Back in the days of World War I, MI6(SSB-the Secret Intelligence Service) discovered that semen could actually serve as invisible ink. Yes, you read that right. MI6, the British intelligence service, got a bit creative when Captain Sir Mansfield George Smith-Cumming suggested this unique method to hide secret messages. Apparently, it was a clever way to keep things under wraps from the Central Powers, although today, it might make you chuckle or scratch your head in disbelief. Luckily, in the age of the internet, we’ve moved on to more sophisticated, and let’s say less awkward, methods of keeping secrets. But it’s proof that spies have always been good at thinking outside the box.
While the story above is an example of steganography, today’s topic is different. Today, we will discuss how, in this age of the internet, we hide messages from others, not only on our phones or computers but also on the internet.
What is Encryption?
Encryption is the technique used to encrypt data so that it cannot be accessed by someone for whom it is not intended. It has been used since the ancient age of empires, but the first noted use of encryption was by Egyptians in BC 1900. Hieroglyphs carved into the tomb of Khnumhotep II displayed non-standard symbols considered to be a form of encryption, essentially marking the earliest evidence of cryptography. One of the earliest and most famous examples of encryption was used by Julius Caesar to protect his military messages. In this cipher, each letter in the plaintext is shifted by a fixed number of positions in the alphabet. We will look at the example and formation of Caesar Cipher when we talk about Symmetric encryption. Al-Kindi, an Arab polymath, made significant contributions to cryptanalysis and is often credited as the first person to formally describe letter frequency analysis, which involves analyzing the frequency of letters in a ciphered text to decode it. We will discuss this also.
The History!
Wartime generally creates a greater need for scientific advancements than at any other time, and like many other scientific discoveries and inventions, many cryptographic and encryption-related discoveries were invented during and after the First World War, Second World War, and Cold War, among others.
The Enigma Machine used by Nazi Germany during World War II is one of the most famous and sophisticated encryption devices in history. It used a series of rotating wheels to scramble messages, and the machine’s settings changed daily, making it incredibly difficult to decrypt without knowing the settings. At that time, messages encrypted using an enigma machine were considered unbreakable. However, a team of cryptanalysts at Bletchley Park in the UK, led by Alan Turing, cracked that. And then, with the development of modern computers during the Cold War, we saw the Rise of Public-Key Cryptography.
In this multipart article series on encryption, I will summarize current encryption techniques. The first part will be an overview, and then we will dive deep into each technique.
Encryption techniques can be divided into two types: Symmetric Encryption and Asymmetric or Public Key encryption.
Symmetric Encryption
In Symmetric Encryption, we encrypt our message with an algorithm and possibly a secret key. To decrypt the message into plain text or in the form that it was before encrypting, we need both the algorithm and the secret key that was used during encryption. Once someone has the algorithm and the key, he would be able to break the encrypted message and read that. Before Clifford Cocks invented RSA in 1973, which was the first widely used asymmetric encryption technique, symmetric encryption techniques were the only way to encrypt messages.
Earlier, we discussed the ceaser cypher, one of the earlier encryption techniques. Now, let’s understand how Caesar’s cypher works.
Caesar cipher, also known as the shift cipher, is one of the simplest and earliest encryption techniques. It works by shifting the letters in a message by a fixed number of places in the alphabet. The alphabet is treated as a circular sequence (e.g., after ‘Z’ comes ‘A’). Each letter in the plaintext is shifted by a fixed number, known as the key. To encrypt a message, each letter in the plaintext is replaced by the letter that is a fixed number of positions down the alphabet.
For example, with a shift of 3:
‘S’ → ‘V’, ‘H’ → ‘K’, …, ‘A’ → ‘D’, ‘F’ → ‘I’, ‘Y’ → ‘B’, ‘E’ → ‘H’, ‘T’ → ‘X’
So “SHAFAYET” becomes “VKDIDBHX”.
Decryption reverses the process by shifting in the opposite direction.
