Editing History of cryptography (section)

==Modern cryptography==
Encryption in modern times is achieved by using algorithms that have a key to encrypt and decrypt information. These keys convert the messages and data into "digital gibberish" through encryption and then return them to the original form through decryption. In general, the longer the key is, the more difficult it is to crack the code. This holds true because deciphering an encrypted message by brute force would require the attacker to try every possible key. To put this in context, each binary unit of information, or bit, has a value of 0 or 1. An 8-bit key would then have 256 or 2^8 possible keys. A 56-bit key would have 2^56, or 72 quadrillion, possible keys to try and decipher the message. With modern technology, cyphers using keys with these lengths are becoming easier to decipher.  DES, an early US Government approved cypher, has an effective key length of 56 bits, and test messages using that cypher have been broken by brute force key search. However, as technology advances, so does the quality of encryption. Since World War II, one of the most notable advances in the study of cryptography is the introduction of the asymmetric key cyphers (sometimes termed public-key cyphers).  These are algorithms which use two mathematically related keys for encryption of the same message. Some of these algorithms permit publication of one of the keys, due to it being extremely difficult to determine one key simply from knowledge of the other.<ref name="Post" />

Beginning around 1990, the use of the [[Internet]] for commercial purposes and the introduction of commercial transactions over the Internet called for a widespread standard for encryption. Before the introduction of the [[Advanced Encryption Standard]] (AES), information sent over the Internet, such as financial data, was encrypted if at all, most commonly using the Data Encryption Standard (DES). This had been approved by NBS (a US Government agency) for its security, after public call for, and a competition among, candidates for such a cypher algorithm. DES was approved for a short period, but saw extended use due to complex wrangles over the use by the public of high quality encryption.  DES was finally replaced by the AES after another public competition organized by the NBS successor agency, NIST.  Around the late 1990s to early 2000s, the use of public-key algorithms became a more common approach for encryption, and soon a [[hybrid cryptosystem|hybrid of the two schemes]] became the most accepted way for e-commerce operations to proceed. Additionally, the creation of a new protocol known as the Secure Socket Layer, or SSL, led the way for online transactions to take place. Transactions ranging from purchasing goods to online bill pay and banking used SSL. Furthermore, as wireless Internet connections became more common among households, the need for encryption grew, as a level of security was needed in these everyday situations.<ref name="Journal" />

===Claude Shannon===
[[Claude Shannon|Claude E. Shannon]] is considered by many{{weasel inline|date=January 2018}} to be the father of mathematical cryptography. Shannon worked for several years at Bell Labs, and during his time there, he produced an article entitled "A mathematical theory of cryptography". This article was written in 1945 and eventually was published in the Bell System Technical Journal in 1949.<ref name="Shannon1949">[http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf Communication theory of secrecy systems] {{Webarchive|url=https://web.archive.org/web/20070605092733/http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf |date=5 June 2007 }}, Claude Shannon, 1949</ref> It is commonly accepted that this paper was the starting point for development of modern cryptography. Shannon was inspired during the war to address "[t]he problems of cryptography [because] secrecy systems furnish an interesting application of communication theory". Shannon identified the two main goals of cryptography: secrecy and authenticity. His focus was on exploring secrecy and thirty-five years later, G.J. Simmons would address the issue of authenticity. Shannon wrote a further article entitled "A mathematical theory of communication" which highlights one of the most significant aspects of his work: cryptography's transition from art to science.<ref name="Claude Shannon" />

In his works, Shannon described the two basic types of systems for secrecy. The first are those designed with the intent to protect against hackers and attackers who have infinite resources with which to decode a message (theoretical secrecy, now unconditional security), and the second are those designed to protect against hackers and attacks with finite resources with which to decode a message (practical secrecy, now computational security). Most of Shannon's work focused around theoretical secrecy; here, Shannon introduced a definition for the "unbreakability" of a cipher. If a cipher was determined "unbreakable", it was considered to have "perfect secrecy". In proving "perfect secrecy", Shannon determined that this could only be obtained with a secret key whose length given in binary digits was greater than or equal to the number of bits contained in the information being encrypted. Furthermore, Shannon developed the "unicity distance", defined as the "amount of plaintext that… determines the secret key."<ref name="Claude Shannon" />

