While cryptography looked different in early civilizations, we have

evidence of cryptographic techniques as early as 1900 BC in Egypt,

when there was an inscription carved into the main chamber of the tomb
of nobleman Khnumhotep II. The hieroglyphics used were different than
the usual ones, in a process now known as symbol replacement.
However, this wasn’t necessarily a secret code. Rather, they changed the
form of writing to make it appear more dignified.

In 1500 BC, a Mesopotamian scribe used cryptography to conceal a

formula for pottery glaze. This example is the first known use of
cryptography to hide secret information.

These aren’t the only examples, though. There has been evidence of use
of cryptography in almost every major early civilization. In early India,
“Arthashashtra,” an ancient work on statecraft written by Kautilya, also
known as Chanakya, describes how assignments were given to spies in
“secret writing.”

The ancient Greeks were known to use ciphers (an algorithm used for
encryption or decryption), to transform a message. In 100 BC, Julius
Caesar used a form of encryption to share secret messages with his army
generals at war. Perhaps you have heard of the Caesar Cipher, as it is
one of the most well-known uses of cryptography. Otherwise known as a
substitution cipher, each character of the plain text is substituted by
another character, forming the cipher text. For example, A becomes D, B
becomes E, C becomes F — do you spot the shift of 3?

In the 16th century, the Vigenère Cipher came to be. This method
encrypts alphabetic text by using a series of interwoven Caesar ciphers,
based on letters of a keyword. This is known as polyalphabetic
substitution. While it was first described by Giovan Battista Bellaso in
1553, Blaise de Vigènere got the credit in the 19th century.

Although this cipher is more secure than the Caesar cipher and many
people have implemented

ENCRYPTION TECHNIQUES: A TIMELINE APPROACH† Author and co-author T Morkel 1

, JHP Eloff 2

Cryptography is the art of enciphering and deciphering of encoded messages [1]. It can be seen
as an ancient art that has taken many forms over the years. Encryption started with simple pen-
and-paper methods based on letter substitutions. From here it evolved into special machines that
were built to encrypt messages. Today we have moved away from the more physical methods,
and the focus is on digital encryption that can only be done using computers. Cryptanalysis, on
the other hand, is the art of “breaking” or “cracking” these encryption methods; i.e. the process
of deducing the meaning of specially encoded messages without actually being the legitimate
sender or receiver. The battle of codemakers versus codebreakers has been going on for quite
some time. More than once a new “unbreakable” cipher has been developed by codemakers only
to be “broken” by some codebreaker. The remainder of this paper will focus on constructing a
timeline for encryption events. Explanations of each of these events will follow. The timeline
ends with quantum encryption – a new technology that is still in its embryonic phase. In the final
section of the paper, different encryption techniques are evaluated according to certain criteria
and compared.

Encryption techniques can be divided into two classes; traditional encryption techniques and
modern encryption techniques. Traditional encryption techniques are pen-and-paper based
techniques developed in an age when computers did not exist, although some of these ideas can
be, and have been, transformed into computer-based algorithms. With the start of the Computer
Era, which can be marked with the appearance of the first computer, encryption techniques
underwent a major change. Encryption techniques were being specifically designed for computer
usage and used ‘bits’ instead of the alphabet. These encryption techniques are called modern
encryption techniques. Both of these encryption techniques will be discussed in detail further on
in this paper