For a shift of 3:
‘V’ → ‘S’, ‘K’ → ‘H’, …, ‘D’ → ‘A’, ‘I’ → ‘F’, ‘B’ → ‘Y’, ‘H’ → ‘E’, ‘X’ → ‘T’
And “VKDIDBHX” again turns into “SHAFAYET”.
However, as we can see, it is not a strong encryption technique. With only 25 possible keys (shifts), it is easy to brute-force. Additionally, since the Caesar cipher does not change the frequency of letters, it is vulnerable to frequency analysis attacks, as we discussed earlier. Al-Kindi’s analysis of letter frequency is one of the earliest documented works in cryptanalysis from the 9th century.
Letter frequency analysis is a cryptanalytic technique used to break substitution ciphers, including Caesar ciphers. This method exploits the fact that certain letters appear more frequently in a language than others. For example, in the English language, letters such as E, T, A, O, I, and N are more common, while Z, Q, X, and J are rarer. These patterns vary across languages but are consistent enough within each language to be exploitable.
When a ciphertext is intercepted, the frequency of each letter can be compared to the expected frequency of letters in the language. This comparison helps cryptanalysts deduce the substitution scheme. For instance, if the most frequent letter in the ciphertext is G and the most frequent letter in English is E, it might be hypothesised that G represents E. By extending this comparison across the entire ciphertext, cryptanalysts can systematically reconstruct the substitution pattern.
Although the Caesar cipher is rarely used today, symmetric encryption remains an important piece of modern computing and network security, alongside public key encryption. In contemporary applications, symmetric block encryption algorithms are the primary tools for securing data. These algorithms operate by dividing plaintext into fixed-size blocks, which are then encrypted to produce ciphertext blocks of the same size. Longer plaintexts are processed sequentially, one block at a time, using the encryption algorithm.
The most common symmetric encryption algorithms, all of which are block ciphers, include:
- DES (Data Encryption Standard) is an early encryption standard that is now largely obsolete due to its short key length.
- Triple DES (3DES): A more secure enhancement of DES that applies the DES algorithm three times to each data block.
- AES (Advanced Encryption Standard) is the current standard for encryption. It offers robust security and efficiency and is widely adopted across industries.
We will discuss each of these algorithms in detail in future parts of this article, along with the usage of symmetric encryption in message authentication, hash functions, and others. But now, let’s see what Asymmetric or Public-Key encryption is.
Then why Asymmetric or Public-Key Encryption?
One significant limitation of symmetric encryption is the requirement that both the sender and receiver use the same key. If an unauthorised party gains access to this key, they can decrypt the messages and compromise the entire communication. To address this vulnerability, public key encryption was introduced, a groundbreaking concept proposed by Diffie and Hellman in 1976.
Public key encryption is based on complex mathematical functions rather than simple operations on bit patterns. Its key innovation lies in the use of two distinct keys: a public key for encryption and a private key for decryption. The public key can be freely shared, allowing anyone to encrypt a message intended for a specific recipient. However, only the recipient, who holds the corresponding private key, can decrypt the message. Since the private key is never shared, it remains secure even if the public key is widely distributed. This separation of keys not only resolves the key-sharing problem but also forms the foundation of secure communications in modern cryptography. Public key encryption is commonly used in securing communications over the internet in protocols like SSL/TLS, which encrypts data exchanged between web browsers and servers. When we visit a secure website(that has https at the beginning of the link), SSL/TLS ensures that the data exchanged between your browser and the server is encrypted. If we put it, then the server will present its public key to the client. The client generates a random symmetric key (used for faster encryption, which will be discussed later) and encrypts it with the server’s public key. The server decrypts the symmetric key with its private key and establishes a secure communication channel using symmetric encryption (e.g., AES). Public key encryption is also used in digital signatures, encrypting data-at-rest and many other scenarios. Like everything in this world, public key encryption has limitations like performance, key size, etc., which we will discuss in future parts. This is enough for today.
To receive posts and blogs like this regularly, follow Shafayet Ahmad on LinkedIn and follow this blog.