A brief history of cryptography: Sending secret messages throughout time

Stemming from the Greek words for “hidden writing,” cryptography is the practice of encrypting transmitted information so that it can only be interpreted by the intended recipient. Since the days of antiquity, the practice of sending secret messages has been common across almost all major civilizations. In modern times, cryptography has become a critical lynchpin of cybersecurity. From securing everyday personal messages and the authentication of digital signatures to protecting payment information for online shopping and even guarding top-secret government data and communications—cryptography makes digital privacy possible.

While the practice dates back thousands of years, the use of cryptography and the broader field of cryptanalysis are still considered relatively young, having made tremendous advancements in only the last 100 years. Coinciding with the invention of modern computing in the 19th century, the dawn of the digital age also heralded the birth of modern cryptography. As a critical means of establishing digital trust, mathematicians, computer scientists and cryptographers began developing modern cryptographic techniques and cryptosystems to protect critical user data from hackers, cybercriminals, and prying eyes.

Most cryptosystems begin with an unencrypted message known as plaintext, which is then encrypted into an indecipherable code known as ciphertext using one or more encryption keys. This ciphertext is then transmitted to a recipient. If the ciphertext is intercepted and the encryption algorithm is strong, the ciphertext will be useless to any unauthorized eavesdroppers because they won’t be able to break the code. The intended recipient, however, will easily be able to decipher the text, assuming they have the correct decryption key.

In this article, we’ll look back at the history and evolution of cryptography.

1900 BC: One of the first implementations of cryptography was found in the use of non-standard hieroglyphs carved into the wall of a tomb from the Old Kingdom of Egypt. 

1500 BC: Clay tablets found in Mesopotamia contained enciphered writing believed to be secret recipes for ceramic glazes—what might be considered to be trade secrets in today’s parlance. 

650 BC: Ancient Spartans used an early transposition cipher to scramble the order of the letters in their military communications. The process works by writing a message on a piece of leather wrapped around a hexagonal staff of wood known as a scytale. When the strip is wound around a correctly sized scytale, the letters line up to form a coherent message; however, when the strip is unwound, the message is reduced to ciphertext. In the scytale system, the specific size of the scytale can be thought of as a private key. 

100-44 BC: To share secure communications within the Roman army, Julius Caesar is credited for using what has come to be called the Caesar Cipher, a substitution cipher wherein each letter of the plaintext is replaced by a different letter determined by moving a set number of letters either forward or backward within the Latin alphabet. In this symmetric key cryptosystem, the specific steps and direction of the letter transposition is the private key.

800: Arab mathematician Al-Kindi invented the frequency analysis technique for cipher breaking, representing one of the most monumental breakthroughs in cryptanalysis. Frequency analysis uses linguistic data—such as the frequency of certain letters or letter pairings, parts of speech and sentence construction—to reverse engineer private decryption keys. Frequency analysis techniques can be used to expedite brute-force attacks in which codebreakers attempt to methodically decrypt encoded messages by systematically applying potential keys in hopes of eventually finding the correct one. Monoalphabetic substitution ciphers that use only one alphabet are particularly susceptible to frequency analysis, especially if the private key is short and weak. Al-Kindi’s writings also covered cryptanalysis techniques for polyalphabetic ciphers, which replace plaintext with ciphertext from multiple alphabets for an added layer of security far less vulnerable to frequency analysis. 

1467: Considered the father of modern cryptography, Leon Battista Alberti’s work most clearly explored the use of ciphers incorporating multiple alphabets, known as polyphonic cryptosystems, as the middle age’s strongest form of encryption. 

1500: Although actually published by Giovan Battista Bellaso, the Vigenère Cipher was misattributed to French cryptologist Blaise de Vigenère and is considered the landmark polyphonic cipher of the 16th century. While Vigenère did not invent the Vigenère Cipher, he did create a stronger autokey cipher in 1586. 

