Cryptography: The Secret Science
Zusammenfassung
For most of human history, cryptography was the exclusive property of states and militaries: a tool for protecting diplomatic cables and battlefield orders. The 1970s changed everything. A pair of Stanford mathematicians published a paper describing a cryptographic system that did not require sender and receiver to share a secret in advance — and within months, three MIT researchers turned this idea into RSA, the algorithm that makes every HTTPS connection possible. The subsequent fifty years of cryptographic history are the story of mathematics becoming infrastructure, of civil liberties battles fought with publication and encryption software, and of governments learning that mathematics is an export they cannot control.
Ancient Cryptography to the Enigma
Simple substitution ciphers — replacing each letter with another — were used by Julius Caesar (the Caesar cipher, a rotation of the alphabet by a fixed number) and remained adequate for centuries because the typical adversary lacked systematic methods to break them. The Arab mathematician al-Kindi developed frequency analysis in the 9th century: because certain letters appear more often in any given language, counting letter frequencies in ciphertext reveals the substitution key. Most classical ciphers fell to this technique.
The Vigenère cipher (1553) defeated simple frequency analysis by using multiple shifted alphabets, keyed by a keyword.1 For three centuries it was considered unbreakable. Charles Babbage broke it in the 1840s (though he never published); Friedrich Kasiski independently published the method in 1863. The pattern recurs throughout cryptographic history: “unbreakable” systems fall to unexpected mathematical insight.
The Enigma machine, used by Nazi Germany from 1933 and broken by British codebreakers at Bletchley Park during World War II (see Alan Turing and the Enigma), was the last major pre-digital cipher. Its defeat established that mechanical complexity was insufficient: you needed mathematical proof of security, not just engineering difficulty.
Shannon’s Mathematical Cryptography
Claude Shannon (see Claude Shannon and Information Theory) provided that foundation in his 1949 paper “Communication Theory of Secrecy Systems.” Shannon proved that the one-time pad — a cipher where the key is a truly random string as long as the message, used only once — is perfectly secret: an adversary with unlimited computing power gains zero information about the plaintext from the ciphertext. He also defined when any cipher is computationally secure: when breaking it requires more work than any feasible adversary can perform.
This gave cryptographers a framework for rigorous argument. Before Shannon, ciphers were “broken” or “unbroken” as a matter of empirical fact. After Shannon, security could be argued mathematically — which also meant it could be disproved mathematically, which was an improvement.
The Key Distribution Problem
All cryptographic systems before 1976 shared a fundamental limitation: sender and receiver must agree on a secret key before communicating. This is easy when two spies meet in a park; it is impossible when a customer wants to buy something from a website they have never contacted before.
In 1976, Whitfield Diffie and Martin Hellman at Stanford published “New Directions in Cryptography,” one of the most consequential papers in the history of applied mathematics. They described public-key cryptography: a system in which each party has two mathematically related keys — one public, one private. A message encrypted with the public key can only be decrypted with the private key. Two parties can establish a shared secret over a public channel without prior communication, because each party’s private key is never transmitted.
Diffie and Hellman described the concept; they did not provide a practical implementation. The specific Diffie-Hellman key exchange protocol they published remains in use, but the paper was explicit that finding a suitable mathematical function for the general public-key scheme was an open problem.
Prior Art: GCHQ’s Secret Discovery
In 1997, the British signals intelligence agency GCHQ declassified documents revealing that its researchers — James Ellis, Clifford Cocks, and Malcolm Williamson — had independently discovered public-key cryptography between 1969 and 1973, including an algorithm mathematically equivalent to RSA. The work was classified and unused for two decades. Ellis died in 1997, weeks before the declassification, without public recognition of his discovery.
RSA: The Algorithm That Runs the Internet
In 1977, three MIT researchers — Ron Rivest, Adi Shamir, and Leonard Adleman — found the mathematical trapdoor function Diffie and Hellman had sought: the RSA algorithm, based on the difficulty of factoring large integers. Multiplying two large prime numbers together takes milliseconds; factoring the result back into its prime factors is computationally infeasible for numbers of sufficient size.
RSA was the first practical public-key cryptosystem. It could be used for both encryption and digital signatures (signing with a private key, verifying with the corresponding public key). It became the foundation of SSL (Secure Sockets Layer, 1995) and its successor TLS (Transport Layer Security), the protocol that puts the “S” in HTTPS.
Rivest, Shamir, and Adleman submitted RSA to Martin Gardner, who published it in his Scientific American “Mathematical Games” column in August 1977. The NSA tried to prevent publication; Gardner published anyway. The authors offered a $100 reward for factoring the published “RSA-129” challenge number; it was factored in April 1994 — by a team coordinating roughly 1,600 computers over the Internet — demonstrating that key sizes needed to grow with computing power.