2003 First commercial use of quantum encryption 2000 Advanced Encryption Standard (AES)
developed 1991 First quantum encryption system developed 1984 BB84 protocol proposing
quantum encryption published 1978 RSA published 1977 Data Encryption Standard (DES)
created 1976 Public key encryption proposed by Hellman and Diffie 1970 Lucifer algorithm
developed, later evolved into triple-DES 1943-1945 First computer created 1942 Navajo
windtalkers used in World War II 1923 Arthur Scerbius builds the German Enigma machine
1917 Vernam cipher invented 1854 Charles Babbage reinvents the wheel cipher 1790s Thomas
Jefferson invents the wheel cipher 1585 Blaise de Vigenére writes a book on ciphers 1553
Password idea introduced by Giovan Belaso . . THE DARK AGE OF ENCRYPTION 50-60 BC
Caesar Cipher introduced by Julius Caesar 486 BC Greek skytale presumably used 500 – 600 BC
Hebrew ATBASH cipher used in writing the book of Jeremiah 1500 BC Mesopotamian tablet
with encrypted recipe for pottery glaze 1900 BC First documented cryptography in Egypt Figure
1: Timeline of encryption events Traditional encryption techniques The Computer Era Modern
encryption techniques.

Traditional encryption techniques are the earliest methods of encryption and have been around
for centuries. They are pen-and-paper based techniques, although some rely on the spoken word.
The main characteristic of traditional encryption techniques is that they were designed in an age
when modern computers did not exist. Some of these traditional encryption techniques used
physical objects, or mechanical machines, to conduct the encryption. Generally, traditional
encryption techniques rely on the substitution of letters and the use of different symbols with the
same meaning. The main component of any traditional encryption technique was the alphabet.
Historians believe that the first case of cryptography was in ancient China where the written
language itself was used as an encryption technique [2]. Only upper-class citizens were allowed
to learn how to read and write and could thus convey secret messages to each other, without
peasants being able to decipher the messages. The first documented use of cryptography,
however, dates back to 1900 BC in Egypt [2], where inscriptions were found that contained, not
a different set of hieroglyphs, but a system of partial nonstandard hieroglyphs. The conclusion is
that the scribe used some kind of encryption method to hide the true meaning of the hieroglyph.
In Mesopotamia, in 1500 BC, a tablet was found that contained an encrypted recipe for pottery
glaze [2]. Between 500 and 600 BC, Hebrew scribes used the ATBASH cipher when writing the
book of Jeremiah [c]. The ATBASH cipher was a reversed substitution cipher where the last
letter of the alphabet was used as the first, and vice versa. This cipher was clearly a very simple
cipher, since there was only one possible answer to break the code. In 486 BC, an encryption
method, called Greek Skytale, was developed as a military encryption technique [a]. Soldiers
wrapped a strip of papyrus around a piece of wood. The message was written on the papyrus and
when it was taken off the wood, different parts of the message was on different parts of the
papyrus. Only when the papyrus was wrapped around a matching piece of wood, could the true
meaning be deduced. There have, however, been allegations recently that the Greek Skytale is
just a myth. The most famous traditional encryption method is probably the Caesar Cipher,
developed by Julius Caesar between 50 and 60 BC [1]. The Caesar Cipher worked on the
principle of substitution, where each letter in the alphabet is substituted for another letter. In this
case each letter was transposed with another three places after the original letter in the alphabet.

