How Cryptography Works: From Caesar Cipher to RSA

The Ancient Art and Modern Science of Secret Writing

Every time you open a bank app, buy something online, or send a private message, cryptography is silently protecting your information. It encrypts your data so that only the intended recipient can read it, authenticates the servers you communicate with, and ensures that the information has not been tampered with in transit. Cryptography, the science of secure communication in the presence of adversaries, has evolved from Julius Caesar's simple letter substitutions to mathematical structures so complex that the most powerful computers on Earth cannot break them in any practical timeframe.

The history of cryptography is simultaneously a history of mathematics, of warfare, of computation, and of the perpetual arms race between those who want to protect information and those who want to intercept it. Understanding this history illuminates not only how modern encryption works but why the mathematics underlying it provides such robust guarantees of security.

Classical Ciphers: Substitution and Transposition

The Caesar cipher, one of the simplest and oldest known encryption techniques, works by shifting each letter of the alphabet by a fixed number of positions. Caesar reportedly used a shift of three, so A becomes D, B becomes E, and so on. The message ATTACK AT DAWN becomes DWWDFN DW GDZQ. Decryption is trivial for anyone who knows the shift value; the entire key space consists of only 25 possibilities, easily tried by hand.

More sophisticated classical ciphers used polyalphabetic substitution, the Vigenere cipher being the most famous. A keyword determines which of several different alphabets to use for each letter in the plaintext, making the cipher harder to break by simple frequency analysis since the same plaintext letter maps to different ciphertext letters in different positions. For centuries the Vigenere cipher was considered unbreakable, until Charles Babbage and Friedrich Kasiski independently devised methods for determining the keyword length and then breaking each component alphabet separately using frequency analysis.

The lesson from classical cryptanalysis is general: security through obscurity is fragile. Once an attacker understands the general method, the only protection is the key. Modern cryptography formalizes this as Kerckhoffs's principle: a cryptographic system should be secure even if everything about the system except the key is public knowledge.

The Enigma Machine and World War II

The electromechanical Enigma machine used by Nazi Germany represented a major step toward modern cryptography. It used rotating wheels (rotors) to implement a polyalphabetic substitution that changed with every keystroke, producing a cipher whose key space was so large that brute-force searching was completely impractical with any technology of the era. The number of possible Enigma configurations exceeded 10 to the power of 23.

The Allied cryptanalysts at Bletchley Park, including Alan Turing, broke Enigma not by brute force but by exploiting structural weaknesses in how the machine was used. Operators sending stereotyped messages, machine design constraints that prevented any letter from encrypting to itself, and captured codebooks all contributed to a cryptanalytic success that historians believe shortened the war by at least two years. Turing's conceptual work on computation and on breaking Enigma established many of the foundational ideas of computer science and cryptanalysis that persist to this day.

Symmetric Key Cryptography and the Key Distribution Problem

All classical ciphers are examples of symmetric key cryptography: the same key is used for both encryption and decryption. This creates a fundamental problem for secure communication at scale: how do two parties securely exchange the key if they have no pre-established secure channel? If you want to communicate securely with someone you have never met, how do you agree on a shared secret without an eavesdropper learning it?

The modern era of symmetric cryptography is dominated by the Advanced Encryption Standard (AES), adopted by the US government in 2001 and now used virtually everywhere: disk encryption, VPNs, TLS (the protocol securing HTTPS), and countless other applications. AES uses key lengths of 128, 192, or 256 bits and applies a series of mathematical transformations (substitution, permutation, mixing) to plaintext blocks. It is considered practically unbreakable by brute force: exhausting all 2 to the power of 256 possible keys would take longer than the current age of the universe even with all the computing power on Earth.

Public Key Cryptography and the Revolution

The key distribution problem was solved conceptually in 1976 by Whitfield Diffie and Martin Hellman, and independently by Ralph Merkle, with the invention of public key cryptography. The fundamental insight is that it is possible to create a pair of mathematically linked keys: a public key that anyone can know, and a private key that only the owner knows. Something encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. This means anyone can send you a secret message using your public key, but only you can read it with your private key.

The Diffie-Hellman key exchange protocol, the first practical implementation of this idea, allows two parties to establish a shared secret over an insecure channel by combining public and private values in a way that an eavesdropper cannot reconstruct. The security relies on the apparent hardness of the discrete logarithm problem: given the public values, computing the private key requires solving a mathematical problem for which no efficient algorithm is known for large enough parameters.

RSA: The Mathematics of Public Key Encryption

RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, who published it in 1977, is the most widely deployed public key cryptosystem in history. Its security relies on the apparent computational difficulty of factoring the product of two large prime numbers.

The key generation process works as follows: choose two large prime numbers p and q (typically hundreds of digits long). Compute their product n, which is public. Compute the totient phi(n) equal to (p-1)(q-1), which is kept secret. Choose a public exponent e and compute a private exponent d such that e times d equals 1 modulo phi(n). The public key is the pair (n, e) and the private key is d.

To encrypt a message m, compute the ciphertext c equal to m raised to the e, modulo n. To decrypt, compute m equal to c raised to the d, modulo n. The mathematics of modular arithmetic ensures that this round-trip recovers the original message. The security rests on the fact that computing d from the public key (n, e) requires knowing phi(n), which requires factoring n, which is computationally infeasible for n that is 2048 bits or longer with currently known algorithms on classical computers. Note that Shor's quantum algorithm could factor such numbers efficiently, which is why post-quantum cryptography research is a major priority.

Modern Cryptography and HTTPS

The TLS (Transport Layer Security) protocol that underpins HTTPS combines multiple cryptographic primitives: public key cryptography for initial key exchange and authentication, symmetric cryptography for bulk data encryption, and cryptographic hash functions for message integrity. When you connect to a website over HTTPS, the following happens in simplified form: your browser and the server perform a TLS handshake, using the server's RSA or elliptic curve certificate to authenticate the server's identity. They then perform a key exchange to establish a shared symmetric key, used for the remainder of the session, with AES encrypting all traffic and a hash-based message authentication code verifying integrity.

Elliptic curve cryptography (ECC) has largely replaced RSA in new deployments because it provides equivalent security with much shorter keys, improving performance. An ECC key of 256 bits provides roughly the same security as an RSA key of 3072 bits. The discrete logarithm problem on elliptic curves is believed to be harder than integer factorization, though this is another unproven assumption.

The Future: Post-Quantum Cryptography

The development of practical large-scale quantum computers would break RSA, Diffie-Hellman, and elliptic curve cryptography through Shor's algorithm. In anticipation, the US National Institute of Standards and Technology (NIST) ran a multi-year competition to standardize post-quantum cryptographic algorithms, concluding with the selection of several lattice-based and hash-based schemes in 2022 and 2024. These algorithms are believed to resist attack by both classical and quantum computers, though their long-term security is not yet tested by decades of cryptanalytic attention the way RSA has been. The transition to post-quantum cryptography is a major ongoing effort in technology and government security.

Conclusion

Cryptography has evolved from Caesar's simple alphabet shifts to mathematical structures that protect trillions of dollars of online commerce and billions of private communications every day. The journey from classical ciphers through Enigma to RSA and modern TLS reflects both humanity's perpetual ingenuity in protecting secrets and the endless resourcefulness of those who seek to break them. As quantum computing advances and new threats emerge, cryptography will continue to be reinvented, driven by the same fundamental tension that has animated the field for millennia: the contest between the lock and the lockpicker.