Going back to beginnings, it is clear that humans are naturally secretive creatures and have been communicating in code ever since they started to write; an obsession that has dramatically affected the outcome of wars, monarchies and individual lives.
The Allies' decryption of the Nazis' Enigma machine during the Second World War and Alan Turing’s involvement during the Battle of Britain readily springs to mind as to how the formidable mathematical task of breaking increasingly complicated codes led him and others to develop the Colossus — one of the fist computers.
I remember, years ago, reading Simon Singh’s The Code Book, about military espionage in Ancient Greece to modern computer ciphers and the remarkable science of cryptography and how it has changed the course of history.
I also remember being intrigued by the Zimmermann telegram and how America might not have become involved in the First World War if the famous Zimmermann telegram, offering Mexico territorial gains in return for entering the war on the German side, had not been broken by the British intelligence services.
We can go as far back to 1586, in Queen Elizabeth I reign, when Mary Queen of Scots was caught sending secret messages in her plot to assassinate Elizabeth and inherit the throne. The plot was uncovered by Francis Walsingham, the founder of the British secret service, through cryptanalysis. Queen Elizabeth's code breakers successfully deciphered Mary’s incriminating missives to her fellow conspirators, which led to her beheading.
The device used at the time was called a scytale, a tapered baton around which was wrapped a spiral strip of parchment or leather containing the message. Words were then written lengthwise along the baton, one letter on each loop of the strip. When unwrapped, the letters of the message appeared scrambled but the receiver then wrapped the parchment around a baton of the same shape and the original message appeared.
Another example in the historic use of ciphers is Julius Caesar, who allegedly used simple letter substitution. This example of conventional cryptography is called a “substitution cipher”, which is most frequently done by offsetting letters of the alphabet. For example, if we encode the word "SECRET" using Caesar's “key” value of 3, we offset S three letters forward and replace it with V, then E with H, and so on, until the plaintext word "SECRET" encrypts to "VHFUHW”. In order to allow someone else to read the ciphertext, all you need tell them is that the “key” value is 3.
Obviously, this is incredibly weak cryptography by today's standards but as unsophisticated as it looks, it seems to have worked in Caesar’s time and it illustrates how simple, conventional cryptography works. Now, with the internet, cryptographic encryption is vital to ensure secrets don't fall into the hands of competitors and how ordinary people use encryption to keep their everyday communications private and transactions secure in a free society.
With the advent of computers, both codemaking and codebreaking have become far more complex. For every electronic message in plaintext, confidentiality is required and so they must somehow be encrypted in a way that only the intended recipient can decrypt it. Cryptography typically combines with another sequence of random numbers called a “cryptographic key” to produce a “cryptogram”
Until the late 1960s it was thought impossible to encrypt securely without literally carrying the keys around in locked suitcases, but the 1970s saw a breakthrough and brought an ingenious mathematical solution: the so-called public-key cryptosystems. The discovery of this new encryption system was down to the three Americans: Whitfield Diffie, Martin Hellman and Ralph Merkle, even though in December 1997 the British Government officially confirmed that public-key cryptography was originally invented at the Government Communications Headquarters (GCHQ) in Cheltenham, England.
All it took was a couple of prime numbers whose strength is measured by the time and resources it would require to recover the plaintext. How difficult? Given all of today's computing power and available time — even a billion computers doing a billion checks a second — it is not possible to decipher the result of strong cryptography before the end of the universe.
For the mathematically minded, it works by using prime numbers and a special one-way mathematical function. Essentially all your computer does to create the public/private key pair is to take two prime numbers and multiply them together. For example: pxq=n or 11x17=187. In this case, 11 and 17 ("p" and "q") are used to calculate your private key while 187 ("n") and another number "e" become your public key. "e" can be any number.
In order to use these keys to encrypt data, a special one-way mathematical function is used, such as we use on a clock. If you start at 0 and count around the clock 50 hours you'll end up at 2, but if you only know the starting point it is impossible to get back to the original number. This is called a modular function, where the "mod" is the number of hours on the clock face. The above calculation would be shown: 50(mod 12)=2. So, to encrypt a message to a friend would you would use the formula: C=Me(mod N) where C is the resulting encrypted number, M is the number you want to encrypt, e is one part of your public key, and N is the multiple of the two prime numbers that make your private key.
In order to decrypt the number you need calculate your private key "d" according to the following formula: exd=1 (mod (p - 1) x (q - 1)). Once that is done you can decrypt the message using this formula: M=Cd (mod N) where M is the decrypted number, C is the encrypted number, d is your private key, and N is the multiple of the two prime numbers that make your private key.
But lthe maths aside, let’s just put all this in perspective. I have installed WordPress on many of my clients’ servers so that they are given the opportunity to send out press releases and publish professional blogs. The software automatically generates a six-digit alphanumeric password.
On all these blogs the password has been easily hacked, as six digits are vulnerable to a "brute force" attack — basically trying each of the possible keys until you find the one that decrypts the message. Now consider 128-bit encryption: the number involved here is 2^128, or 2 multiplied by 2, 128 times over. The resulting number is: 339,000,000,000,000,000,000,000,000,000,000,000.
One would think, then, that the strong cryptography employed would hold up rather well against even an extremely determined cryptanalyst. No one has proven that the strongest encryption obtainable today will hold up under tomorrow's computing power but the strong cryptography employed is the best available.
So what happens to a credit card when it is actually processed? All credit card transactions are completed using a 128-bit SSL Encrypted Secure Transaction, transmitting the information to a bank's Secure SSL Server, requiring a 128-bit transaction.
So the next time you worry about transactions on the internet but leave your chit on the restaurant or bar table after you’ve paid the bill, remember that prior to January 2000 the US government placed restrictions on US vendors, preventing the export of "strong" cryptography. It doesn't leave much to the imagination as to why.