1913: The outbreak of World War I at the beginning of the 20th century saw a steep increase in both cryptology for military communications, as well as cryptanalysis for codebreaking. The success of English cryptologists in deciphering German telegram codes led to pivotal victories for the Royal Navy.

1917: American Edward Hebern created the first cryptography rotor machine by combining electrical circuitry with mechanical typewriter parts to automatically scramble messages. Users could type a plaintext message into a standard typewriter keyboard and the machine would automatically create a substitution cipher, replacing each letter with a randomized new letter to output ciphertext. The ciphertext could in turn be decoded by manually reversing the circuit rotor and then typing the ciphertext back into the Hebern Rotor Machine, producing the original plaintext message.

1918: In the aftermath of war, German cryptologist Arthur Scherbius developed the Enigma Machine, an advanced version of Hebern’s rotor machine, which also used rotor circuits to both encode plaintext and decode ciphertext. Used heavily by the Germans before and during WWII, the Enigma Machine was considered suitable for the highest level of top-secret cryptography. However, like Hebern’s Rotor Machine, decoding a message encrypted with the Enigma Machine required the advanced sharing of machine calibration settings and private keys that were susceptible to espionage and eventually led to the Enigma’s downfall.

1939-45: At the outbreak of World War II, Polish codebreakers fled Poland and joined many notable and famous British mathematicians—including the father of modern computing, Alan Turing—to crack the German Enigma cryptosystem, a critical breakthrough for the Allied Forces. Turing’s work specifically established much of the foundational theory for algorithmic computations. 

1975: Researchers working on block ciphers at IBM developed the Data Encryption Standard (DES)—the first cryptosystem certified by the National Institute for Standards and Technology (then known as the National Bureau of Standards) for use by the US Government. While the DES was strong enough to stymie even the strongest computers of the 1970s, its short key length makes it insecure for modern applications, but its architecture was and is highly influential in the advancement of cryptography.

1976: Researchers Whitfield Hellman and Martin Diffie introduced the Diffie-Hellman key exchange method for securely sharing cryptographic keys. This enabled a new form of encryption called asymmetric key algorithms. These types of algorithms, also known as public key cryptography, offer an even higher level of privacy by no longer relying on a shared private key. In public key cryptosystems, each user has their own private secret key which works in tandem with a shared public for added security.

1977: Ron Rivest, Adi Shamir and Leonard Adleman introduce the RSA public key cryptosystem, one of the oldest encryption techniques for secure data transmission still in use today. RSA public keys are created by multiplying large prime numbers, which are prohibitively difficult for even the most powerful computers to factor without prior knowledge of the private key used to create the public key.

2001: Responding to advancements in computing power, the DES was replaced by the more robust Advanced Encryption Standard (AES) encryption algorithm. Similar to the DES, the AES is also a symmetric cryptosystem, however, it uses a much longer encryption key that cannot be cracked by modern hardware.

The field of cryptography continues to evolve to keep pace with advancing technology and increasingly more sophisticated cyberattacks. Quantum cryptography (also known as quantum encryption) refers to the applied science of securely encrypting and transmitting data based on the naturally occurring and immutable laws of quantum mechanics for use in cybersecurity. While still in its early stages, quantum encryption has the potential to be far more secure than previous types of cryptographic algorithms, and, theoretically, even unhackable. 

Not to be confused with quantum cryptography which relies on the natural laws of physics to produce secure cryptosystems, post-quantum cryptographic (PQC) algorithms use different types of mathematical cryptography to create quantum computer-proof encryption.

According to the National Institute of Standards and Technology (NIST) (link resides outside ibm.com), the goal of post-quantum cryptography (also called quantum-resistant or quantum-safe) is to “develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.”

IBM cryptography solutions combine technologies, consulting, systems integration and managed security services to help ensure crypto agility, quantum-safety and solid governance and risk compliance. From symmetric to asymmetric cryptography, to hash functions and beyond, ensure data and mainframe security with end-to-end encryption tailor-made to meet your business needs.