Cryptography is everywhere. It secures internet traffic, wi-fi, encodes files, messages, signatures and much more. Current technological advancement reached such a level that it will not be an overstatement to say that humans depend heavily on the Internet: from state military secrets to each individual private life secrets being a constant target of cyberattacks. Although encryption is not a cure-all for cyberattacks, it is a basis for many security mechanisms. But where did it start and how first primitive encryption codes evolved into complex cryptographic systems? And is the Internet protected enough?
One of the first known ancient encryption codes is Atbash, whose name is derived from the first, last, second and second to the last letter in the Hebrew alphabet – אתבש. The name itself explains its principle: reversely substituting a letter with another letter which it occupies at the same position from the end of the alphabet. For example, A becomes Z, or in the case of the Hebrew alphabet letter Alef becomes Tav. Another ancient substitution code is “Caesar code” known for replacing a letter with the one shifting three letters further. To break these codes is an easy task especially where the alphabet used for encryption is known, using a letter frequency analysis.
World war II cryptography
Without delving into all the codes humanity ever invented, it is worth mentioning the single-rotor Hebern machine created in the beginning of the 20th century, which preceded the 4-rotor Enigma used by Germans during WWII. The latter was probably one of the last electromechanical encryption devices as the new forms of encryption developed from then on.
The work of Claude E. Shannon whose article “A mathematical theory on cryptography” was published in 1945 is known as a starting point in modern cryptography. He invented a cipher mechanism using a shared secret key, which must be known in advance by a sender and a recipient. The encryption of the message is done by combining each character of the message with a character from a so-called “one-time pad” containing random sequences of letters previously known secretly to both parties. The message thus turns into a ciphertext. The decryption is done in the same way but in a reversed order. The method was used widely during the Сold War. However, naturally it was impractical to encrypt large messages since the key must be of the same size or longer as a message encoded.
The Data Encryption Standard (DES) is a symmetric key block cipher, developed in the 1970s by IBM researchers. The cipher groups a plaintext message into 64-bit blocks, encoding each block using a 56-bit length key. Then it performs 16 rounds of each block encryption involving substitutions and switches in different modes, for example, an encoded block depending on a previous block or encrypted individually.
Essentially, a secure code is a code which cannot be cracked in a reasonable time. The DES remained reliable until the processing power of computers became strong enough to break it within a reasonable time by brute force, that is trying each key until a right one is found. In 1998, the machine called DeepCrack worth 250,000 USD decrypted a DES-encoded message in only 56 hours. Soon after that, the dominance of DES came to an end.
In November 2001 the Advanced Encryption Standard (AES) became an official standard for encryption. AES is also a block cipher, but it encrypts data into 128-bit blocks and its key size is 128, 192 and 256 bits, with 10, 12 and 14 encryption rounds, respectively. Even with the most powerful computer, it would take nothing less than 5×1021 (5 multiply at 1 followed by 21 zeros) years to browse its key space and crack the AES with brute force.
Nevertheless, the AES is constantly challenged but not so much by brute force attacks anymore. Nowadays, there are much more sophisticated techniques such as algorithmic attacks, side-channel or fault injection attacks, aimed at analyzing an internal structure of a cipher’s block, or deliberately causing the hardware to make errors which might give information about the key. It is out of the scope of this article to cover how exactly these techniques are functioning. However, it should be clarified that these attacks work on conventional computers. So far, the current technology has not made it possible to crack the AES…yet.
If ever a quantum computer, a computer which uses quantum physics to perform calculations faster than ever, is made, the AES 128-bit key will not resist a quantum exhaustive search attack. Some experts are convinced that a quantum computer is just a matter of time, predicting that within the next 20 years or so a sufficiently large quantum computer will be built.
Nobody can guarantee that there will not be a quantum algorithm powerful enough to break AES 256-bit key, which, however, is supposed to withstand a quantum exhaustive search attack. This means that for the foreseeable future, the Internet is secure enough.
M2 Cyberjustice – Promotion 2023/2024