The history of encryption: the roots of modern-day cyber-security

The history of encryption: the roots of modern-day cyber-security

The need to hide messages and their meaning from prying eyes (that is, encrypting them) probably surfaced not long after humankind invented writing. The timeline of the history of encryption is long. Encryption can be traced back to its religious use in ancient Egypt, and Greek and Roman military culture, to the World Wars and the creation of the first computer, to finally arrive at its modern use in the era of the World Wide Web.

Today, encryption is used in everyday modern life, and in most cases, users are unaware of it. Encryption is used mostly to handle transactions over insecure channels of communication, such as the internet. Let’s take a look at the history of encryption algorithms in order to understand their significance over time.

A brief history of cryptography

Cryptography is the science or study of techniques of secret writing and hiding messages in any medium. Encryption is only one component of cryptography, in which an original plaintext or data is transformed into a ciphertext that prevents malicious third parties from understanding its content.

The increasing value of knowledge, and in modern times, data, has spurred the evolution of cryptography. The oldest known cryptography preserved religious or commercial knowledge and was then influenced by the need for secure military communication. The next drastic changes came when secure commercial and private communication became a general necessity. Since the 1980s, computers and the internet have increasingly come to dominate our lives. Thus, in the Information Age, all communication is best encrypted, regardless of it being between humans, machines, or humans and machines.

When was encryption invented, and by whom?

The earliest written evidence of encryption can be traced to ancient Egypt. Nearly 4,000 years ago, the tomb of nobleman Khnumhotep II contained a script recording his deeds in life. However, some unusual hieroglyphs were used that obscured the original meaning of the text. Ancient encryption in Egypt was used mainly to protect knowledge, as education was a privilege limited to the highest circles of society and was also a way to show one’s skills in writing. It was also used for religious reasons, for example, to discuss taboos.

The first recorded instance of encryption being used for military purposes dates to around 500 BC. Spartan encryption used an invention called the scytale, which allowed secret messages to be sent and received. A narrow strip of parchment was wound around the device, and the text was written along the length of the device. Once the strip was wound off the cylinder, the text became unreadable unless the reader possessed an identical cylinder. This was the first time the concept of a common key, seen even today in modern cryptographic technologies, was used for both encryption and decryption.

What was the first type of encryption?

The first encryption was the substitution cipher which used a very simple method of replacing units (letters or groups of letters) with other units based on a set of substitution rules, e.g., A=N, B=O, etc. Before computers, the security of encryption was ensured by keeping cipher keys with the sender and receiver. Thus, even if the messenger was captured, the content of the message remained undecipherable.

Roman encryption

Julius Caesar’s legions used the above technique to much success. The Caesar Cipher used the normal sequence of the alphabet but shifted letters to a fixed number of letters further down the alphabet (If A becomes E, then B becomes F). Although such shift ciphers are considered some of the simplest forms of encryption today, the Caesar Cipher was only cracked around 800 AD. The Arab mathematician Al-Kindi looked at the frequency of letters in the encrypted message to determine the shifting rule. The shortest words that frequently appear in a text also help break such codes: e.g., and, the, as, so.

World War 2 encryption

Before and during WW2, encryption changed dramatically as machine and electromechanical encryption and decryption were born. The process contributed to the invention of modern computers. Arthur Scherbius invented the rotor and gear-based Enigma machine. In the early years of the war, the Germans could pass orders and information in total secrecy as a result. Cracking the code would have required trying around 17,000 different combinations within 24 hours.

Breaking Enigma was a necessity to the allied war effort, which led to the institutionalization of cryptography as a science and also inspired Alan Turing to develop and use the first machine capable of using computing power to break encryption.

Through the early 1970s, cryptology was dominated by governments both because computers were very expensive and because of the need for information retention.

Several factors pushed encryption towards the mainstream. The most important of these was the invention of the World Wide Web in 1989 and the widespread use of computers. Both industrial-commercial and personal communication had to be protected. For example, financial services were some of the first to require secure electronic transactions. Other businesses wanted to secure their digitally stored trade secrets. Finally, individuals wanted to rest assured that their online communication was secure. Today virtually all digital communication is, or should be, encrypted.

RSA encryption history

In modern cryptography, the security of encryption depends not on the encryption method (or algorithm) but the secrecy of the keys used for encryption and decryption.

The brilliance of the RSA algorithm (named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman) lies in the use of asymmetric cryptography to generate a public and a private key pair both based on a large prime numbers algorithm. To better understand how symmetric keys work, remember the scytale used by the Spartans. The message was encrypted with the use of a certain length and shaped cylinder, and both sender and receiver had to have the same type of cylinder for both encryption and decryption. The problem begins when the key is compromised, meaning the contents of the message can be read. This was less of a risk with physical tools but much easier in the digital world, allowing both sender and receiver to be exploited.

RSA introduced the concept of a public-private key pair for encryption. The public key is used to encrypt data, which can then only be decrypted with the corresponding private key. Although the two keys are mathematically related, calculating the private key from the public is extremely complex and time-consuming, thanks to a mathematical problem called prime factorization. The RSA algorithm also laid down the foundations for modern authentication methods as the use of a private-public key pair was perfect for identifying if the sender is who he says he is and also ensured better safety in messaging.

