Encryption is the process of converting information or data into a code, primarily to prevent unauthorized access. Using encryption, information (plain text) is transformed into encrypted data (ciphertext). Only with the right key and decryption method can the original information be revealed. The science of Encryption and Decryption is called Cryptography.
<aside> 💡
Encryption is a foundational principle for building trust in digital technologies. It underpins the security of all systems and is a prerequisite for ensuring privacy.
</aside>
The history of encryption dates back to ancient times when it was mostly used to keep military communication confidential. The earliest known examples of encryption come from Ancient Egypt, and its use continued throughout the Greek and Roman eras.
Encryption is a very old practice of humans to hide messages.
The Caesar cipher is one of the most well-known encryption methods, historically used by the Roman dictator Julius Caesar. These early forms of encryption can be broken by simple brute force and frequency attacks, some of which date back to 800 AD by Arab mathematician al-Kindi.
During the Second World War, the Nazis used an encryption device called Enigma to protect their military communication. In a secret operation the Allies managed to break the Nazi encryption at Bletchley Park in the United Kingdom, with crucial help from Polish and French cryptographers. The British mathematician Alan Turing is credited with enabling this breakthrough. He is often seen as the godfather of modern computational science. Historians attribute the breaking of Enigma for significantly shortening the second world war and thereby saving millions of lives. Alan Turing got no recognition for this work during his lifetime. In 1952, his homosexuality led to a conviction by the British government, resulting in chemical castration. He subsequently took his own life. It wasn't until 2013 that he was posthumously pardoned by Queen Elizabeth II.
Modern forms of encryption distinguish between the methods of encryption and decryption and the keys used to carry them out. Knowing the method doesn’t compromise the encryption because only the keys need to be protected. This also allows for scientific scrutiny and peer review of encryption methods. A cryptographic method kept secret should not be considered secure, as only an independent review by the expert community can establish whether an encryption method is trustworthy.
Today’s digital systems rely largely on asymmetric encryption. In this method there is not one key to encrypt and decrypt, but rather a pair of keys that hold a mathematical relationship with each other. When a message is encrypted with one key, it can be decrypted with the other key. This allows secure communication between two parties by sharing one key and keeping the other key confidential.
https://www.youtube.com/watch?v=AQDCe585Lnc&t=78s
Modern computers use asymmetric encryption (also called public-private key encryption) every day. All secure connections over the internet, every database, financial transaction, secure message and in general every bit of information that is certified to be authentic - they all rely on asymmetric encryption.
<aside> 📌
Math doesn’t bend to state power. All encryption is based on math. That is why we can use encryption to defend against both state and corporate power.
</aside>
Asymmetric cryptography allows us to build trust in the digital world. It can be used to sign any piece of data with the private key of an entity so that another party can verify its authenticity with the public key of that entity. This allows us to ensure that the data is authentic and correct, meaning it comes exactly as it is from the source that signed it.
This process can also be used to establish a hierarchy of trust. If we agree to trust a root certificate authority, we can establish whether we also trust other entities based on certificates that they can show us which are signed by this root of trust. You can imagine this system as a pyramid where the root of trust sits on top and an increasing number of entities below it that are all trusted because they have a certificate from the root of trust. Each element in this hierarchy has a public key and a certificate that is signed with the private key above it. Thereby allowing us to verify each entity has a valid certificate that can be traced back to the root of trust. We call such systems public key infrastructures (PKI). For example, the World Wide Web uses this system to secure connections to websites.
https://www.youtube.com/watch?v=6NuM0dqYKso
Every DPI use a similar process to establish trust. Often the government acts as a root certificate authority to establish that one person’s digital identity is authentic and correct. Universities might sign the certificates to verify that a person has a degree from them. In the European Union, the eIDAS system is based on a federated system where the European Commission is a common root of trust, but then EU member states act as intermediary certificate authorities managing the trust in their national domains.