Due to the recent rise in ransomware attacks, encryption has become an important issue. The history of the encoding information began about 4,000 years ago. Egyptian scribes used special hieroglyphs to encode grail inscriptions. News – be it war or simple love letters – were written in such a way that an unintended reader could not grasp the meaning.
One of the simplest methods is moving characters in the ABC alphabet. For the key “3,” the letter “D” replaces the value “A.” Using this method “HELP” becomes “KHOS.” The recipient, who also has the key “3,” counts three digits backwards in the alphabet and gets the plain text. Anyone who now thinks this is childish stuff from kindergarten books is deceiving themselves. The Roman general Gaius Julius Caesar encrypted 2,000 years ago messages to the commanders of his troops.
In the first and second world war, the German military also strongly depended on the encryption of their orders. In addition to replacing one character with another character (substitution), the arrangement of the characters has also been interchanged (transposed), for which a further key was required. This procedure, which was customary in the First World War, was quickly cracked. The Allies had excellent cryptanalysts who were able to convert encrypted information into legible text. As a result, mechanical processes were developed and rotor cipher machines were built with different substitutions being possible for each letter. The best-known of these machines was the Enigma machine used in the Second World War, which was considered uncrackable. However, it did not take long for the enemy to decode the encryption.
The previously mentioned methods use the same key for encryption and decryption, which is why these methods are called symmetric cryptography. In the case of asymmetric cryptography, which has existed for several decades, a completely different key (private key) is used for decryption than for encryption (public key). The secure network transmission paths “https” and “SSH” use these methods.
Even today, not only do mathematicians and cryptologists try to find new ways to “crack” encrypted documents, but so do hackers and criminals. They often find weaknesses in the encryption algorithm that enable them to mathematically generate the necessary private key and to finally read the information in plain text.
The other method, as in earlier times, is testing all possible keys. This happens today with the help of computers which can calculate hundreds of billions of keys per second. This “brutal” method is called a “brute-force attack.” With the encryption method of Julius Caesar, for example, a person can quickly test and determine which key was used. The simple approach: the letter “E” is statistically used most frequently, at least in German and English texts, so it’s assumed that the exchanged letter should also occur most frequently in the encrypted text. For longer keys, the required time naturally increases, so computers are used for testing various possibilities by means of the brute-force attack method and calculation.
In general, the longer the key the more difficult the decoding. The key length is measured in bits. The symmetric encryption algorithm, Data Encryption Standard (DES), which was considered not crackable until the end of the last millennium, used a 56-bit key, which means in order to crack it with the brute-force attack method, 2 56 (= 72,057,594,037,927,936) keys must be tried. In 1998, the “Deep Crack” computer, worth $250,000, successfully cracked a 56-bit key for the first time in 56 hours. In 2006, the German universities of Bochum and Kiel managed to build a computer that cost only $10,000, named COPACOBANA and was able to crack 56-bit keys in just 6 ½ days.
The successor to the DES encryption method is the Advanced Encryption Standard (AES) in versions AES-128, AES-192 and AES-256, where the numbers refer to the key length. AES-192 and AES-256 are approved in the US for state documents with the highest secrecy level and are currently not considered to be decrypted, however, this will not always be the case. In all encyryption generated by computers, a mathematical decryption solution can be found – at least theoretically. And with the brute-force attack method, it’s only a question of the computing speed of the computer(s) used until one finally succeeds. In the case of AES, you need a supercomputer, which would cost several billion dollars. The estimated time to build the machine would take several decades.
There are, of course, a lot of other encryption methods currently used, but the methods used to crack the keys are the same: As long as there are no wanted or unintended backdoors or errors in the programming of the encryption and a mathematical solution has not been found, “violence” (brute-force attack) must be used.
The National Security Agency (NSA), which is the world leader in deciphering, is handling this problem pragmatically: If there is no way to decrypt the databases, a supercomputer is used for the brute-force attack. If, however, it’s clear that this does not work, the issue is put on hold until the technology advances to a point where decryption is feasible within a reasonable financial and temporal framework.
The next step in decryption will be utilizing the quantum computer, at least that’s what the intelligence community is sure about. Then – with the available computing power and speed – the decryption of documents becomes child’s play.