The Caesar cipher is quite a simple cipher, but was very effective and successful in the time of
Julius Caesar because very few people could read and write. The Caesar Cipher’s major
disadvantage was the fact that a very obvious pattern arose from the coded message which could
easily be deciphered with a little time and patience. In Europe, the period between 500 and 1400
AC was known as the “dark age of encryption”. A large amount of knowledge about encryption
was lost because encryption was seen as a black magic [b] and consequently banned. In 1553
Giovan Belaso first mentioned the idea of a password [b]. He suggested a type of encryption
where the correct password was needed to decrypt the encrypted message. This password is the
The oldest encryption algorithm still used today was developed in 1917 by Gilbert Vernam and
is called the Vernam Cipher [d]. The Vernam Cipher is a version of a one-time pad – an
algorithm that uses substitution where no pattern can arise. The sender encrypts a message using
a randomly generated key and adds each bit of the key to the corresponding bit of the message.
The receiver then decrypts the message by subtracting the same key. The Vernam Cipher is the
only traditional encryption technique that provides perfect secrecy. Unfortunately the system has
some drawbacks. Due to the nature of the algorithm, an eavesdropper would be able to deduce
some information from a pattern in the coded message if the same key had been used before. A
further problem is that the key has to be exactly as long as the message, which makes it more
difficult to distribute the key securely. In 1923 Arthur Scerbius invented the Enigma machine
[d]. Eventually the German government took over the patent and improved the machine to create
the TYPEX machine used in the Second World War. The machine consisted of five rotors that
changed the letters of the alphabet. Reversing the process could decrypt the message. The coding
of the Enigma machine was broken in the 1930s by the Polish mathematician, Marian Rejewski
[a]. The rotor-based Enigma was used as the basis for many encryption machines, but all of them
have been compromised. An example of where spoken – and written – language was used as an
encryption device is the Navajo windtalkers used by the American military in the Second World
War in 1942 [d]. These were Native American soldiers that communicated messages in their
native language – a language so complex that the enemy could not understand the messages.
Between 1943 and 1945, the first general purpose electronic computer, the Electronic Numerical
Integrator and Computer, referred to as ENIAC was built [e]. The people who designed this
breakthrough technology were John Mauchly, J. Presper Eckert and Lieutenant Herman
Goldstine [f]. ENIAC was originally designed to assist with complex mathematical functions in
World War II and could perform calculations up to a thousand times faster than its predecessor,
the mechanical calculator, and marks the start of the modern computer age. For the purpose of
this paper, it is accepted that ENIAC was the first computer.

c A new class of encryption techniques, from now on referred to as modern encryption

techniques, were thus developed. Modern encryption techniques are specifically designed for use
on computers and no longer concern the written alphabet. The focus is on the use of binary bits.
One of the main problems of traditional encryption techniques was the fact that if you wanted to
communicate secretly with more than one person, you would have to have a separate secret
language for each person. This would not have been very practical, and scientists were forced to
design a new type of algorithm. The solution was standardised algorithms. The algorithm, and
how it worked, would be publicly announced and the secrecy of the message would rely on
another factor. Thus the cryptographic key was designed. Every message or transmission has a
cryptographic key; sometimes shared by the sender and receiver. This key is used when
encrypting and decrypting the message, and without the key no one can decipher the message.
The cryptographic key is an important characteristic of modern encryption techniques. Modern
encryption techniques can also be divided into two groups, asymmetrical encryption and
symmetrical encryption. The following is a short description of each

