Cryptography is derived from the Greek words kryptos, which stands for hidden and grafein, which stands for to write. Through history, cryptography has meant the process of concealing the contents of a message from all except those who know the key. Dating back to 1900 BC in Egypt and Julius Caesar using substitution cyphers, encryption used similar techniques for thousands of years, until a little before World War II.
Vigenere designed the first known cipher thatused an encryption key in the 16th century. Since then with most encryption, you convert the contents, known as plaintext, into encrypted information that’s otherwise unintelligible, known as cipher text. The cypher is a pair of algorithms - one to encrypt, the other to decrypt. Those processes are done by use of a key. Encryption has been used throughout the ages to hide messages. Thomas Jefferson built a wheel cypher. The order of the disks you put in the wheel was the key and you would provide a message, line the wheels up and it would convert the message into cypher text. You would tell the key to the person on the other end, they would put in the cypher text and out would pop the message.
That was 1795 era encryption and is synonymous with what we call symmetrical key cryptography, which was independently invented by Etienne Bazeries and used well into the 1900s by the US Army. The Hebern rotor machine in the 19th century gave us an electro-mechanical version of the wheel cypher and then everything changed in encryption with the introduction of the Enigma Machine, which used different rotors placed into a machine and turned at different speeds based on the settings of those rotors. The innovations that came out of breaking that code and hiding the messages being sent by the Allies kickstarted the modern age of encryption.
Most cryptographic techniques rely heavily on the exchange of cryptographic keys. Symmetric-key cryptography refers to encryption methods where both senders and receivers of data share the same key and data is encrypted and decrypted with algorithms based on those keys. The modern study of symmetric-key ciphers revolves around block ciphers and stream ciphers and how these ciphers are applied. Block ciphers take a block of plaintext and a key, then output a block of ciphertext of the same size. DES and AES are block ciphers. AES, also called Rijndael, is a designated cryptographic standard by the US government. AES usually uses a key size of 128, 192 or 256 bits. DES is no longer an approved method of encryption triple-DES, its variant, remains popular.
Triple-DES uses three 56-bit DES keys and is used across a wide range of applications from ATM encryption to e-mail privacy and secure remote access. Many other block ciphers have been designed and released, with considerable variation in quality. Stream ciphers create an arbitrarily long stream of key material, which is combined with a plaintext bit by bit or character by character, somewhat like the one-time pad encryption technique. In a stream cipher, the output stream is based on an internal state, which changes as the cipher operates. That state’s change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known stream cipher.
Cryptographic hash functions do not use keys but take data and output a short, fixed length hash in a one-way function. For good hashing algorithms, collisions (two plaintexts which produce the same hash) are extremely difficult to find, although they do happen. Symmetric-key cryptosystems typically use the same key for encryption and decryption. A disadvantage of symmetric ciphers is that a complicated key management system is necessary to use them securely. Each distinct pair of communicating parties must share a different key.
The number of keys required increases with the number of network members. This requires very complex key management schemes in large networks. It is also difficult to establish a secret key exchange between two communicating parties when a secure channel doesn’t already exist between them. You can think of modern cryptography in computers as beginning with DES, or the Data Encryption Standard, us a 56-bit symmetric-key algorithm developed by IBM and published in 1975, with some tweaks here and there from the US National Security Agency. In 1977, Whitfield Diffie and Martin Hellman claimed they could build a machine for $20 million dollars that could find a DES key in one day.
As computers get faster, the price goes down as does the time to crack the key. Diffie and Hellman are considered the inventors of public-key cryptography, or asymmetric key cryptography, which they proposed in 1976. With public key encryption, two different but mathematically related keys are used: a public key and a private key. A public key system is constructed so that calculation of the private key is computationally infeasible from knowledge of the public key, even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret.
The public key is typically used for encryption, while the private or secret key is used for decryption. Diffie and Hellman showed that public-key cryptography was possible by presenting the Diffie-Hellman key exchange protocol. The next year, Ron Rivest, Adi Shamir and Leonard Adleman developed the RSA encryption algorithm at MIT and founded RSA Data Security a few years later in 1982. Later, it became publicly known that asymmetric cryptography had been invented by James H. Ellis at GCHQ, a British intelligence organization and that both the Diffie-Hellman and RSA algorithms had been previously developed in 1970 and were initially called “non-secret encryption.” Apparently Ellis got the idea reading a Bell Labs paper about encrypting voice communication from World War II.
Just to connect some dots here, Alan Turing, who broke the Enigma encryption, visited the proposed author of that paper, Shannon, in 1943. This shouldn’t take anything away from Shannon, who was a brilliant mathematical genius in his own right, and got to see Gödel, Einstein, and others at Princeton. Random note: he invented wearables to help people cheat at roulette. Computer nerds have been trying leverage their mad skills to cheat at gambling for a long time. By the way, he also tried to cheat at, er, I mean, program chess very early on, noting that 10 to the 120th power was the game-tree complexity of chess and wrote a paper on it. Of course someone who does those things as a hobby would be widely recognized as the father of informational theory.
