There once was a Benedictine monk named Johannes Trithemius who, in 1518, wrote “Polygraphiae,” which was the very first published treatise on cryptography. Later, his text “Steganographia” described a cipher in which each letter is represented by words in successive columns of text, designed to hide inconspicuously inside a seemingly pious book of prayer.
These two treatises, “Polygraphiae” and “Steganographia”, were a big hit. Both were publicly lauded for the their meticulous analysis of ciphers. However, it was the renegade thesis of the third and final section of “Steganographia”, which said that messages communicated secretly were aided in their transmission by a host of “summoned spirits” that caused even more controversy.
Not surprising during this time, Trithemius’ works were banned as heretical sorcery and a century later were burned during the Inquisition.
When it comes to cryptography, no longer are we shackled by pen and ink and parchment scrolls. These days we know cryptography as the conversion of data into a secret code for transmission over a public network. Most cryptography is digital, and the original text (“plaintext”) is turned into a coded equivalent called “ciphertext” via an encryption algorithm. The ciphertext is decrypted at the receiving end and turned back into plaintext.
The encryption algorithm uses a “key,” which is a binary number that is typically from 40 to 256 bits in length. The greater the number of bits in the key (cipher strength), the more possible key combinations and the longer it would take to break the code. The data is encrypted, or “locked,” by combining the bits in the key mathematically with the data bits. At the receiving end, the key is used to “unlock” the code and restore the original data.
Secret key cryptography and public key cryptography are the two major cryptographic architectures. The secret method uses the same key to encrypt and decrypt. The problem is transmitting the key to the recipient in order to use it. The public key method uses two keys: one kept private and never transmitted; the other is made public. Very often, the public key method is used to safely send the secret key to the recipient, so that the message can be encrypted using the faster secret key algorithm.
The first method uses a secret key, such as the DES and AES algorithms. Both sender and receiver use the same key to encrypt and decrypt. This is the fastest computation method, but getting the secret key to the recipient in the first place is a problem that is often handled by the second method.
The second method uses a two-part key, such as RSA and El Gamal. Each recipient has a private key that is kept secret and a public key that is published for everyone. The sender looks up or is sent the recipient’s public key and uses it to encrypt the message. The recipient uses the private key to decrypt the message and never publishes or transmits the private key to anyone. Thus, the private key is never in transit and remains invulnerable.
Secret key and public key systems are often used in tangent, such as the AES secret key and the RSA public key. The secret key method provides the fastest decryption, and the public key method provides a convenient way to transmit the secret key. This is called a “digital envelope.” For example, the PGP e-mail encryption program uses one of several public key methods to send the secret key along with the message that has been encrypted with that secret key.
It has been said that any encryption code can be broken given enough time to compute all permutations. However, if it takes months to break a code, the war could already be lost, or the thief could have long absconded with the money from the forged financial transaction. As computers get faster, to stay ahead of the game, encryption algorithms have to become stronger by using longer keys and more clever techniques.