There are some words that get used so often that they start to feel familiar. You might hear someone say it on the news or in a movie. Your friends might casually drop the word in a conversation, and no one thinks it's strange. Except, you don't really know what that word means, but don't want to admit it. Hey, maybe no one in the conversation really knows what it means!
Luckily we live in the internet age, which means you can look up terms you don't know yet. If the word you were looking for is "encryption", then you have hit the jackpot, because that's exactly what this article is going to explain in the simplest way possible.
Encryption is an act. It's something you can do. We encrypt things. What things? Messages, information, secrets - those sorts of things. OK, but what are you actually doing when you encrypt something? The answer to this question is simple in principle. Encryption means transforming information from a form anyone can plainly read to a form that only those with special knowledge can understand. Why and how is this done? Let's take our time and unpack this concept.
We, humans, communicate using language. A language is a set of symbols along with rules on how to use them. The word "dog" doesn't have anything dog-like about it, but when you read it you know, I'm talking about a furry creature on four legs that barks annoyingly at 3 AM in the morning.
Of course, if you speak an entirely different language, the word for "dog" is going to be something entirely different too. In Japanese, for example, the word for dog is inu. So if a person who only speaks English tries to communicate with a person who only speaks Japanese, neither of them will make sense of what the other says.
The point of communication is to convey what you mean in such a way that the person on the receiving end's understanding is as close to what you meant as possible.
Now, imagine you and another person are having a conversation about something sensitive. Something you don't want anyone else to know. How can you make sure that they get your exact intended meaning, but anyone else who happens to overhear your communication doesn't?
Having your conversation in a language that only you and the other person knows is one solution. That actually happened in real life. During the Second World War, the US military used Native American troops to transmit secret tactical information via radio. They were known as code talkers and used a code based on their native languages, such as Navajo.
They had to do this because radio is an open channel. Anyone with a receiver tuned to the right frequency can clearly hear what is being said. Since the Germans had plenty of people who understood European languages, Native American languages were perfect for the job.
The problem with this is that in principle someone can look up the language itself. It's not a secret. So the ultimate solution is to use a language that only the two of you know.
Inventing an actual language is pretty hard! Just ask the people who invented Esperanto. It takes so much effort that it wouldn't be worth the while just to prevent people from listening in. Instead, why not take an existing language and then disguise it so that no one can make any sense of it.
That's where the concept of a cipher comes into play. A cipher is an algorithm, a sort of recipe that tells you how to do something. In this case, the something is a method of transforming plain language messages, such as English, into another form. If you don't know how exactly the transformation occurred, then you have no way of reversing it and figuring out what the original message was.
Ciphers are an amazing solution because they can be very simple and fast to apply, but very hard (if not practically impossible) to figure out.
The most simple example of a cipher is the humble substitution cipher. All you have to do is choose a replacement for every letter in your message. The beauty of this is that it doesn't matter what language the message is in, as long as the characters all have substitutions. Here's a simple example. First, we'll take the plain alphabet:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Now let's say our substitution cipher tells us to replace each letter with the one that sits to the right of it, with Z being replaced by A
ABCDEFGHIJKLMNOPQRSTUVWXYZ
BCDEFGHIJKLMNOPQRSTUVWXYZA
So if I wanted to write "Happy Birthday" it would come out as "IBQQZ CJSUIEBZ".
That just looks like gibberish, doesn't it? If you didn't know what the cipher was to create the encoded text, you'd have no idea that I wished someone a happy birthday.
Substitution ciphers like these might also include additional measures to make them harder to figure out. Writing in all caps makes it harder to make sense of it. Breaking the coded text up into standard length blocks also removes word length as a clue to reverse engineering the cipher.
Ciphers are a simple concept, but very effective in the right circumstances. Of course, I did say that this was one of the simplest forms of encryption. Which means cracking the code isn't necessarily all that hard. Let's see how it can be done.
Clearly, the aim of figuring out what a message encrypted with a substitution cipher says is to figure out what the cipher itself is. After all, the intended recipient of the message uses their copy of the cipher to decipher it.
No one thinks a cipher like this is impossible to crack, but it's good enough to delay interception of the message until it's no longer useful. In a military context, you need a code that's just hard enough to figure out that by the time your enemy figures it out it's too late to make use of the information. The time to break a substitution cipher might be measured in days, hours or even minutes.