4.1 Symmetrical Encryption Also known as secret-key encryption, symmetrical cryptosystems

require the sender and receiver to have the same secret key. This single key is required for both
the encryption and decryption of the message. A classic among the symmetric ciphers is the Data
Encryption Standard known as DES. DES was developed in the 1970s and got the official
approval of NIST (The United States National Institute of Standards and Technology) in 1977
[2]. DES uses substitution and permutation to scramble the bits of a message. Today DES is
considered to be a weak encryption method since it was compromised by a machine built by the
Electronic Frontier Foundation in 1998 [g]. The machine, Deep Crack, used 19- billion keys per
second to try to guess the correct key, which was found in 4.5 days. In 1999 an Internet project
was able to test 250-billion keys per second, which resulted in DES being cracked in a few hours
[2]. 9 Triple DES, also referred to as 3DES, was developed as an improvement to the DES
algorithm. It uses up to three keys in succession, together with three different encryption
operations and has not been compromised to date. The successor of 3DES is the Advanced
Encryption Standard (AES). AES is based on the Rijndael algorithm that was chosen from a list
of contenders by NIST. AES is also bases on transposing the bits of a message in conjunction
with the cryptographic key. While DES is still used frequently in governmental and military
operations, it will soon be replaced with AES. The main problem with symmetrical encryption is
that if the key is lost, or stolen, the entire transmission can be compromised since the interceptors
can immediately decrypt the message with the one key. This leads to another problem which is
the distribution of keys. A key must either be communicated in a faceto-face manner, or must be
delivered through a very trusted courier. Both methods are inconvenient to both parties as well as
putting the method at risk. 4.2 Asymmetrical encryption Asymmetrical encryption methods, also
referred to as Public Key encryption systems, were developed in 1976 by Whitefield Diffie and
Martin Hellman [3]. The principle of public key encryption is that both parties, the sender as well
as the receiver, have a pair of keys. The one key does not have to be kept secret and is called the
public key. The two different keys held by the parties have different uses – one is used for
encryption and the other for decryption. The encryption key is the public key, while the
decryption key is the “private” key. The private key must be kept secret. The public and the
private key are mathematically related so that anything encrypted with the one can be decrypted
with the other. The sender takes the receiver’s key, which is publicly available on a website for
instance, and encrypts a message. He then sends it to the receiver who will only be able to
decrypt the message with his private key. The main advantage of this method is that the sender
and receiver do not have to exchange keys at any time. The first implementation of a public key
cryptosystem was developed by Ronald Rivest, Adi Shamir and Leonard Adleman in 1978 and
was called the RSA algorithm [1]. RSA uses a one-way function based on the multiplication of
prime numbers to determine the key and relies on the fact that is it very difficult to factorise a
large number into two prime numbers. The complexity of this mathematical problem increases
exponentially the larger the numbers are, and for this reason the key-size of RSA is usually large
and slow 10 to compute. Regardless, RSA is seen as a very secure system and is widely used
today, especially for key distribution. Public key encryption thus solves the key distribution
problem of symmetric encryption, but unfortunately not without potential problems. The
difficulty of the mathematical functions that public key encryption relies on can be seen as
relative. At the moment there does not exist a mathematical algorithm that can factorise a
number into prime numbers quickly. But if a mathematician were to develop such an algorithm,
the RSA system will be compromised and many institutions that use the algorithm will be
vulnerable. Another issue with public key encryption is the fact that at the moment there does not
exist a central certificate authority, only a decentralised model. This poses a problem in that if a
sender wants to acquire and authenticate a receiver’s public key, he has to do so at a certificate
authority. A trust relationship is needed between certificate authorities, or alternately, only one
certificate authority should exist. To effectively evaluate encryption techniques, the different
encryption techniques must be examined and evaluated according to criteria, especially from a
business perspective. Some of the evaluation criteria were taken from the list of specifications
that NIST compiled when they evaluated the proposals for the Advanced Encryption Standard
[i]. Further criteria were taken from a paper by Bruce Schneier, entitled “Security in the Real
World: How to evaluate security technology” [9]. The criteria are as follows: · Robustness –
With the advances in technology it is of vital importance that any encryption system is robust
enough to withstand the advances in technology. The more an encryption technique relies on
mathematics, the less the robustness. · Availability – Some of the encryption techniques
discussed have been around for years, but not all are fully functional yet. Those that have been
around for some time may have the advantage of being “tried-and-tested”, while some
organisations are not familiar with others. · Integration [i] – The integration level of an
encryption system will depend on how easily it can be integrated at the application level. The
encryption technique must be able to be implemented on software and hardware. · Distribution –
With present day technology evolving around the Internet and networks, it is important that
encryption techniques work on an entire network, not only on a point-to-point basis. When one
broadcasts a message through a network all the intended recipients should get the same
encrypted, secure message. · Time efficiency [i] – Users expect encryption to be immediate,
otherwise the process is cumbersome. The time efficiency of an encryption technique measures
how long it takes to encrypt and decrypt information. · Flexibility [i] – The flexibility issues of
an encryption technique refer to the use of keys and whether the key lengths are set, or whether
different key lengths can be used. · Reliance on users [9] – In many systems, security is based on
user-remembered secrets. When a user has to choose a key or a password, he/she usually chooses
something that he/she will be able to remember. The issue is whether the encryption techniques
will fail if a user has chosen a “bad” password or key. 12 · Tested [9] – Before an encryption
technique can be made publicly available for purchasing it has to be tested thoroughly. The
amount of testing done in a laboratory or in a public symposium may influence the security of an
encryption technique. · Governmental support [9] – In our society, businesses may be inclined to
make use of an encryption technique if the government regards it as being secure. Some
encryption algorithms have been approved by the government. · Security [i] – The main, and
most obvious, criterion for an encryption technique is the security of the algorithm. Has the
algorithm been compromised? Is there any reason why the security of the algorithm is doubted?
Most organisations invest in encryption techniques to ensure the confidentiality of their
information, and this is the deciding factor. This evaluation will not discuss all the encryption
techniques mentioned in this paper, but will rather focus on those encryption techniques that are
used at present, or may be used in the future. In Table 1 AES (Advanced Encryption Standard),
the public -key system RSA and quantum encryption is compared

