphabet. If you know the shift, it is very simple to reverse it, though if you don't, it won’t take you too long to guess it. A better alternative links the alphabet to a shuffled version of the alphabet and making substitutions this way. It would take far longer to guess this ‘key’.
| Example with shift of 3 | ||||
| H | E | L | L | O |
| +3 | +3 | +3 | +3 | +3 |
| K | H | O | O | R |
All monoalphabetic have one major failing. They are incredibly prone to frequency analysis, which relies on letters being used different amounts. In English, the letter ‘e’ is extremely common and ‘z’ is fairly unusual. By counting how often encrypted letters appear, it is often possible to match these with unencrypted letters. This method was first documented by the Arab mathematician Al-Kindi in the 9th century.
Polyalphabetic ciphers
Polyalphabetic ciphers are very much the successor to monoalphabetic ciphers. While it is thought Al-Kindi was aware of these methods, they were not documented until the 15th century, 600 years after all monoalphabetic had been cracked!
Polyalphabetic ciphers rely on using multiple monoalphabetic ciphers for different parts of the text, the most secure using a different cipher for each letter. As there is now no direct mapping for the letters, frequency analysis is no longer possible. The monoalphabetic ciphers are often generated by using a keyword and then ‘adding’ the letters in the word to the text which is being coded. Alternatively, some make use of machines – the enigma machines used by the Germans during WWII are an example of this. These methods end up creating a loop of monoalphabetic ciphers which are applied to parts of the text in sequence.
| Example with the keyword ‘key’ | ||||||
| M (13) | E (5) | S (19) | S (19) | A (1) | G (7) | E (5) |
| +K (11) | +E (5) | +Y (25) | +K (11) | +E (5) | +Y (25) | +K (11) |
| X (24) | J (10) | R (18) | D (4) | F (6) | F (6) | P (16) |
If the length of the loop is too short, polyalphabetic ciphers are vulnerable to Kasiski examination. These make use of repeating strings of letters. It is guessed that the repeating letters are a repeated word in the original message and that they are at the same point in the loop. From this it is possible to guess the length of the loop and then to work out which letters are in the same monoalphabetic ciphers, allowing the use of frequency analysis.
Modern Encryption
While many polyalphabetic ciphers are still secure to all but the most determined attackers, all the above ciphers have one major flaw that makes them unusable on the internet – they required a shared key which could be intercepted if sent over the internet. It would also be somewhat impractical to travel to the servers of any website you want to visit and give them the key in person.
Public Key Encryption
Public Key encryption is a method of encryption which does not require any information to be shared beforehand and is pratically unbreakable, which makes it perfect for use over the internet. All of the above encryption methods have only one key which can be used to reverse its own encryption. Public key encryption, however, has a pair of keys – each of which can encrypt a message or decrypt a message encoded by the other key.
You can think of this method as like having a lock and a key. It is important that the lock can be closed without the key. Whenever someone wants to send a message, they simply ask for the other persons lock and use it to encrypt their message. They then send this and the reciever can use the key to ‘unlock’ the message.
As you can see, the lock can be sent to anyone, but only the person with the key can decrypt the message, meaning you don't need to share any information beforehand - you can give everyone the same key!
You may be wondering to yourself if it is possible to work out the shape of the key if you have the lock. It is – at least in theory. In reality, this is very hard to do, it relies on working out which two prime numbers multiply together to give another number. This sounds easy enough, but these numbers are typically 600 digits long, which makes it a bit of challenge; so much so that even with the most powerful supercomputer in the world, it would take longer than the lifetime of the universe to break one key. This process is somewhat impractical. On the other hand, if you want to generate a key pair, it is very easy to pick two big primes (from a database) and multiply them together.
Encryption techniques have certaintly come a long way – from simple letter shifts to (almost) unbreakable complex mathematical processes. The security of modern encryption is essential to the modern world, so much so that if you find a way to quickly factorise several hundred digits, you could probably break the internet in a very different way to cat pictures.