RSA grew throughout the 80s and 90s and in 1995, they spun off a company called VeriSign, who handled patent agreements for the RSA technology until the patents wore out, er, I mean expired. RSA Security was acquired by EMC Corporation in 2006 for $2.1 billion and was a division of EMC until EMC was acquired by Dell in 2016. They also served as a CA - that business unit was sold in 2010 to Symantec for $1.28B. RSA has made a number of acquisitions and spun other businesses off over the years, helping them get into more biometric encryption options and other businesses. Over time the 56 bit key size of DES was too small and it was followed up by Triple-DES in 1998. And Advanced Encryption Standard, or AES, also in 1998. Diffie-Hellman and RSA, in addition to being the first public examples of high quality public-key cryptosystems have been amongst the most widely used. In addition to encryption, public-key cryptography can be used to implement digital signature schemes. A digital signature is somewhat like an ordinary signature; they have the characteristic that they are easy for a user to produce, but difficult for anyone else to forge.
Digital signatures can also be permanently tied to the content of the message being signed as they cannot be moved from one document to another as any attempt will be detectable. In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message (or a hash of the message or both), and one for verification, in which the matching public key is used with the message to check the validity of the signature. RSA and DSA are two of the most popular digital signature schemes. Digital signatures are central to the operation of public key infrastructures and to many network security schemes (SSL/TLS, many VPNs, etc). Digital signatures provide users with the ability to verify the integrity of the message, thus allowing for non-repudiation of the communication. Public-key algorithms are most often based on the computational complexity of hard problems, often from number theory. The hardness of RSA is related to the integer factorization problem, while Diffie-Hellman and DSA are related to the discrete logarithm problem. More recently, elliptic curve cryptography has developed in which security is based on number theoretic problems involving elliptic curves.
Because of the complexity of the underlying problems, most public-key algorithms involve operations such as modular multiplication and exponentiation, which are much more computationally expensive than the techniques used in most block ciphers, especially with typical key sizes. As a result, public-key cryptosystems are commonly hybrid systems, in which a fast symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm. Hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed.
OpenSSL is a software library that most applications use to access the various encryption mechanisms supported by the operating systems. OpenSSL supports Diffie-Hellman and various versions of RSA, MD5, AES, Base, sha, DES, cast and rc. OpenSSL allows you to create ciphers, decrypt information and set the various parameters required to encrypt and decrypt data. There are so many of these algorithms because people break them and then a new person has to come along and invent one and then version it, then add more bits to it, etc. At this point, I personally assume that all encryption systems can be broken. This might mean that the system is broken while encrypting, or the algorithm itself is broken once encrypted. A great example would be an accidental programming mistake allowing a password to be put into the password hint rather than in the password.
Most flaws aren’t as simple as that. Although Kerckhoffs's principle teaches us that the secrecy of your message should depend on the secrecy of the key, and not on the secrecy of the system used to encrypt the message. Some flaws are with the algorithms themselves, though. At this point most of those are public and security without a password or private key they just take too long to decrypt to be worth anything once decrypted. This doesn’t mean we don’t encrypt things, it just means that in addition to encryption we now add another factor to that security. But we’ll leave the history of two-factor security to another episode.
RSA made a lot of money because they used ciphers that were publicly reviewed and established as a standard. Public review of various technological innovations allows for commentary and making it better. Today, you can trust most encryption systems because due to that process, it costs more to decrypt what you’re sending over the wire than what is being sent is worth. In other words, collaboration trumps secrecy.
Elliptic curve cryptography (ECC) is a public-key cryptographic system based on the algebraic structure of elliptic curves. ECC is a relatively new field of cryptography, with its origins dating back to the 1980s. The first use of elliptic curves in cryptography was in 1985, when Neal Koblitz and Victor Miller independently proposed using elliptic curves to create public-key cryptosystems. Koblitz and Miller's work was based on earlier work by Clifford Cocks, who had proposed using elliptic curves for cryptography in a classified memorandum in 1975.
ECC did not gain widespread adoption until the early 2000s. In 2004, the National Institute of Standards and Technology (NIST) published a set of recommended elliptic curves for use in government applications. This helped to legitimize ECC and led to its increased adoption in commercial applications. ECC is now widely used in a variety of applications, including:
Data encryption: ECC can be used to encrypt data, such as files, emails, and web traffic.
Digital signatures: ECC can be used to create digital signatures, which can be used to verify the authenticity of documents and messages.
Key exchange: ECC can be used to exchange keys between two parties, which can then be used to encrypt data.
ECC offers a number of advantages over traditional public-key cryptography systems, such as RSA:
Smaller keys: ECC keys are much smaller than RSA keys, which makes them more efficient to store and transmit.
Same security level: ECC keys offer the same security level as RSA keys, even though they are much smaller.
More efficient: ECC algorithms are more efficient than RSA algorithms, which makes them faster to use.
We use a variety of keys in Secret Chest, each chosen for a specific function based on the needs of the flow, but primarily use ECC keys where possible. To learn more about other encryption technology (and especially the history of things) please feel free to reach out to us or sign up for our public beta here.