8.

World War 2 encryption

Before and during WW2, encryption changed dramatically
as machine and electromechanical encryption and
decryption were born. The process contributed to the
invention of modern computers. Arthur Scherbius invented
the rotor and gear-based Enigma machine. In the early
years of the war, the Germans could pass orders and
information in total secrecy as a result. Cracking the code
would have required trying around 17,000 different
combinations within 24 hours.

Breaking Enigma was a necessity to the allied war effort,

which led to the institutionalization of cryptography as a
science and also inspired Alan Turing to develop and use
the first machine capable of using computing power to
break encryption.

tresorit

Stanford univesity
Corporations around the world need to have some means of transmitting secret and
classified data. Whether it is credit information or company strategies, there is a
tremendous flow of data among many sources that needs to be somehow kept secret
and cryptography is the way to achieve this. There have been many methods proposed
and attempted. We start with a technique known as private key cryptography.

Private Key Cryptography

Private key cryptography is perhaps the most traditional method of cryptography.

One user would use a key that only s/he knew to encrypt a message using some
function T. Perhaps the earliest cryptosystem was developed by the Greek historian
Polybios. He used a grid of letters where each letter of the message was replaced by
the two letters indicating the row and column in which the original letter lies. Here is
a Polybios square with the English alphabet excluding the letter J.

SYDWZ
R I P U L
HCA X F
TNO G E
BKM Q V

Here P would be replaced by RD and G would be replaced by TW. The next

system we explore is the CAESAR system. Although Suetonius claims that Caesar
used this system, Caesar actually replaced his Latin letters with Greek ones in a way
that he did not make fully clear. The system that bears his name uses a simple
technique and a private key. In this system, each letter is replaced by the kth letter
beyond it, where k is the key. For example, say the message were the word
"PRIVATE" and we use the private key k=4. Under the CAESAR system this would
yield TVMZEXI. The user could then send this message to the recipient who also
knew the algorithm and the key. This is a very simple example of a private key
algorithm.

CAESAR is quite easy to break if an outsider were to know the algorithm,

regardless of whether or not s/he had the key. A person would need only try a
maximum of 26 permutations before finding an intelligible word. Most modern
private key algorithms are actually quite more complex and thus difficult to break, but
they all rely on the key remaining private. The problem then becomes the
transportation of the key to the person who will be receiving the message. This is
usually done by a courier, but the cost of frequently changing and distributing keys
becomes quite expensive.

In 1977 the National Bureau of Standards created the Data Encryption Standard
(DES) which was quite revolutionary at the time. DES was the first attempt at creating
a universal encryption standard. DES was extremely successful and still remains as
the most widely used cryptosystem of all time. Some of DES's main attributes are that
the algorithm is extremely fast and it behaves according to the avalanche effect. What
this means is that a small change in your key will yield very large differences in the
produced cryptotext, thus making DES very difficult to break. Theoretical breaks of
DES have been proposed, but they are still too costly and take to long to be
considered true security risks. Machines designed specifically to break DES have been
proposed, but their price estimates can range anywhere from millions of dollars to
hundreds of millions of dollars and their performance estimates range from hours to a
hundred days.