The weakest part of a substitution cipher is that there are clues in the encoded message itself as to how the cipher works.
There are also assumptions that can help a code-breaker get to the correct answer faster. For example, we can assume that the message was in English for various reasons. Such as both the sender and receiver being English speakers. We are also assuming that it's a substitution cipher in the first place since it's a common cipher that's simple to come up with on short notice.
Then we also have a record of all the different substitution ciphers that have been figured out in the past. Perhaps we are lucky, and they simply used a cipher that someone else invented.
Failing that, there are a number of things the codebreaker can try to figure out a substitution cipher:
As you can see, even with a systematic approach it can still take a long time for a human being to figure out a substitution cipher. With the advent of computers, however, they become trivial. Broken in seconds by a machine that can try millions of possibilities in a second.
While computers have basically made traditional ciphers such as the example above obsolete, they have also given us new ways of encrypting information that would have been impossible before.
One of the limitations of analog ciphers is that human beings need to understand them well enough so that they can apply them. For a while, in the 20th century, we used mechanical encryption machines to apply much more complex ciphers. The most famous example is probably the German Enigma machine.
Early generations of the Enigma were cracked using other mechanical devices designed for that purpose. Once code breakers had figured out how Enigma worked. However, the Enigma machines quickly reached a level of complexity that no analog method had any hope of cracking.
The first general-purpose computer, ENIAC, was created largely from a need to break such sophisticated codes. So you can really say that encryption was one of the most urgent drivers in the development of digital computer technology!
Computer-based encryption still uses a cipher of some sort to encode the message, but it's much more complex. In addition, just knowing how the cipher works don't help you decrypt anything!
Let's go back to our simple substitution cipher for a second and modify the concept a little. Instead of having a fixed substitution recipe, we throw a little something extra into the mix - a key.
The key is a word or a string of characters and numbers that the algorithm uses to encode the information in a unique way. For example, the number value of each letter in the passphrase can be used to determine how many letters to shift each character in the message, repeating for the length of the word. So although the algorithm itself doesn't change at all, the encoding is different each time a different passphrase or "key" is used.
So even if you knew it was a substitution cipher and you know how it works, you can't decipher the message without also knowing what the key is. This is not a real example; it's just meant to illustrate how modern encryption works in principle. There's an algorithm, and then there's a key consisting of characters used in that algorithm to generate unique encryption.
Which means when it comes to modern encryption no one is trying to figure out the actual algorithms themselves anymore to crack the code. Most encryption algorithms are published and well understood. It's just that knowing how the algorithm works bring you no closer to decrypting any actual communication. You need to know the key, and that's what modern code breakers actually target.
You yourself already make use of encryption keys on a daily basis, but might not even know it yourself. Of course, I'm talking about the passwords we all use to log into online services. The company you've signed up with doesn't have your actual password on file. Instead, when you pick a password, a special mathematical formula is applied to it resulting in a unique outcome. That result of the sum is stored on their servers. When you enter your password, the same math is applied again, and if the results match what's on file, then you are given access to the account.
So those who want to break modern encryption really only have two options. The first is to find a flaw in the actual cipher itself. Something in the encryption method that makes it predictable and there makes it possible to decrypt things without the key.
This has hardly ever happened. Some ciphers have become obsolete because weaknesses were discovered in them, but once the vulnerability is known in the industry either rapidly patch it or moves to an alternative.
That basically leaves attacking the actual key itself. The most basic form of attacking a key is repeatedly guessing what it could be. Basically, it's like trying to pick an unbreakable lock by making millions and millions of potential keys and trying them one by one. If that sounds like a pretty futile exercise, it is! All industry-standard encryption ciphers use key lengths which would take thousands or even millions of years to break.
Your password, on the other hand, isn't nearly that strong, but even so, if you do it right, you can make a strong password that's incredibly tough to crack.
Various ways of reducing the "brute force" method of cracking keys exist, but even then they are only effective on passwords that have serious flaws in them.
So what have we learned? The key points to take away are this:
It's thanks to modern computer encryption that you can work on Google Docs, bank online and calls an Uber whenever you need it. Almost everything the internet is useful for is only possible with effective encryption! So give our cryptographers a little respect, our modern way of life would not be possible without them.