Cryptography has been around since humans have needed to communicate with each other across barriers and from far distances. It has been used for thousands of years, first appearing as a method of maintaining secrecy between early civilizations like the ancient Egyptians, Greeks and Romans. In each of these territories, it can be argued that cryptography is a science and an art depending on what perspective one might take when evaluating it. Over the last few hundred years, cryptography has transformed from a mechanical practice to a digital one that nearly all companies and large enterprises must use in order to keep their documents safe.
In order to accurately evaluate how far cryptography has come, it is important to identify its origins. The first appearance of cryptography throughout history has been identified as carved within the tomb of Khnumhotep II (Sidhpurwala, 2019). While hieroglyphics were already in existence throughout the country, the particular scribes within the creation of the tomb used substitution of hieroglyphics to develop a secret language exclusively for the tomb. They were not seeking to hide the messages, but wanted to create something magnificent to honor the deceased leader. This is the oldest example history has of taking writing and making it more secretive, which is essentially the same process that happens in encryption when plaintext converts into ciphertext. However, secret writing has not been used primarily as a source of reverence but as a key strategy during conflict with other state actors. Most civilizations use secrecy with their writings to share military information or some strategy to improve the functionality of a Monarchy and other forms of government. When these early writings were intercepted and deciphered it creates the first instances of espionage in history, which gave humans and their entities the ability to form a counter measure through defensive cybersecurity to prepare for any attack on their security before the original senders catch on that there is a man-in-the-middle attack taking place.
Throughout the ages, sometimes cryptography is complex and in other times much easier to decipher. During the times of Julius Caesar, he and his administration used cryptography often throughout their government. He used it to convey secret messages regarding military and war tactics. He developed a substitution cipher, known today as the Caesar cipher, in which he moves alphabet characters three times to the right and selected the new character to represent the new language. It is known as one of the most famous ciphers in the world, but also not the most difficult to decipher. The legacy of this cipher is that substitution is still used today to create ciphertext through more complicated algorithms and protocols.
What makes the Caesar cipher and those like it a vulnerability is because it is based on the secrecy of the project instead of protecting the key used for encryption and decryption. Once hackers understand the pattern the new language takes it makes the cryptographic strategy obsolete. A common encryption technique involves studying the patterns of the ciphertext in order to discover the mechanism used to create it, which will identify the strategy used and the discovery of the original plaintext.
Vigenere during the 16th century created a cipher that may have been the first to use an encryption key. He used a complex encryption technique with multiple layers and then provided a secret key to be used by a sender and a receiver, mathematics was also a part of his algorithm and protocols. Vigenere’s cipher with all its complexities was eventually deciphered, his work is notable for introducing additional keys to the concept of cryptography. His work can be viewed as an evolution of Caesar’s as it is more secure because it relies on keys, but is still nearly as vulnerable due to the method in which it changes plaintext to ciphertext.
During the 19th century when innovations were becoming more electric, Hebern created an electronic machine called the Hebern rotor machine. It puts the secret key on a rotor which embeds it into a rotating disc. Ciphertext were also created through the process of substitution. Even though multiple messages could appear on a mechanical machine, hackers eventually found a way to decipher it through cryptoanalysis regarding letter frequencies.
German engineer Arthur Scherbius created the Enigma machine at the end of World War I, and continued to develop it for use in World War II. The Enigma was a mechanical machine that did not just have one rotor but at least 3 or 4 of them, each of them rotating at different rates to create ciphertext. Keys were primarily used as a method of setting up the rotors. The Enigma’s cipher was eventually deciphered by Poland, and its concept were picked up by the British who innovated it by putting more emphasis on the secret keys and not just the functionality of the rotors.
During World War II, cryptography was primarily used for government and military purposes for secret operations. After the war, businesses began to use cryptography as a way to prevent their competitors from gaining information about their products and services, or any business strategy they may be applying.
In the 1970s, IBM became hyper focused on developing strong encryption techniques as their intelligence suggested that businesses would be able to grow much faster and in a secure way if they can implement cryptographic techniques that work efficiently. IBM produced a cipher called Lucifer which became an important aspect of policies created by NIST; the product was eventually named Data Encryption Standard (DES).
Almost 30 years later in 1997, DES was hit strongly by a cyberattack-the worst it had ever experienced. In the fallout of the attack it became apparent that the size of the secret key used by DES was one of the vulnerabilities of the attack. As processing power began to increase due to Moore’s law, eventually hackers had the resources to break DES using brute force attacks. As a counter measure NIST put out a challenge to anyone who could create a proposal for a new, more secure block cipher. The department received 50 submissions. Finally, in the year 2000, they accepted Rijndael’s proposal and label its Advance Encryption Standard (AES).
