When people talk about cryptography history, you’ll often hear tales of the Greeks and Spartans using their transposition ciphers to send military orders, or the Arabic Book of Cryptographic Messages from the 700s.
But modern cryptography history is just as fascinating as those tales of yore, and far more technically interesting. Whether we’re talking about encryption for data at rest or encryption for data in transit, the past 50 years have seen more cryptographic advancements than anything in the entirety of human history.
Because ‘modern’ is a relative term that might refer to any era post World War II, we need to pick a point in time that really shook up the world of encryption; a shockwave that still ripples to this day. That would be the mid-1970s.
The Data Encryption Standard
When the US government asked for a better encryption standard in the 1970s, IBM answered the call. In March 1975, they published the Data Encryption Standard (DES) for open comments in the Federal Register. After some intentional weakening by the government so that people didn’t make it too hard for them to brute force really important messages, DES was approved for public use.
There were critics who said that it was too vulnerable to brute force attacks, but with nothing better being proposed, mass adoption was bound to happen. With all of its warts and flaws, DES became the standard for mass market encryption until the mid 90s, when public computing power started to seriously outpace the protocol’s effective key size.
Introducing Diffie And Hellman
When we talk about techniques that changed the cryptography history, public key usage has to be high on the list. Whitfield Diffie and Martin E. Hellman published their paper ‘New Directions In Cryptography’ in late 1976. It introduced the concept of asymmetric cryptography, where a public key is used to encrypt something and only the holder of the corresponding private key can decipher the message.
Diffie and Hellman quite literally changed the world. Their invention allows the Internet as you know it today to have any measure of security whatsoever, including protocols like TLS, PGP, MIME, and SSH. It also allows you to use digital signatures, non-repudiation systems, and virtual currency in its various forms.
Naory and Yung – A Side Of Hash
By the time the mid 80s rolled around, the value of fast ways to protect sensitive files was starting to dawn on people. People started to research easy encryption for data at rest, which at the time meant it was sitting in memory, on a floppy drive, or on a hard drive, was becoming a huge priority.
But true encryption wasn’t the answer at all, as it turned out. Enter Moni Naory and Moti Yung, writing the seminal paper Universal One-Way Hash Functions and their Cryptographic Applications. It wasn’t the most catchy title, but the contents would change system security for both mainframes and personal computers forever.
Hashing became the standard way to encode password lists and sensitive text. It produced a fixed length file that couldn’t be differentiated from a thousand similar files. To actually safeguard the contents of those files, such as passwords, salting techniques were added. This would eventually lead to the UNIX shadow password system, SHA standards, and increased security across the board… particularly when the Internet came around.
Phil Zimmermann Did Pretty Good
It might seem odd that a compilation of existing protocols would be considered a revolutionary leap forward in encryption, but it absolutely was for one simple reason: Ease of use.
Pretty Good Privacy (PGP) came out in 1993 and sparked the interest of every budding Internet user, and every federal agent, around the world. Phil Zimmermann had made an esoteric combination of encryption and hashing protocols easy to implement by even a novice user. He also insisted on strong encryption, well over the 40 bit key size limits imposed by the US government on cryptographic exports.
Zimmermann fought the feds in court and in the press. He included the source code with every copy of PGP and even published a book that you could rip the covers off and scan into OCR software so that PGP could be legally imported all over the world. He was a pioneer for modern encryption rights.
Taher Elgamal And Netscape Secured Your Sockets
It might seem strange, given that Netscape is the punchline of almost as many early Internet jokes as AOL, but one of the earliest web browser companies did something revolutionary that we emulate in one form or another to this day.
The late 80s saw the Internet break out of strict government and academic use, and by the early 90s people were scrambling away from old BBS’s and towards this brave new frontier.
Netscape’s Taher Elgamal created a theoretical protocol that would prevent the plaintext scanning of data in transit, essentially protecting a user from ISP eavesdropping and man in the middle attacks. After a couple of false starts and security disasters in 1994 and 1995, Paul Kocher and his team at Netscape put everything together to release Secure Sockets Layer (SSL) version 3 in 1996.
SSL was a game changer. It would eventually be replaced by Transport Layer Security (TLS) in the 2000s, but back in the early Wild West days of the Internet, SSL prevented non-techies from being utterly destroyed, defrauded, and otherwise taken advantage of. The world of quiet, efficient, automatic encryption had arrived.
And So It Goes
Much of the cryptography and many of the protocols that we use in the 2020s are improvements on the pioneering technologies listed above.
That’s not to say that everything is just a rehash of what came before. There are absolutely new innovations that have happened over the past decade, ranging from the non-theoretical emergence of quantum cryptography to the surprising choice of a sponge-based structure for the SHA-3 standard (Keccak).
But those chapters in cryptography history are still being written, and their full impact won’t be measured for some time. Until then, let’s remember those who came before us, and the work that they did to help keep us safe in chaotic times.