Encryption today

Modern encryption is a part of our everyday lives, and it happens every second without most people being aware of it. But why is encryption used so often today?

Simply put, it’s no longer only humans that communicate. Every time a computer connects to the internet, you visit a webpage (HTTPS), use a messaging or e-mail application on your phone, computers, devices, and software are communicating with each other via the internet, Bluetooth, WiFi.

The problem is that computers are also very good at deciphering encryption because of the sheer volume of mathematical operations they can complete in a second. As a result, securing the internet with modern cryptography is complex. The encryptions methods must be sophisticated and also fast enough to secure channels in which data transfer occurs. New types of encryption are based on complex mathematical problems/algorithms and implement a combination of symmetrical and asymmetrical key encryption schemes to secure communication.

Symmetrical key generation uses either stream cipher or block cipher. RC4 is the most widely used stream cipher in which a stream of random numbers is combined with the original message. The technique is used in Secure Socket Layer (SSL) and Wired Equivalent Privacy (WEP)

Current encryption standards adopted by governments and the US National Security Agency are generally based on the AES block cipher, which encrypts a fixed-length group of bits: i.e., it takes a 128-bit block plaintext and outputs a ciphertext of the same size. Other popular block ciphers are Blowfish, Twofish, DES.

Secure authentication (identifying a user and their eligibility for access) and digital certification is also established by using encryption and using private, public, and session keys. Hypertext Transfer Protocol Secure (HTTPS) is a secure extension of the HTTP protocol. In this case, the communication protocol used on the internet to access a website is encrypted using the Transport Layer Security (TLS) protocol, which prevents eavesdropping, tampering, especially man-in-the-middle attacks.

Data and metadata are now the single most valuable assets in the world. With the widespread use of cloud services, especially public clouds accessible through the internet, securing valuable data has become an ever-increasing priority for everyone.

What is the best encryption technology today?

For data at rest, AES 256 Bit (14 round CBC) is considered the best and is unbroken to this day. It uses the Rijndael block cipher with a symmetric-key algorithm.

For data in transit, e.g., secure websites, TLS 1.2 RSA is considered best. RSA claims that 2048-bit keys will be sufficient until 2030, and beyond 2030, 3072 bits should be used to ensure continuous security. NIST key management guidelines further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys. This means that the strength of encryption now mainly depends on the length of the key being used. Tresorit uses 4096-bit RSA keys.

The future of encryption and cybersecurity

It is now clear that cloud computing is the way forward for nearly all users, including enterprises. Nevertheless, the question of how data security, privacy, and integrity can be reinforced remains. Companies increasingly understand the importance of confidentiality (see GDPR, ePrivacy Regulations) and demand transparency, alongside proper security controls from cloud providers. The future of encryption and decryption will have to address how data is handled by cloud services and their customers.

One threat to the future of cybersecurity is the advancement of quantum computing, as the technology’s superior capacity to factor large numbers would pose a serious threat to encryption algorithms (see RSA based on large prime numbers). Quantum-safe cryptography methods are in development. For example, Lattice cryptography would ensure that data is hidden by embedding it inside complex math problems (or algebraic structures) called lattices.

The inherent nature of cloud computing services is another common problem, as they can leave valuable company data exposed during computation and processing. Fully Homomorphic Encryption (FHE) would allow data to remain encrypted during computation in any type of cloud infrastructure that processes it, thus providing a safer use of hybrid cloud solutions without sacrificing security. As an extension of public-key cryptography, homomorphic refers to homomorphism in algebra, a structure-preserving mapping from one mathematical structure to another one of the same type. The encryption and decryption functions in this method mean that only a map is created between plaintext and ciphertext spaces without using actual decryption.

The third most important player in the future of encryption will be machine learning or Artificial Intelligence. AI functionalities can perform analyses on vast amounts of data, see complex patterns, and can thus be used to uncover flaws or vulnerabilities in newly developed cryptographic systems. Testing cryptographic systems before they become the new standard is necessary to get ahead of hackers who could utilize the same technology to find vulnerabilities.

Encryption at Tresorit

At Tresorit, we believe in your right to keep your digital valuables safe. All files stored in Tresorit are protected by our zero-knowledge client-side end-to-end encryption. Let’s break that down a bit. Zero-knowledge means that Tresorit knows nothing about what’s in your files or what you change in them. Furthermore, through zero-knowledge authentication, Tresorit will never have access to your password either, as all authentication happens without it leaving your device. This is part of our client-side encryption, which means that no data ever leaves your device in unencrypted form. Finally, end-to-end means that files remain encrypted throughout their lifecycle. As you hold the keys, no one can open them unless you share them.

On the more technical side, Tresorit uses a symmetric key encryption algorithm, more specifically AES-256, in OpenPGP CFB mode described in RFC4880 to encrypt all uploaded files and folders. Every file has a unique, independent, and freshly generated 256-bit encryption key. Each version of a file has a random 128-bit IV. As a result, its encrypted form changes completely, even if only one bit is changed in the file. In practice, this ensures that neither Tresorit nor others have any information about the changes made. Folders are encrypted the same way, and the integrity of all ciphertexts is protected with HMAC-SHA-512.

To learn more about our encryption and authentication technologies, read our Encryption whitepaper or visit our Security page for an overview.