The history of cryptography

From instrument of war to IT standard

The topic of encryption is omnipresent for us today. Only those who protect their data and computers using the latest security standards are able to fend off cyberattacks and avoid data breaches. Cryptography is not an invention of modern times: Encryption methods were used as early as ancient Rome. Cryptography, however, primarily played a role in wartime before modern computers were invented. In ancient times, generals protected secret messages about planned conquests using methods they devised themselves. During the two world wars in the 20th century, the great powers were in a race to find the best encryption machines - and who was able to decipher the enemy's messages first. Today, the topic of cryptography is almost entirely limited to the digital space. A wide variety of IT solutions help protect messages and data from unauthorised access. Our journey through the history of cryptography shows where it all originated and what the future holds.

The origin: Steganography allows messages to disappear

Experts argue over the exact origins of cryptography. Some assume that the hieroglyphs of the ancient Egyptians already constituted a form of encryption. Others consider steganography to be the first surviving form of exchanging secret messages: This is not cryptography in the literal sense, since it served more to conceal than to encrypt communication. In ancient times, for example, the Romans used various forms of steganography. Around 50 AD, Pliny the Elder, an officer, wrote on parchment using the juice of the thithymallus plant. The juice becomes invisible on the paper when dry. Only by holding a candle behind the parchment is the writing revealed once more. If no thithymallus is available, lemon juice is another option for this method. Several hundred years before Pliny, a far more radical, inhumane steganography method is said to have already been in use: Slaves were abused as bearers of secret messages; their heads were shaved and messages were burnt or tattooed into their skin. Once the hair grew back, they were sent to the recipient of the message, who shaved the slave's head again to read the message.

A key as an exclusive secret: Caesar’s cipher 

One of the first forms of cryptography in the true sense was probably used by the Spartans around 500 BC - unsurprisingly for military purposes. They invented the so-called scytale, a cylindrical wooden stick with a fixed diameter. A narrow strip of parchment paper is wrapped around the baton and the secret text is then written along the scytale. When unwound, the message can only be read by those recipients with an identical wooden baton. A few centuries later, Roman general Julius Caesar invents a new encryption method for those times: the so-called Caesar cipher. This method is based on a very simple symmetrical encryption process using the letters of the alphabet. Each letter in a message is replaced by another letter. This is done by determining a shift in letters in advance - for example, by three places along the alphabet. The recipient of the secret message is informed of the correct shift in letters enabling the text to be deciphered. The Romans also use a deciphering disc specifically developed for this purpose. Incidentally, from a contemporary point of view, Caesar's cipher is considered very insecure, as it is easily cracked by pure trial and error. 

Selection by keyword: the Vigenère cipher

Contrary to the insecure Caesar cipher, the 16th century variant of the Frenchman Blaise de Vigenère relies on using a keyword to encrypt messages. Although the Vigenère cipher is also based on shifting letters in the alphabet, here the keyword determines how many letters are used in the shift of letters. That is, the first letter of the keyword determines the alphabet for the first letter of the plain text, the second letter determines the alphabet for the second plain text letter, and so on. An easier decoding method is to use a so-called Vigenère square. And even though Vigenère's method is extremely insecure compared to today's encryption methods, it was considered almost unbreakable far beyond the inventor's lifetime. 

Enigma: The duel of the machines

One of the most famous encryption machines of the last century is the so-called Enigma. The machine, built in 1918 and which at first glance looks like a conventional typewriter, was used during the Second World War, especially by German military forces. The Enigma's inner secret: three interchangeable rollers, each with 26 electrical contacts. Each contact is assigned to a letter of the alphabet and lights up a small lamp on the display panel. However, all the rollers are interlocked and rotate according to a complicated system, so that each letter when pressed is encrypted individually. This means, for example, that the name ANNA is transformed into the letter sequence OKIG - because the A and N from the original word are always encrypted by new secret letters. The message can only be decrypted if the recipient knows all the necessary settings. Then, in 1941, a team led by British computer scientist Alan Turing cracked Enigma. 

The age of the computer

The advent of the first generation of computers at the latest, marked the end of the age of mechanical encryption. In the 1970s, however, computers tended to be reserved to governments, research institutions and large companies owing to their high cost. The topic of encryption has only affected the general population since computers began to enter private households and the internet connected the entire world - which also made the almost unrestricted exchange of data possible.

