History of cryptography
|
|
The history of cryptography dates back thousands of years, and for the most part, it has been the history of classical cryptography; that is, methods of encryption which can be performed using pen and paper (or perhaps with simple mechanical aids). In the early 1900s, the invention of several complex mechanical and electromechanical machines, such as the Enigma rotor machine, allowed the use of more sophisticated and efficient methods of encryption, and the introduction of electronics and computing allowed elaborate schemes of even greater complexity.
There has also been a parallel history of cryptanalysis, that is, the breaking of codes and ciphers. From the early discovery of frequency analysis, the consequences of reading an adversary's communications has often proved to be profound. For example, the Zimmermann Telegram triggered the entrance of the United States into World War I, and the Allied breaking of Nazi Germany's ciphers may have shortened World War II by as much as two years.
Until the 1970s, secure cryptography was the sole preserve of governments. Two events brought cryptography into the public domain: the creation of a public encryption standard (DES); and the invention of public-key cryptography.
| Contents |
Classical cryptography
- See also: Classical cipher
The earliest known use of cryptography is found in non-standard hieroglyphs carved into monuments from Egypt's Old Kingdom (ca 4500+ years ago). These are not thought to be serious attempts at secret communications, however, but rather to have been attempts at mystery, intrigue, or even amusement for literate onlookers. These are examples of still other uses of cryptography, or of something that looks (impressively if misleadingly) like it. Later, Hebrew scholars made use of simple monoalphabetic substitution ciphers (such as the Atbash cipher) beginning perhaps around 500 to 600 BCE. Cryptography has a long tradition in religious writing likely to offend the dominant culture or political authorities. Perhaps the most famous is the 'Number of the Beast' from the book of Revelations in the Christian New Testament. '666' might be a cryptographic (i.e., encrypted) way of concealing a dangerous reference; many scholars believe it's a concealed reference to the Roman Empire, or more likely to the Emperor Nero himself, (and so to Roman persecution policies) that would have been understood by the initiated (who 'had the key to understanding'), and yet be safe or at least somewhat deniable (and so 'less' dangerous) if it came to the attention of the authorities. At least for orthodox Christian writing, most of the need for such concealment ended with Constantine's conversion and the adoption of Christianity as the official religion of the Empire.
Skytala&EmptyStrip-Shaded.png
The Greeks of Classical times are said to have known of ciphers (e.g., the scytale transposition cipher claimed to have been used by the Spartan military). Herodotus tells us of secret messages physically concealed beneath wax on wooden tablets or as a tattoo on a slave's head concealed by regrown hair, though these are not properly examples of cryptography per se as the message, once known, is directly readable; this is known as steganography. The Romans certainly did know something of cryptography (e.g., the Caesar cipher and its variations). There is ancient mention of a book about Roman military cryptography (especially Julius Caesar's); it has been, unfortunately, lost.
In India, cryptography was also well known. It is recommended in the Kama Sutra as a technique by which lovers can communicate without being discovered.
Medieval cryptography
It was probably religiously motivated textual analysis of the Qur'an which led to the invention of the frequency analysis technique for breaking monoalphabetic substitution ciphers sometime around 1000 CE. It was the most fundamental cryptanalytic advance until WWII. Essentially all ciphers remained vulnerable to this cryptanalytic technique until the invention of the polyalphabetic cipher by Alberti (ca 1465), and many remained so thereafter.
Cryptography became (secretly) still more important as a consequence of political competition and religious revolution. For instance, in Europe during and after the Renaissance, citizens of the various Italian states, the Papal States and the Roman Catholic Church included, were responsible for rapid proliferation of cryptographic techniques, few of which reflect understanding (or even knowledge) of Alberti's advance. 'Advanced ciphers', even after Alberti, weren't as advanced as their inventors / developers / users claimed (and probably even themselves believed); this over-optimism may be inherent in cryptography for it was then, and remains today, fundamentally difficult to really know how vulnerable your system actually is. In the absence of knowledge, guesses and hopes, as may be expected, are common.