Shannon's work influenced further cryptography research in the 1970s, as the public-key cryptography developers, M. E. Hellman and W. Diffie cited Shannon's research as a major influence. His work also impacted modern designs of secret-key ciphers. At the end of Shannon's work with cryptography, progress slowed until Hellman and Diffie introduced their paper involving "public-key cryptography".<ref name="Claude Shannon" />

===An encryption standard===
The mid-1970s saw two major public (i.e., non-secret) advances. First was the publication of the draft [[Data Encryption Standard]] in the U.S. ''Federal Register'' on 17 March 1975. The proposed DES cipher was submitted by a research group at [[International Business Machines|IBM]], at the invitation of the National Bureau of Standards (now [[NIST]]), in an effort to develop secure electronic communication facilities for businesses such as banks and other large financial organizations. After advice and modification by the [[NSA]], acting behind the scenes, it was adopted and published as a [[Federal Information Processing Standard]] Publication in 1977 (currently at [http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf FIPS 46-3]). DES was the first publicly accessible cipher to be 'blessed' by a national agency such as the NSA. The release of its specification by NBS stimulated an explosion of public and academic interest in cryptography.

The aging DES was officially replaced by the [[Advanced Encryption Standard]] (AES) in 2001 when NIST announced FIPS 197. After an open competition, NIST selected [[Rijndael]], submitted by two Belgian cryptographers, to be the AES. DES, and more secure variants of it (such as [[Triple DES]]), are still used today, having been incorporated into many national and organizational standards. However, its 56-bit key-size has been shown to be insufficient to guard against [[brute force attack]]s (one such attack, undertaken by the cyber civil-rights group [[Electronic Frontier Foundation]] in 1997, succeeded in 56 hours.<ref>Electronic Frontier Foundation, ''Cracking DES'', O'Reilly, 1998.</ref>) As a result, use of straight DES encryption is now without doubt insecure for use in new cryptosystem designs, and messages protected by older cryptosystems using DES, and indeed all messages sent since 1976 using DES, are also at risk. Regardless of DES' inherent quality, the DES key size (56-bits) was thought to be too small by some even in 1976, perhaps most publicly by [[Whitfield Diffie]]. There was suspicion that government organizations even then had sufficient computing power to break DES messages; clearly others have achieved this capability.

===Public key===
The second development, in 1976, was perhaps even more important, for it fundamentally changed the way cryptosystems might work. This was the publication of the paper "New Directions in Cryptography"  by [[Whitfield Diffie]] and [[Martin Hellman]].<ref>Whitfield Diffie and Martin Hellman, [http://www-ee.stanford.edu/~hellman/publications/24.pdf "New Directions in Cryptography], ''IEEE Transactions on Information Theory'', vol. IT-22, no. 6, November 1976.</ref> It introduced a radically new method of distributing cryptographic keys, which went far toward solving one of the fundamental problems of cryptography, key distribution, and has become known as [[Diffie–Hellman key exchange]]. The article also stimulated the almost immediate public development of a new class of enciphering algorithms, the [[asymmetric key algorithm]]s.

Prior to that time, all useful modern encryption algorithms had been [[symmetric key algorithm]]s, in which the same [[cryptographic key]] is used with the underlying algorithm by both the sender and the recipient, who must both keep it secret. All of the electromechanical machines used in World War II were of this logical class, as were the [[Caesar cipher|Caesar]] and [[Atbash]] ciphers and essentially all cipher systems throughout history. The 'key' for a code is, of course, the codebook, which must likewise be distributed and kept secret, and so shares most of the same problems in practice.

Of necessity, the key in every such system had to be exchanged between the communicating parties in some secure way prior to any use of the system (the term usually used is 'via a [[secure channel]]') such as a trustworthy courier with a briefcase handcuffed to a wrist, or face-to-face contact, or a loyal carrier pigeon. This requirement is never trivial and very rapidly becomes unmanageable as the number of participants increases, or when secure channels aren't available for key exchange, or when, as is sensible cryptographic practice, keys are frequently changed. In particular, if messages are meant to be secure from other users, a separate key is required for each possible pair of users. A system of this kind is known as a secret key, or [[symmetric key]] cryptosystem. D-H key exchange (and succeeding improvements and variants) made operation of these systems much easier, and more secure, than had ever been possible before in all of history.

