Ciphers have been in use since around 3,000B.C., but their importance and relevance for information security has really come to the mainstream with the growth of the Internet and the escalating volumes of data exchanged on line every day.
The history of ciphers and encryption is a compelling one – being a constant battle between encryption by cryptographers and decryption by cryptanalysts. That has brought repeated cycles of development of a cryptographic algorithm, attempts to break it, followed by a new cipher algorithm to replace the obsolete ones.
And that battle goes on today, with the big focus now on preventing keys from being factored/hacked. Most of us will no doubt have come into contact with the RSA algorithm in our daily working lives, for its influence has been massive. Since the RSA algorithm was first publicly described in 1977 by Ron Rivest, Adi Shamir, and Len Adleman, 17 key sizes have been factored, with the highest key size so far being RSA 768-bit in 2009. However, as computing power increases, so does the threat that RSA 1024-bit will be factored, too. As always, it’s only a matter of time.
But before I tell you what the future holds in the war against the cybercriminals – and the major new developments waiting in the wings – first let me take you on a brief ‘time travel’ journey through the ages, looking back at the major cryptographical milestones.
The oldest-known ciphers are said to be hieroglyphics (ancient Egyptian script) on monuments, dating back more than 5,000 years and considered undecipherable until the 19th century. But history tells us that nothing remains sacrosanct in the world of security forever!
The first century B.C. saw the emergence of the Caesar cipher, which was frequently used by the Roman Emperor Julius Caesar and is one of the most famous methods of cryptography. The cipher worked by substituting each letter in the original message for another letter located a fixed number of positions down the alphabet, which was only known by the sender and receiver (known as ‘shift ciphers’). As these ciphers can be easily decrypted by trying out a maximum of 26 shift numbers, using a random shift can vastly increase the number of permutations (to 26 x 25 x 24 x …. = 400000000000000000000000000!), rendering decryption far more difficult.
An encryption method that rearranges the sequence of characters based on a fixed rule is known as a ‘substitution cipher’. These are the most commonly used cryptography systems throughout history. However, substitution ciphers, including the simpler Caesar cipher, can all be decrypted using frequency analysis. This uses linguistic parameters to guess pre-encrypted letters based on how often they appear.
The development of modern communications precipitated a surge in cryptography and cryptanalysis during the First World War, with the decryption of even the most complex ciphers facilitated enormously by the advent of mechanical cipher machines. And none resonates more with the public consciousness than the redoubtable Enigma, invented by German engineer Arthur Scherbius in 1918. Enigma’s cryptography featured polyalphabetic substitution encryption. The unit was made up of multiple rotors, embedded with the 26 letters of the alphabet, known as a scrambler, and a plugboard, which carried out single alphabetic character conversions. For each letter input on the keyboard, the scrambler rotated one gradation, which enabled easy encryption or decryption, using a key that changed with each input letter.
Under threat of invasion by Germany, Poland invented an encryption machine known as Bombe, but improvements made to Enigma created an increasing number of encryption patterns, so it was uneconomical for Poland to continue its cryptanalysis work. Instead, in 1939, two weeks before the start of the Second World War, Poland passed on its research findings and decryption work to Britain. With this information, Britain was able to decrypt the German army’s pattern for Enigma, which meant the Enigma code was finally broken.
Any mention of ‘Enigma’ should instantly invoke the name of Alan Turing. Widely regarded as the father of computer science and artificial intelligence, it was he who devised the huge electro-mechanical ‘Bombes’ – forerunners to modern computers – which played a decisive part in Bletchley Park’s war-time triumph in the decrypting of Enigma, known as ‘Ultra’. Information thus gained about German movements and plans remained an important data source for the Allies until the end of the 1938-45 war. However, this breakthrough remained highly confidential, so Germany continued to use Enigma with complete faith until the end of the war. The fact that Enigma had been decrypted did not become public knowledge until 1974.
Since the Second World War, encryption and decryption have, of course, shifted from mechanical machine to computer, with the rapid spread of PCs in the private sector placing vital importance on cryptography for corporate commercial transactions and other civilian uses, as well as military applications. All of which takes us back to the cybercriminals and our never-ending battle to stay one step ahead of them. How can it be done? What new deterrents are waiting in the wings?
As we were writing this blog, a colleague made some interesting observations around RSA key sizes and the emergence of alternative algorithms.
We’ve also blogged here about Symantec’s Algorithm Agility program.