From Alan Turing’s breakthrough in computing mathematics, we Tardis to the 1970s when the next great advancements were made.
This decade – during which the first of Generation X children were born – cryptography’s centre of gravity shifted from mechanical rotors and the hard lessons of WWII, to number theory and algebra amplified by silicon’s relentless gains.
This cohort would become the ‘bridge generation’ that transitioned the world from analogue to digital: the first to have PCs in homes and schools during their youth, pioneers of the technology that defines the modern world.
But we can’t muse on these middle-aged people, because first there is the question of securing those nascent PCs. Early network break-ins, growing databases and political scandals made one fact hard to ignore: information was becoming valuable, and vulnerable.
And so, we needed to lock down our desktop machines.
Modern mass-market cryptography began with the Data Encryption Standard (DES) in 1977. Built on IBM’s earlier Lucifer project – the first widely recognised civilian block cipher – DES scrambled data in much the way one would metaphorically put a message through a mathematical blender 16 times. It proved strong encryption could be standardised and deployed widely.
Encryption should be open, publicly tested and built on strong mathematics – a public good, not a secret weapon.
But silicon turned the tables. ‘Deep Crack’, a custom-built 1998 machine, broke DES by brute force. The fatal flaw wasn’t the design; DES’s 56-bit encryption simply couldn’t keep pace with faster hardware.
A twist: when differential cryptanalysis went public around 1990, it emerged DES’s designers had quietly built in resistance to it decades earlier. Ahead of their time – just not on key length.
Secret whispers
Another breakthrough in 1976 was key exchange. Though mathematically sophisticated, it solved a simple problem: two strangers can agree on a shared secret over a public network.
Its elegance lies in its simplicity – no John Forbes Nash covering windows in equations required. Alice picks a private number and uses it to generate a related public number, which she sends to Bob. Bob does the same.
Using their own private numbers and the other’s public number, both computers independently arrive at the same shared secret. The secret is never transmitted. Security rests on the fact that reversing the maths is extremely difficult with sufficiently large values – and it proved that encryption could be published openly and remain secure, because the strength lies in hard mathematics, not secrecy.
(As an aside, do watch “A Beautiful Mind”.)
Then RSA, 1977, made public-key cryptography practical for both secure messages and digital signatures. One public key, shared with everyone. One private key, kept secret. A message encrypted with the public key can only be unlocked with the matching private key. Its security depends on how hard it is to factor very large numbers.
But then it became political. During the 1990s “Crypto Wars”, governments tried to restrict strong encryption exports, but lost: the code was deemed speech, protected under the First Amendment. As security improved, though, so did the ability to crack it, and old key sizes became breakable.
The worldwide search
This takes us to AES – Advanced Encryption Standard – developed between 1997 and 2001. Just as the internet was exploding, the National Institute of Standards and Technology ran a global competition for the next level of security, and AES emerged victorious.
It scrambles data through 10 to 14 repeated processes that mix and substitute bits in a way computers handle very efficiently. Fast, heavily tested, straightforward to implement – it became, and still is, the default encryption method in modern systems.
Then came Elliptic Curve Cryptography (ECC), emerging from the mid-1980s, offering something the mobile era desperately needed: strong security with smaller keys. Instead of RSA’s very large numbers – 256-bit vs 3 072-bit – it relies on different maths that’s extremely hard to reverse, achieving equivalent security far more efficiently.
Faster, leaner, ideal for phones, apps and high-traffic websites.
Keeping up with the Joneses
Ahead of the 2000s, old technology was resurrected and reinvented. Triple DES kept the older system alive by running it three times, boosting security. In 1994, Netscape introduced SSL, giving the web a way to encrypt connections – combining key exchange, identity checks and data protection, laying the foundation for HTTPS and online commerce.
That same year, Peter Shor showed that a powerful quantum computer could one day break systems like RSA and key exchange. Not an immediate threat, but a warning.
What lasted was a mindset: encryption should be open, publicly tested and built on strong mathematics – a public good, not a secret weapon.
Share