In contrast, [[asymmetric key algorithm|asymmetric key]] encryption uses a pair of mathematically related keys, each of which decrypts the encryption performed using the other. Some, but not all, of these algorithms have the additional property that one of the paired keys cannot be deduced from the other by any known method other than trial and error. An algorithm of this kind is known as a public key or [[asymmetric key cryptography|asymmetric key]] system. Using such an algorithm, only one key pair is needed per user. By designating one key of the pair as private (always secret), and the other as public (often widely available), no secure channel is needed for key exchange. So long as the private key stays secret, the public key can be widely known for a very long time without compromising security, making it safe to reuse the same key pair indefinitely.

For two users of an asymmetric key algorithm to communicate securely over an insecure channel, each user will need to know their own public and private keys as well as the other user's public key. Take this basic scenario: [[Alice and Bob]] each have a pair of keys they've been using for years with many other users. At the start of their message, they exchange public keys, unencrypted over an insecure line. Alice then encrypts a message using her private key, and then re-encrypts that result using Bob's public key. The double-encrypted message is then sent as digital data over a wire from Alice to Bob. Bob receives the bit stream and decrypts it using his own private key, and then decrypts that bit stream using Alice's public key. If the final result is recognizable as a message, Bob can be confident that the message actually came from someone who knows Alice's private key (presumably actually her if she's been careful with her private key), and that anyone eavesdropping on the channel will need Bob's private key in order to understand the message.

Asymmetric algorithms rely for their effectiveness on a class of problems in mathematics called one-way functions, which require relatively little computational power to execute, but vast amounts of power to reverse, if reversal is possible at all. A classic example of a one-way function is multiplication of very large prime numbers. It's fairly quick to multiply two large primes, but very difficult to find the factors of the product of two large primes. Because of the mathematics of one-way functions, most possible keys are bad choices as cryptographic keys; only a small fraction of the possible keys of a given length are suitable, and so asymmetric algorithms require very long keys to reach the same [[level of security]] provided by relatively shorter symmetric keys. The need to both generate the key pairs, and perform the encryption/decryption operations make asymmetric algorithms computationally expensive, compared to most symmetric algorithms. Since symmetric algorithms can often use any sequence of (random, or at least unpredictable) bits as a key, a disposable ''session key'' can be quickly generated for short-term use. Consequently, it is common practice to use a long asymmetric key to exchange a disposable, much shorter (but just as strong) symmetric key. The slower asymmetric algorithm securely sends a symmetric session key, and the faster symmetric algorithm takes over for the remainder of the message.

Asymmetric key cryptography, Diffie–Hellman key exchange, and the best known of the public key / private key algorithms (i.e., what is usually called the RSA algorithm), all seem to have been independently developed at a UK intelligence agency before the public announcement by Diffie and Hellman in 1976. GCHQ has released documents claiming they had developed public key cryptography before the publication of Diffie and Hellman's paper.<ref>{{Cite web |last=WAYNER |first=PETER |date=December 24, 1997 |title=British Document Outlines Early Encryption Discovery |url=https://archive.nytimes.com/www.nytimes.com/library/cyber/week/122497encrypt.html |access-date=2025-02-28 |website=New York Times}}</ref> Various classified papers were written at [[GCHQ]] during the 1960s and 1970s which eventually led to schemes essentially identical to RSA encryption and to Diffie–Hellman key exchange in 1973 and 1974. Some of these have now been published, and the inventors ([[James H. Ellis]], [[Clifford Cocks]], and [[Malcolm Williamson (cryptographer)|Malcolm Williamson]]) have made public (some of) their work.