The Data Encryption Standard (DES) encryption method is considered a revolutionary milestone in computer cryptography. The very people involved in its development bear witness to the extent of its scope: The client was the National Bureau of Standards (NBS) of the USA - today's National Institute of Standards and Technology (NIST). The development itself was undertaken by IBM. The symmetric algorithm is the first widely available non-military standardised encryption method. In the symmetric variant, one and the same key is used for both encryption and decryption. In the late 1970s, DES was used primarily at ATMs to encrypt the PIN. By 1997, there were weaknesses uncovered in the algorithm - in particular, the key was too short, so that thanks to increased computer performance, the DES could be cracked by pure trial and error. As the defects were quickly remedied, the process is still in use today. It is far less common, however, than the Advanced Encryption Standard (AES), which has been better able to withstand attacks since the early 2000s thanks to new architectural concepts. 

In parallel to symmetric encryption techniques, computer scientists also developed procedures based on asymmetric methods in the 1970s. The difference to symmetric variants like DES or AES: Here, two keys are required to decrypt the data - the so-called public key and the private key. The sender uses the former, which is freely accessible, to encrypt the message. The private key, in turn, is used for decryption - and only the recipient has access to it.  Well-known methods based on this principle are the RSA method or methods based on elliptic curves.

Encryption via certificates

The analogue world uses official identification documents to verify our identity. The digital world is where certificates are capable of taking over this function. A certificate is nothing more than a data record that enables the verification of the identity of persons, servers, organisations and objects. The certificate information shows, for example, who issued the certificate, who it is issued to, and how long it is valid for. The most important feature is the public key, which is only available to the certificate holder with the corresponding private key. Data is encrypted using the public keys contained in the certificate. https://www.bundesdruckerei.de/de/innovation-hub/wie-zertifikate-die-digitalisierung-sicherer-machen. The widely-used S/MIME protocol is also based on asymmetric encryption and this certificate system. Anyone who wishes to encrypt and sign their emails with S/MIME is required to register with a corresponding certification authority https://www.bundesdruckerei.de/de/innovation-hub/fuenf-merkmale-einer-vertrauenswuerdigen-zertifizierungsstelle and apply for a certificate.  A certification authority of this type may be a trust service provider such as https://www.bundesdruckerei.de/de/glossar#glossar-V. The sender now uses the recipient's public key https://www.bundesdruckerei.de/de/innovation-hub/sechs-tipps-fuer-den-erfolgreichen-aufbau-einer-pk to encrypt its email. The recipient is only able to decrypt the message with the private key. The certificate procedure has many advantages for communication between the parties: The recipient is assured that the sender of the email has been verified by the trust service provider, an independent entity. And an additional signature also ensures that the email has not been altered unnoticed during transmission. 

The future: Post-quantum cryptography

This is the computer generation of the future: Quantum computers https://www.bundesdruckerei.de/de/innovation-hub/quantencomputing-neue-regeln-fuer-die-superrechner promise unprecedented computing performance, but consequently pose immense risks to the security of our data. They pose a challenge to many of the encryption methods that have existed to date. How we protect ourselves against attacks with quantum computers is the subject of so-called post-quantum cryptography. Companies, governments, and scientists are already conducting intensive research into ways to develop quantum computer-resistant https://www.bundesdruckerei.de/de/innovation-hub/technologien-fuer-die-aera-der-quantencomputer encryption systems. It is not yet possible to say which processes may actually become the new standard. The U.S. NIST is currently working with the global research community to develop standards for quantum computer-resistant cryptographic methods. 

The topic of quantum computing has now also taken a firm place in the Bundesdruckerei Group. This is demonstrated by three projects in particular: The PlanQK project, for example, where Bundesdruckerei GmbH and partners are developing a platform that facilitates access to quantum-based AI applications. Another goal is to use quantum technologies to protect identity systems. As an integral part of the PoQuID project, where Bundesdruckerei GmbH is testing quantum-resistant cryptography for the ID card. In the FLOQI project, where D-Trust GmbH and its partners are developing a new generation of public key infrastructure (PKI) designed to withstand attacks by quantum computers. The aim here is to increase the crypto-agility of systems or production facilities with long lifetimes - in other words, to render encryption algorithms agile, i.e. fast and during operation, capable of being integrated or exchanged.