PGP: Cryptography Goes Public
Philip Zimmermann was a political activist and software engineer who believed that strong cryptography should be available to ordinary citizens, not just governments and corporations. In 1991, facing legislation that would have required backdoors in encryption software, he released PGP (Pretty Good Privacy) — an implementation of RSA and other ciphers for encrypting email — as free software.
The U.S. government responded by opening a criminal investigation of Zimmermann for “munitions export without a license.” Cryptographic software was classified as a munition under the International Traffic in Arms Regulations (ITAR); exporting it was theoretically equivalent to exporting a weapons system. The investigation lasted three years before being dropped in 1996 without charges.
PGP itself highlighted a different problem: while the cryptography was sound, key management was difficult enough that most people used it incorrectly or not at all. The key verification model (web of trust) required users to physically verify each other’s public keys or rely on chains of trusted signatures — a process too cumbersome for most use cases. PGP email encryption remains a minority practice among journalists, security researchers, and activists; it never achieved mass adoption.
The Clipper Chip Controversy
In 1993, the Clinton administration proposed the Clipper chip — a hardware encryption device that would provide strong encryption for telephone voice communications, with one condition: the key would be split into two parts, each deposited with a different government agency, allowing law enforcement to decrypt communications with a court order. This key escrow mechanism was presented as a balance between privacy and law enforcement access.
The proposal was met with near-universal opposition from cryptographers, civil liberties organizations, and the technology industry. AT&T researcher Matthew Blaze published a paper in 1994 demonstrating a flaw in the Clipper chip’s key escrow protocol that would allow a user to subvert the escrow mechanism while maintaining encryption. The Clipper chip initiative was abandoned by 1996.
The arguments made against Clipper — that backdoors are always exploitable by adversaries as well as law enforcement, that secure cryptography is mathematically indivisible from cryptography available to criminals, that key escrow creates a target of enormous value — have been repeated in every subsequent “crypto war.” The FBI’s 2016 demand that Apple create a version of iOS capable of unlocking the San Bernardino shooter’s iPhone was the Clipper debate resurfaced for the smartphone era.
Modern Cryptography: AES, Elliptic Curves, and the Quantum Threat
The Advanced Encryption Standard (AES), selected by NIST in 2001 through an open international competition, replaced DES (Data Encryption Standard, 1977) as the global standard for symmetric encryption. The Rijndael algorithm, designed by Belgian cryptographers Joan Daemen and Vincent Rijmen, has resisted all practical attacks at standard key sizes.
Elliptic curve cryptography (ECC), developed independently by Neal Koblitz and Victor Miller in 1985, provides equivalent security to RSA with much smaller key sizes, making it suitable for constrained devices. Most TLS connections now use elliptic curve Diffie-Hellman (ECDH) for key exchange.
The quantum computing threat to public-key cryptography is real: Shor’s algorithm (1994) would efficiently factor large integers and compute discrete logarithms on a sufficiently powerful quantum computer, breaking RSA and ECC. NIST began a post-quantum cryptography standardization process in 2016 and published initial standards in 2024. The migration to quantum-resistant algorithms will take a decade and must happen before quantum computers capable of running Shor’s algorithm at relevant key sizes exist.
Dead End: Key Escrow as Government Policy
The Clipper chip was the most prominent attempt to mandate government access to encrypted communications, but not the last. The UK’s Investigatory Powers Act (2016) included provisions for requiring communication service providers to maintain “technical capability notices” — essentially ongoing backdoor requirements. The EU has repeatedly debated client-side scanning mandates. Australia’s Assistance and Access Act (2018) created requirements for technology companies to provide assistance to law enforcement that cryptographers argued were technically impossible to fulfill without weakening encryption for everyone.
None of these proposals resolved the fundamental mathematical reality: there is no such thing as encryption that is secure against some adversaries and insecure for others on demand. Either the encryption is secure or it is not. The governments arguing for “lawful access” have not found a third option; the cryptographers arguing that none exists have not persuaded governments to stop looking.
📚 Sources
- Diffie, Whitfield & Hellman, Martin: “New Directions in Cryptography” — IEEE Transactions on Information Theory, Vol. 22, No. 6 (1976)
- Rivest, Ronald L., Shamir, Adi & Adleman, Leonard: “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” — Communications of the ACM, Vol. 21, No. 2 (1978)
- Singh, Simon: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (1999), Doubleday
- Levy, Steven: Crypto: How the Code Rebels Beat the Government — Saving Privacy in the Digital Age (2001), Viking
- Blaze, Matt: “Protocol Failure in the Escrowed Encryption Standard” — Proceedings of the 2nd ACM CCS (1994)
- NIST: Post-Quantum Cryptography Standardization (ongoing)
-
The cipher is named after the French diplomat Blaise de Vigenère, but the 1553 version described here was actually devised by the Italian cryptographer Giovan Battista Bellaso. Vigenère published a stronger (autokey) variant in 1586; the misattribution stuck in the 19th century and never came off. ↩︎