In this module, we take a whirlwind tour through many thousands of years of human experience to get an admittedly superficial history, historical context for the evolution of the cryptographic principles we'll be studying in this specialization. So, keep in mind that this is not comprehensive but more in the way of a teaser. There is a lot more intriguing information out there for the asking. Another point to keep in mind is that the historical accuracy of some items, particularly those relating to ancient times, are not universally agreed upon. Plus, perhaps more so than most topics, the history of cryptography itself is often shrouded in secrecy for decades after events have passed and it is not uncommon for deliberate efforts to have been made to destroy evidence, such as cipher and code breaking machines, once they're no longer needed. Thus, much of the historical record is based on reconstructions from decades old recollections of people that might only have been peripherally involved with the work. And that this must then compete with conjectures, myths and total fabrications that have taken root in the knowledge vacuum of the intervening years. In the first lesson of this module, we'll gain an informal notion of what cryptography is, what its goals are, and look at some of the early attempts at attaining them. In the second lesson, we'll learn about the distinction between a cipher and a code as well as the two fundamentally different types of ciphers. We'll also start learning about cryptanalysis, the breaking of codes and ciphers. In the final lesson, we'll learn more about cryptanalysis by looking at some historical successes that are of particular interest. The lessons in this module are a bit longer than usual since this is intended to be more of a pleasure excursion than a deep technical examination. But don't worry, we'll get to that in short order. Simply put, cryptography is the art and science of secret communications. Humans have likely wanted to keep secrets from each other from the earliest days of our existence. As a result, cryptography has been around for as long as we have and it evolved for tens of thousands of years before it ever had a name or was studied in any systematic way. For millennia, it was probably sufficient to rely on the fact that people separated by even short distances seldom spoke the same language or that later, literacy rates were so low that written messages that fell into the wrong hands couldn't be read. But eventually, these tactics became too risky as human societies evolved into nation states conducting organized diplomacy in warfare. Secret communications took on greater importance, involved larger groups of people, and needed to be conveyed over increasingly greater distance. More formal and coordinated efforts were needed. Thus began the true field of cryptography, first as an intuitive art and later is a highly polished science. When talking about cryptography, it is important to keep in mind the goals we are trying to achieve. So, we constantly find ourselves talking about how cryptography helps the good guys foil the bad guys. The field has developed an entire cast of characters that help us communicate various aspects of the interplay between these good guys and bad guys. We'll start off with just a few of them. In the classic jargon of the crypto world, Alice and Bob are our two good guys. They want to communicate with each other. If we need a couple more, we usually come up with names starting with C and D, usually Carol and Dan. But we have bad guys too. First up is Eve, the evil eavesdropper that has figured out a way to make copies of anything Alice and Bob send to each other without Alice or Bob's knowledge. Eve is bad enough but the malicious actor Mallory is even worse. He can alter or even fabricate from scratch messages that Bob receives that are sensibly from Alice. There are many more players in the crypto world's cast of characters and we'll encounter several of them as our studies progress. Getting back to more crypto jargon, when Alice sends Bob a message, she assumes that Eve is going to get a copy of it. So, she takes the actual message, known as the plaintext, and encrypts it to create the ciphertext. The means of doing this is generally referred to as her encryption algorithm. She then transmits the ciphertext to Bob who then decrypts it using his decryption algorithm in order to recover the plaintext from the ciphertext. So, what are some of the bad things the bad guys can do? What is our threat model? Let's say that Alice sends Bob the message, attack at dawn. If Eve gets a copy of the message and comprehends it, her forces can be forewarned and prepared for the assault. But what if Mal intercepts the message, changes it to attack at noon? Then sends it on to Bob. The result is it Alice commences her attack at dawn, but Bob is not there to support her and hence her army is defeated. Likewise, when Bob attacks at noon, he can't get the support he needs from Alice's already defeated forces and hence, he too is vanquished. Or what if Mal pretends to be Alice and sends Bob a message telling him to be at a certain place at a certain time so that Mal can capture or kill him? This threat model serves to make clear the three major goals of cryptography within the broader field of information security. There are others but we will focus on these big three. Until relatively recently, say the last half century or so, cryptography was largely limited to the goal of confidentiality in which we aim to keep unauthorized readers from comprehending the contents of messages sent between two parties. As cryptography evolved, particularly in the middle part of the 20th century as electronic communication systems became widespread in the post-World War II era, two other aspects of information security received increasing attention. Message integrity involves ensuring that the message received has not been altered or at least detecting the fact that it has. Message authenticity involves verifying that the message actually originated from the source that it claims to be from. Modern cryptographic algorithms are capable of attaining all three of these security goals when properly used. That is, when Bob receives a message from Alice, he can be confident that