===Hashing===
[[Hash function|Hashing]] is a common technique used in cryptography to encode information quickly using typical algorithms. Generally, an [[algorithm]] is applied to a string of text, and the resulting string becomes the "hash value". This creates a "digital fingerprint" of the message, as the specific hash value is used to identify a specific message. The output from the algorithm is also referred to as a "message digest" or a "check sum". Hashing is good for determining if information has been changed in transmission. If the hash value is different upon reception than upon sending, there is evidence the message has been altered. Once the algorithm has been applied to the data to be hashed, the hash function produces a fixed-length output. Essentially, anything passed through the hash function should resolve to the same length output as anything else passed through the same hash function. It is important to note that hashing is not the same as encrypting. Hashing is a one-way operation that is used to transform data into the compressed message digest. Additionally, the integrity of the message can be measured with hashing. Conversely, encryption is a two-way operation that is used to transform plaintext into cipher-text and then vice versa. In encryption, the confidentiality of a message is guaranteed.<ref name=CISSP />

Hash functions can be used to verify digital signatures, so that when signing documents via the Internet, the signature is applied to one particular individual. Much like a hand-written signature, these signatures are verified by assigning their exact hash code to a person. Furthermore, hashing is applied to passwords for computer systems. Hashing for passwords began with the [[Unix|UNIX]] operating system. A user on the system would first create a password. That password would be hashed, using an algorithm or key, and then stored in a password file. This is still prominent today, as web applications that require passwords will often hash user's passwords and store them in a database.<ref name="Hash Function" />

===Cryptography politics===
The public developments of the 1970s broke the near monopoly on high quality cryptography held by government organizations (see S Levy's ''Crypto'' for a journalistic account of some of the policy controversy of the time in the US). For the first time ever, those outside government organizations had access to cryptography not readily breakable by anyone (including governments). Considerable controversy, and conflict, both public and private, began more or less immediately, sometimes called the [[crypto wars]]. They have not yet subsided. In many countries, for example, [[export of cryptography]] is subject to restrictions. Until 1996 export from the U.S. of cryptography using keys longer than 40 bits (too small to be very secure against a knowledgeable attacker) was sharply limited. As recently as 2004, former [[FBI]] Director [[Louis Freeh]], testifying before the [[9/11 Commission]], called for new laws against public use of encryption.

One of the most significant people favoring strong encryption for public use was [[Phil Zimmermann]]. He wrote and then in 1991 released [[Pretty Good Privacy|PGP]] (Pretty Good Privacy), a very high quality [[crypto system]]. He distributed a freeware version of PGP when he felt threatened by legislation then under consideration by the US Government that would require backdoors to be included in all cryptographic products developed within the US. His system was released worldwide shortly after he released it in the US, and that began a long criminal investigation of him by the [[US Department of Justice]] (DOJ) for the alleged violation of export restrictions.  The DOJ eventually dropped its case against Zimmermann, and the freeware distribution of PGP has continued around the world. PGP even eventually became an open [[IETF|Internet]] standard (RFC 2440 or [[OpenPGP]]).

===Modern cryptanalysis===
While modern ciphers like [[Advanced Encryption Standard|AES]] and the higher quality asymmetric ciphers are widely considered unbreakable, poor designs and implementations are still sometimes adopted and there have been important cryptanalytic breaks of deployed crypto systems in recent years. Notable examples of broken crypto designs include the first [[Wi-Fi]] encryption scheme [[Wired Equivalent Privacy|WEP]], the [[Content Scrambling System]] used for encrypting and controlling DVD use, the [[A5/1]] and [[A5/2]] ciphers used in [[GSM]] cell phones, and the [[CRYPTO1]] cipher used in the widely deployed [[MIFARE]] Classic [[smart card]]s from [[NXP Semiconductors]], a spun off division of [[Philips Electronics]]. All of these are symmetric ciphers. Thus far, not one of the mathematical ideas underlying public key cryptography has been proven to be 'unbreakable', and so some future mathematical analysis advance might render systems relying on them insecure. While few informed observers foresee such a breakthrough, the key size recommended for security as best practice keeps increasing as increased computing power required for breaking codes becomes cheaper and more available. [[Quantum computer]]s, if ever constructed with enough capacity, could break existing public key algorithms and efforts are underway to develop and standardize [[post-quantum cryptography]].

Even without breaking encryption in the traditional sense, [[side-channel attack]]s can be mounted that exploit information gained from the way a computer system is implemented, such as cache memory usage, timing information, power consumption, electromagnetic leaks or even sounds emitted. Newer cryptographic algorithms are being developed that make such attacks more difficult.