- Tue
- Jul 29, 2014
- Updated: 9:00pm

# Cracks in the code: Encryption may be flimsy armour

You're putting in your credit card details to make an online purchase. As you type in your card number, you feel slightly uneasy about sending it into cyberspace.

How often have you wondered whether your personal information is really safe from cyber-theft despite assurances that it is a 'secured connection' and your transaction is 'verified' by so-and-so? To put it in nerdy terms, has your information been encrypted effectively so it will not be understood even if a hacker gains access to it?

Encryption is the science of codifying a message so it will be unintelligible without the code, which usually comprises an algorithm and a key. Only the message's intended recipient, who has been given the algorithm and key, can decipher it.

For its modern mathematical incarnation, we must thank the brilliant British mathematician Alan Turing, whose 100th birthday was commemorated on June 23.

However, encryption is not a new science. One of the earliest recorded encryptions was used by Julius Caesar while he was waging the Gallic Wars (58 to 51BC) across Europe. To communicate with his supporters in Rome, he used a rudimentary encryption that came to be known as the 'Caesar cipher'.

He simply substituted one letter for another a certain number of places down the alphabet. For example, the letter A in the original text would become D in the encrypted text. Hence 'crossing the Rubicon' would become 'furvvlqj wkh uxelfrq'.

The algorithm is the shifting of the letters and the key is four. The Roman general's supporters were given the algorithm and key so that they could decipher the message.

If you intercept the encrypted text but do not have the algorithm and key, how do you decipher it? Once there are codemakers, codebreakers can't be far behind.

Around the 9th century, the Arab mathematician Al-Kindi used frequency analysis to decipher text that had been encrypted with the Caesar cipher. He noticed that in any alphabet-based language, there was a pattern in the frequency of each letter's appearance in a text.

So he analysed how frequently a letter occurred in an encrypted text to reveal which letters had been replaced by which others, unravelling the algorithm and key.

Over the ensuing centuries, codebreakers developed methods based on frequency analysis to decipher many variations of the Caesar cipher.

Decoding encrypted messages has changed the course of history.

One example is the United States' decision to enter the first world war against Germany. This decision was triggered not by the sinking of the British ocean liner Lusitania in 1915, as is widely believed, but by the deciphering of an encrypted telegram sent in 1917 by then German foreign minister Arthur Zimmermann to his ambassador in Mexico.

The Zimmermann telegram proposed an alliance with Mexico to attack the US. After the letter's content was made public, American public opinion swung in favour of joining the war.

The most famous battle between codemaker and codebreaker was undoubtedly Turing's cracking of Germany's 'Enigma' code - produced by a machine that used a complex system of daily keys - during the second world war.

Turing deciphered intercepted messages with the aid of primitive computers, finding the algorithm and key among more than 159,000 quadrillion possibilities. That breakthrough gave Allied forces advance information about German military movements.

New advances in computer technology enabling the creation of highly complex encryption algorithms would appear to give the upper hand to codemakers.

On the other hand, the ever-increasing speed of computers - allowing them to examine many patterns, and perform calculations to identify algorithms and keys - make any encryption vulnerable to codebreaking.

From the Caesar cipher to the Enigma code, the basic encryption and deciphering process remained the same: a secret key is used to encode a message by changing its pattern, and the same key is used to recover the initial pattern.

The Caesar cipher's key was created manually by substituting letters, while the Enigma code's key was generated mechanically via settings in a machine. But as Turing demonstrated, this type of key is decipherable.

Since Turing's time, cryptologists have developed encryption methods based on the paradoxical concept of a 'public key', one that is known to everyone. The sender and recipient of the encrypted data each has a public key and they extract information from the public key to encrypt and decipher text. This process is extremely difficult to replicate even by a hacker who has full knowledge of their public keys.

A simple example is the encryption method using prime numbers based on the public-key concept. A prime number can only be divided by itself and 1 - such as 2, 3, 5 and 113. It is easy to multiply two prime numbers but difficult to do the reverse when the numbers are large - that is, figure out the two original prime numbers based on the figure that resulted from multiplying them.

If the sender and recipient generate a public key that is the product of two large prime numbers, only they will know what the two original prime numbers are, so they can use that to encrypt and decipher information.

How long it takes to deconstruct a large prime number into its two prime numbers depends on the size of the number and the power of the computer. From a prime number that is 130 digits long, a typical desktop computer would take roughly 50 years to extract the two prime numbers.

For extra security, such as in banking applications, the public key is typically more than 300 digits long, making it virtually impossible to extract the two prime numbers.

So back to our earlier concern: can you rest easy while transmitting personal information over the internet, confident that it's securely encrypted and impenetrable to hackers? Probably not.

Encryption is a relentless cat-and-mouse game in which the ingenuity of the codemaker is matched by the dogged determination of the codebreaker. It is an intellectual arms race with ammunition supplied by mathematicians, statisticians, computer scientists, linguists and psychologists.

History shows that, sooner or later, the encryption will be cracked, prompting mathematicians and engineers to devise the next generation of 'unbreakable' codes. The cycle repeats, and the spirit of Alan Turing lives on.

Tom Yam is a Hong Kong-based management consultant with a doctorate in electrical engineering and an MBA from the Wharton School of the University of Pennsylvania. He has worked at AT&T, Ernst & Young and IBM

## Related topics

For unlimited access to:

Existing subscribers, login here