Cryptography, cryptanalysis, and secret agent/courier betrayal featured in the Babington plot during the reign of Queen Elizabeth I which led to the execution of Mary, Queen of Scots. An encrypted message from the time of the Man in the Iron Mask (decrypted just prior to 1900 by Étienne Bazeries) has shed some, regrettably non-definitive, light on the identity of that real, if legendary and unfortunate, prisoner. Cryptography, and its misuse, were involved in the plotting which led to the execution of Mata Hari and in the conniving which led to the travesty of Dreyfus' conviction and imprisonment, both in the early 20th century. Fortunately, cryptographers were also involved in exposing the machinations which had led to Dreyfus' problems; Mata Hari, in contrast, was shot.
Outside of Middle East and Europe, cryptography remained comparatively undeveloped. Cryptography in Japan was not used until 1510, and advanced techniques were not known until after the opening of the country to the West in the 1860s.
See also: Voynich Manuscript
Cryptography from 1800 to World War II
Although cryptography has a long and complex history, it wasn't until the 19th century that it developed anything more than ad hoc approaches to either encryption or cryptanalysis (the science of finding weaknesses in crypto systems). Examples of the latter include Charles Babbage's Crimean War era work on mathematical cryptanalysis of polyalphabetic ciphers, rediscovered and published somewhat later by the Prussian Friedrich Kasiski. Understanding of cryptography at this time typically consisted of hard-won rules of thumb; see, for example, Auguste Kerckhoffs' cryptographic writings in the latter 19th century. Edgar Allan Poe developed systematic methods solving ciphers in the 1840s. In particular he placed an notice of his abilities in the Philadelphia paper Alexander's Weekly (Express) Messenger, inviting submissions of ciphers, which he proceeded to solve. His success created a public stir for some months. He later wrote an essay on methods of cryptography which proved useful in deciphering the German codes employed during World War I.
Mathematical methods proliferated in the time leading up to World War II (notably in William F. Friedman's application of statistical techniques to cryptanalysis and cipher development and in Marian Rejewski's initial break into the German Army's version of the Enigma system). Both cryptography and cryptanalysis have become far more mathematical since WWII. Even so, it has taken the wide availability of computers, and the Internet as a communications medium, to bring effective cryptography into common use by anyone other than national governments or similarly large enterprises.
World War II cryptography
By World War II mechanical and electromechanical cryptographic cipher machines were in wide use, although where these were impractical manual systems continued to be used. Great advances were made in both practical and mathematical cryptography in this period, all in secrecy. Information about this period has begun to be declassified in recent years as the official 50-year (British) secrecy period has come to an end, as the relevant US archives have slowly opened, and as assorted memoirs and articles have been published.
The Germans made heavy use (in several variants) of an electromechanical rotor based cipher system known as Enigma. Marian Rejewski, in Poland, attacked and 'broke' the early German Army Enigma system (an electromechanical rotor cipher machine) using theoretical mathematics in 1932. It was the greatest breakthrough in cryptanalysis in a thousand years and more. The Polish break into Enigma traffic continued up to '39, when changes in the way the German Army used Enigma required more resources to continue the break than the Poles had available. They passed their knowledge, some sample machines, on to the British and French that summer. Even Rejewski and his fellow mathematicians and cryptographers from the Biuro Szyfrow ended up with the British and French after the German blitzkrieg. The work was extended by Alan Turing, Gordon Welchman, and others at Bletchley Park leading to sustained breaks into several other of the Enigma variants and into the message traffic on the assorted networks for which they were used.
US Navy cryptographers (with cooperation from British and Dutch cryptographers after 1940) broke into several Japanese Navy crypto systems. The break into one of them, JN-25, famously led to the US victory in the Battle of Midway. A US Army group, the SIS, managed to break the highest security Japanese diplomatic cipher system (an electromechanical 'stepping switch' machine called Purple by the Americans) even before WWII began. The Americans referred to the intelligence resulting from cryptanalysis, perhaps especially that from the Purple machine, as 'Magic'. The British eventually settled on 'Ultra' for intelligence resulting from cryptanalysis, particularly that from message traffic enciphered by the various Enigmas. An earlier British term for Ultra had been 'Boniface'.
The German military also deployed several mechanical attempts at a one-time pad. Bletchley Park called them the Fish ciphers, and Max Newman and colleagues designed and deployed the world's first programmable digital electronic computer, the Colossus, to help with their cryptanalysis. The German Foreign Office began to use the one-time pad in 1919; some of this traffic was read in WWII partly as the result of recovery of some key material in South America that was insufficiently carefully discarded by a German courier.