The use of cryptography changed drastically between the 1930s and 1970s. In the 1930s, cryptography was a part of mechanical machines used to produce secret ciphertext. In the 1970s, the cryptographic process become more digitalized, which enhanced its security and made it far more difficult to be exploited by hackers from previous generations. IBM in the 1970s established a cryptographic framework that is still used today to create contemporary forms of encryption techniques. While one decade was mechanical and the other digital, they were both used for the same purposes it just turns out that the latest innovations by IBM had created an encryption strategy that other organizations could innovate and apply to their entities. This had a significant impact on modern communication. In the 1930s, the cryptography was almost exclusively used for government and military secrecy. In the 1970s, the ciphers created could be used for the secrecy of government and military but could also be essential components of businesses of any size or any size network including home networks even though very few people within the United States owned a personal computer in the 1970s, and certainly were not as focused on security as the cybersecurity professionals are now because the earliest PCs did not have internet access or complicated operating systems to load when users wanted to use the device for typing or launching early applications.
Even though the innovations of the past were not as secure as the ones created by IBM or the various cryptographic services offered today, the past had some ciphers that are very important to the study of it as a science. For example, the “One-time Pad” was an encryption algorithm created in the 1900’s and has essentially been unbreakable (McDonald, 2020). The cipher is an innovated version of the Vernam Cipher, which mechanically attached a post message with a mechanical device and was also used for key distribution. It took nearly the entire century to figure out how to decipher the mechanical machine. This encryption technique had a secure way of distributing keys and that has led to the reason why it took nearly 100 years to decipher (“Cipher Machines and Cryptology”, 2020). The keys were not used more than once similarly to password authentication used today.
One of the best innovations and encryption techniques to come from the last century is the use of asymmetrical encryption in which the sender and receiver will need two separate keys to encrypt and decrypt their files. Many governments and corporations continue to use this strategy today. Even though it is not perfect, asymmetric cryptography is probably the strongest cybersecurity policy for implementing encryption techniques at any level-from local area networks to large enterprises. It’s not as cut and dry as symmetrical encryption, asymmetrical is more complex but has an easy to use appeal that all interested parties could use for personal data, corporate or government entities. Due to these events, private key encryption is typically obsolete but can be used for smaller networks in an efficient way. For nearly all other reasons for needing a cryptographic solution, public key or asymmetric would be the best cybersecurity practice for any user.
While cryptography has grown from a mechanical phenomenon to a commonplace digital strategy, the motivations have remained similar throughout the ages. The use of substitution and and secrecy techniques are still used today and many cybersecurity professionals and other technical roles like system engineers and software engineers are constantly looking for better methods and techniques for applying successful strategies for today’s cryptography.
While some internet users are learning about cryptography for the first time, law enforcement agencies have been using it for decades. This means that law enforcement must stay current on the types of exploits that are likely to strike its networks by examining the opensource in the same ways that private and public organizations do. Many sources reveal that law enforcement agencies invest in seminars and meetings that focus on how to use cryptography to their advantage or to discover evidence of a crime for forensic analysis. Due to the complexity of cryptography, each case needs to be approached with different cybersecurity strategies, there is currently no single solution that can solve all cases through cryptography. These departments are researching and discussing measures regarding a “user-controlled” encryption technique or the resources connected to quantum computing (Baker & Landau). A few universities have already published articles on the two areas and their connection to cryptography.
User-controlled encryption puts the responsibility for key distribution on the sender who will have software resources that will ensure the receiver gets the uninterrupted message. These programs will exist as software-as-a-service (SaaS) models that can be scaled to the needs of law enforcements staff. The misuse of keys by staff could lead to longer investigations as law enforcement may have difficulty distributing keys that are usually done automatically through key distribution software. However, if the software works effectively it could be a valuable resource for a department.
Quantum computing is another area that is discussed that will have an impact over the next 10 to 20 years. These computers will have enough processing power and encryption capabilities that it would be nearly impossible for a hacker to decipher any part of the encryption process. There is also a potential vulnerability if the quantum computers have installed previously used legacy software for encryption that will continue to be a vulnerability just like it was on its previous system.
Cryptography is constantly evolving to meet the requirements necessary to protect networks and systems. From its mechanical past to its digital presence and future, cryptography will be a major component for organizations in a variety of different areas. The resources that make communication possible through computing will need strong cryptography techniques in order to remain secure and become a best cybersecurity strategy.
References
Baker, J., & Landau, S. (2019, May 28). New Perspectives on the Future of Encryption. Retrieved June 21, 2020, from https://www.lawfareblog.com/new-perspectives-future-encryption#:~:text=The%20first%20major%20trend%20of,services%20like%20WhatsApp%20and%20Signal.
Cipher Machines and Cryptography: One-time Pad. (2020, January 1). Retrieved June 21, 2020, from http://users.telenet.be/d.rijmenants/en/onetimepad.htm
McDonald, N. G. (2020, January 1). PAST, PRESENT, AND FUTURE METHODS OF CRYPTOGRAPHY AND DATA ENCRYPTION. Retrieved June 21, 2020, from https://my.eng.utah.edu/~nmcdonal/Tutorials/EncryptionResearchReview.pdf
Sidhpurwala, H. (2013, August 13). A Brief History of Cryptography. Retrieved June 21, 2020, from https://access.redhat.com/blogs/766093/posts/1976023#:~:text=The%20first%20known%20evidence%20of,place%20of%20more%20ordinary%20ones