no one else is capable of reading it, that the message he recovers from it is a perfect copy of the message that was sent, and that the only person in the world that could have sent it was, in fact, Alice. This is an extremely powerful capability. In fact, things that we take for granted every day such as online shopping and banking, would not be possible without it. These cryptographic algorithms form the basis of the protocols used whenever someone accesses a secure website which is one whose URL starts with https. Because the integrity and authenticity goals are relatively recent additions, our current little historical foray isn't going to touch on them further. Of course, the whole exercise of encrypting and decrypting messages is pointless on something unless something prevents Eve from doing the exact same thing that Bob does to recover the plaintext from the ciphertext. Thus, the biggest cryptographical hurdle is to develop algorithms and procedures that make it hard for you to do just that. The only way to accomplish this is to ensure that Bob has access to information that Eve does not. The minimum amount of information that Bob has to have but that has to be kept secret from Eve is known as the message key and that anyone that has it can unlock the ciphertext to get at the underlying plaintext. Properly identifying and safeguarding the key is critical to achieving our information security goals. But this can be a bit trickier than we might think at first. As with most human endeavors, cryptography began from very simple origins using very crude methods. To fully appreciate its beginning, it's necessary to appreciate the context in which it was first used. First off, languages tended to be very local and people separated by even comparatively short distances, perhaps only tens of kilometers, could not communicate with each other. As a result, it was usually adequate to send even important messages by simply telling the message to a messenger, and then having the messenger travel to the recipient and recite the message. This was almost certainly commonly done long before the invention of writing itself. If the messenger was captured, the message was safe as long as none of the captors spoke the same language as the messenger. For the cryptosystem just described, what is the algorithm? The algorithm was explicitly given. First, we tell the message to a messenger. Second, we have them travel to the recipient. And third, we have them recite the message. What is the key? Remember that the key is the information that Bob, the recipient, must have that Eve, the captors, must not. The key is the language spoken by the messenger. It might seem unbelievable that such a system could possibly provide any security. But in fact, the United States used the same system very effectively beginning in World War I and ending shortly after the start of the Vietnam War when it used Native American radio operators to transmit messages in their native tongue. The best known examples were the Navajo Code Talkers used in the Pacific theater. The Navajo language is extremely complex, difficult to learn, unwritten in that it has no alphabet or symbols associated with it, and at that time, it was estimated that fewer than 30 non-Navajo people in the world spoke it, and none of them were Japanese. In fact, the Japanese never broke this code. Going back to the ancient times, relying on potential captors not being able to speak the language of the messenger, probably proved a pretty risky approach fairly quickly. So, a second approach, almost as simple, evolved once writing was invented. Write the message down and have the messenger deliver it. What is the key in this case? It's the written language. This was probably effective for a long time because literacy rates, even among the leaders of a society, were near zero for most of human history. If a message was captured by an opposing army, it was very unlikely that anyone in that army, even the commander, could read or write. Of course, you would also make sure that your messenger was illiterate to prevent them from being coerced into simply reading the message they carried. As societies continue to evolve and grow, this change, until most educated people, still small fraction of the population, could read and write as well as communicate in many of the languages used by nearby societies. At this point, more thought had to be put into how to safeguard secret messages. One account from about 500 B.C. tells of Histiaeus shaving the head of a messenger and tattooing the message on the person's head. And no, that's not my head. After their hair had grown in enough to hide the message, which proves it's not mine, the messenger then made his way to Aristagorus of Miletus and told him to shave his head and read the message. This is actually an example of steganography, the hiding of a message in plain sight more than it is cryptography. But the two are related. Today, this seems humorously absurd. But we live in a world in which people routinely travel to the furthest reaches of the globe in less than a day, and exchange information with people in even the most remote locations in real time. So, it can be hard for us to appreciate that this was at a time when few people ever traveled more than 50 kilometers from where they were born and then the courier generally could only make 50 to a couple of hundred kilometers in a day over the best ground, in over rough and broken terrain, might be lucky to manage 10. Despite this, diplomacy and wars were still carried out over distances of thousands of kilometers requiring weeks and even months of travel each way. The techniques described thus far were largely ad hoc, meaning that they were thought up by the sender without requiring much, if any, previous coordination with the recipient. Even so, they've let us dip our toes into the cryptographic waters to get a feel of what cryptography is and what its goals are. We've also become familiar with many of the key terms in jargon that are used in its study, that we'll need lots more. Eventually, of course, people began putting more thought into how they could systematically relay secret messages and also how they could crack those systems. The early evolution of both will be the focus of our next lesson.