The Japanese Foreign Office used a locally developed electrical stepping switch based system (called Purple by the US), and also used several similar machines for attaches in some Japanese embassies. One of these was called the 'M-machine' by the US, another was referred to as 'Red'. All were broken, to one degree or another by the Allies.
SIGABA-patent.png
Allied cipher machines used in WWII included the British TypeX and the American SIGABA; both were electromechanical rotor designs similar in spirit to the Enigma, though with major improvements. Neither is known to have been broken by anyone during the war. Troops in the field used the M-209 and less secure M-94 family. British SOE agents initially used 'poem ciphers' (memorized poems were the keys), but later in the war, they began to switch to one time pads.
The Poles had prepared for wartime by building the LCD Lacida cipher device, which was kept secret even to Rejewski. When in July 1941 its security was verified by Rejewski, it took him just a few hours to crack it. Operational Procedures for LCS Lacida, which had no reflector rotor, were changed in a hurry. The relevance of messages sent with Lacida were, however, not comparable to enigma traffic, but interception could have meant the end of the crucial polish cryptanalyst effort.
Modern cryptography
Shannon
The era of modern cryptography really begins with Claude Shannon, arguably the father of mathematical cryptography. In 1949 he published the paper Communication Theory of Secrecy Systems (http://www3.edgenet.net/dcowley/docs.html) in the Bell System Technical Journal and a little later the book, Mathematical Theory of Communication, with Warren Weaver. These, in addition to his other works on information and communication theory established a solid theoretical basis for cryptography and for cryptanalysis. And with that, cryptography more or less disappeared into secret government communications organizations such as the NSA. Very little work was again made public until the mid '70s, when everything changed.
An encryption standard
The mid-1970s saw two major public (i.e., non-secret) advances. First was the publication of the draft Data Encryption Standard in the U.S. Federal Register on 17 March 1975. The proposed DES was submitted by IBM, at the invitation of the National Bureau of Standards (now NIST), in an effort to develop secure electronic communication facilities for businesses such as banks and other large financial organizations. After 'advice' and modification by the NSA, it was adopted and published as a Federal Information Processing Standard Publication in 1977 (currently at FIPS 46-3). DES was the first publicly accessible cipher to be 'blessed' by a national agency such as NSA. The release of its specification by NBS stimulated an explosion of public and academic interest in cryptography.
DES was officially supplanted by the Advanced Encryption Standard (AES) in 2001 when NIST announced FIPS 197. After an open competition, NIST selected Rijndael, submitted by two Flemish cryptographers, to be the AES. DES, and more secure variants of it (such as 3DES or TDES; see FIPS 46-3), are still used today, having been incorporated into many national and organizational standards. However, its 56-bit key-size has been shown to be insufficient to guard against brute force attacks (one such attack, undertaken by the cyber civil-rights group Electronic Frontier Foundation, succeeded in 56 hours -- the story is in Cracking DES, published by O'Reilly and Associates). As a result, use of straight DES encryption is now without doubt insecure for use in new cryptosystem designs, and messages protected by older cryptosystems using DES, and indeed all messages sent since 1976 using DES, are also at risk. Regardless of its inherent quality, the DES key size (56-bits) was thought to be too small by some even in 1976, perhaps most publicly by Whitfield Diffie. There was suspicion that government organizations even then had sufficient computing power to break DES messages; clearly others have achieved this capability.
Public key
The second development, in 1976, was perhaps even more important, for it fundamentally changed the way crypto systems might work. This was the publication of the paper New Directions in Cryptography (http://citeseer.nj.nec.com/340126.html) by Whitfield Diffie and Martin Hellman. It introduced a radically new method of distributing cryptographic keys, which went far toward solving one of the fundamental problems of cryptography, key distribution, and has become known as Diffie-Hellman key exchange. The article also stimulated the almost immediate public development of a new class of enciphering algorithms, the asymmetric key algorithms.
Prior to that time, all useful modern encryption algorithms had been symmetric key algorithms, in which the same cryptographic key is used with the underlying algorithm by both the sender and the recipient who must both keep it secret. All of the electromechanical machines used in WWII were of this logical class, as were the Caesar and Atbash ciphers and essentially all cipher and code systems throughout history. The 'key' for a code is, of course, the codebook, which must likewise be distributed and kept secret.
Of necessity, the key in every such system had to be exchanged between the communicating parties in some secure way prior to any use of the system (the term usually used is 'via a secure channel') such as a trustworthy courier with a briefcase handcuffed to a wrist, or face-to-face contact, or a loyal carrier pigeon. This requirement is never trivial and rapidly becomes entirely unmanageable when the number of participants increases beyond some (very!) small number, or when (really) secure channels aren't available for key exchange, or when, as is sensible cryptographic practice, keys are frequently changed. In particular, a separate key is required for each communicating pair if, as part of the crypto system design, no third party including another user is to be able to decrypt their messages. A system of this kind is known as a secret key, or symmetric key cryptosystem. D-H key exchange (and succeeding improvements and variants) made operation of these systems much easier, and more secure, than had ever been possible before.
In contrast, with asymmetric key encryption, there is a pair of mathematically related keys for the algorithm, one of which is used for encryption and the other for decryption. Some, but not all, of these algorithms have the additional property that one of the keys may be made public since the other cannot be (at least by any currently known method) deduced from the 'public' key. The other key in these systems must be kept secret and is usually called, somewhat confusingly, the 'private' key. An algorithm of this kind is known as a public key or asymmetric key system.
For those using such algorithms, only one key pair is needed per recipient (regardless of the number of senders) since possession of a recipient's public key (by anyone whomsoever) does not compromise the 'security' of messages so long as the corresponding private key is not known to any attacker (effectively, this means not known to anyone except the recipient). This quite surprising property of these algorithms made possible, and made practical, widespread deployment of high quality crypto systems which could be used by anyone at all.
Asymmetric key cryptography, Diffie-Hellman key exchange, and the best known of the public key / private key algorithms (i.e., what is usually called the RSA algorithm), all seem to have been independently developed at a UK intelligence agency before the public announcement by Diffie and Hellman in '76. GCHQ has released documents claiming that they had developed public key cryptography before the publication of Diffie and Hellman's paper. Various classified papers were written at GCHQ during the 1960s and 1970s which eventually led to schemes essentially identical to RSA encryption and to Diffie-Hellman key exchange in 1973 and 1974. Some of these have now been published, and the inventors (James Ellis, Clifford Cocks, and Malcolm Williamson) have made public (some of) their work.
Cryptography politics
This in turn broke the near monopoly on cryptography held by government organizations worldwide (see S Levy's Crypto for a journalistic account of the policy controversy in the US). For the first time ever, those outside government organizations had access to cryptography not readily breakable by government. Considerable controversy, and conflict, both public and private, began immediately. It has not yet subsided. In many countries, for example, export of cryptography is subject to restrictions. Until 1996 export from the U.S. of cryptography using keys longer than 40 bits was sharply limited. As recently as 2004, former FBI Director Louis Freeh, testifying before the 9/11 Commission, called for new laws against public use of encryption.
The most notable player in the advocacy of strong encryption for public use was Phil Zimmermann with his release of PGP (Pretty Good Privacy) in 1991. He distributed a freeware version of PGP when he felt threatened by legislation then under consideration by the US Government that would require back doors to be created in all cryptographic solutions developed within the US. His efforts in releasing PGP worldwide earned him a long battle with the Justice Department for the alleged violation of export restrictions. The Justice Department eventually dropped its case against Zimmerman, and the freeware distribution of PGP made its way around the world to become an open standard. (RFC2440 or OpenPGP)
Modern cryptanalysis
While modern ciphers like AES are considered unbreakable, poor designs are still sometimes adopted and there have been notable cryptanalytic breaks. Three notable examples of crypto designs which have been broken are the first Wi-Fi encryption scheme WEP, the Content Scrambling System used for encrypting and controlling DVD use, and the A5/1 and A5/2 ciphers used in GSM cell phones. In addition, none of the mathematical ideas underlying public key cryptography have been proven to be 'unbreakable' and so some future advance might render systems relying on them insecure. No competent observer foresees such a breakthrough, however. And the key size recommended for security keeps increasing as improved computer power becomes cheaper and incremental improvements in such things as integer factorization are made. The contest between crypto designers and cryptanalysts has hardly ended.
See also
References
- David Kahn, The Codebreakers. New York: Macmillan, 1967.
- Steven Levy, Crypto: How the Code Rebels Beat the Government -- Saving Privacy in the Digital Age, New York: Viking Press, 2001
External links
- Helger Lipmaa's links on historical cryptography (http://www.cs.ut.ee/~helger/crypto/)