The History of Cryptography and Modern Encryption
Table of Contents
- History of Cryptography
- Principles of Frequency Analysis of English Text and the Design of the “Enigma” Machine
- The Evolution of Encryption: From Cracking the “Enigma” to Internet Security
- How Encryption, Public and Private Keys
- How Quantum Computers Work, Post-Quantum Encryption, and Social Engineering
History of Cryptography
Mobile carriers know which website or video service a user has accessed—for example, YouTube, Instagram, or TikTok. But they have absolutely no idea which specific video is playing or what is being said in it. Only the video service itself knows this, since traffic between the video service and the user is encrypted by default.
There are forty-three quintillion different ways to solve a Rubik’s Cube. That’s the exact number. But to put it back together, you need instructions. Ciphers work in much the same way, only many times more complex. They scramble bits of information, just like a Rubik’s Cube. To restore them, you need a special encryption key—that is, instructions.
If you keep turning a Rubik’s Cube long enough, you can solve it even by chance. But to find the key to a modern cipher, you’d have to try over six hundred times more combinations than there are for a Rubik’s Cube. That’s so many that even if every computer in the world were used to try them all, the entire lifetime of the universe wouldn’t be enough.
A modern phone contains hundreds of thousands of such keys. Some encrypt the memory so that no one can access your photos or notes; others encrypt internet traffic; and still others encrypt chat messages. When you open a food delivery app, an encryption key is exchanged with it. Now, no outsider can find out the details of your order. When making a call via Telegram, four emojis appear at the bottom of the screen. This is also an encryption key, only abbreviated to four graphic symbols (for example, a whale, the Japanese flag, a dog, and a unicorn).
If you visit a website whose address begins with https, encryption starts working immediately. Nowadays, almost all websites have this prefix. Older websites start with http. This means there is no encryption, and anyone who connects to the router can see the user’s actions.
Nowadays, search engines like Yahoo and Google prevent websites without encryption from appearing high in search results.
Almost all encryption systems in the world use the same key exchange algorithm. It’s used not only by ordinary users but also by nearly all major banks, intelligence agencies, and governments. It’s like buying a batch of identical locks, hanging them all over the world, and hoping that no one will pick them with a pair of wrenches.
There is a special code for quantum computers called Shor’s algorithm. It is designed to solve just one problem: cracking the very same key exchange algorithm that everyone on the internet currently uses. A quantum computer is, in essence, the wrench that unlocks all the locks on the internet.
The power of quantum computers is measured in qubits. Mathematicians have already calculated the minimum number of qubits required to break all ciphers. This requires 1,154 qubits. The most powerful quantum computer to date contains 6,100 qubits. That is five times more than what is needed to break the ciphers.
In the 16th century, Mary Stuart, Queen of Scotland, fled to England and organized an assassination attempt on the English queen. The police had all of Mary’s letters, complete with dates, names, and details—essentially, her personal confessions. Her accomplices had already testified, and she had no lawyer. However, the text of the letters was not written in English or any existing language using characters. It was the best cipher of that time. The police had no other evidence, so without deciphering the letters, it was impossible to prove her guilt, and Mary could have walked free from the courtroom and ascended the English throne, since she was the Queen of England’s cousin and, according to the Church, she was the one who should have ruled. The cipher was successfully cracked because it was complex only by 16th-century standards, when only one in three people could read. Today, experts would immediately recognize it as a common substitution cipher.
This is because certain letters of the alphabet are replaced with others. This simple and convenient idea formed the basis of modern encryption. In the English alphabet, the first letter, “A,” can be replaced with any other letter or left as is—there are only 26 possibilities. If you replace it with “N,” there are 25 remaining options for the second letter, since “N” is already taken. If you replace the second letter with “D,” there are 24 options left for the third letter—for example, “Z.” In this way, the entire alphabet is traversed and all letters are replaced. The number of possible variations of such a cipher is calculated as the product 26x25x24x23, that is, the mathematical factorial 26. This number is a million times greater than the total number of all bacteria.
Principles of Frequency Analysis of English Text and the Design of the “Enigma” Machine
Letters in a text can be replaced with letters from another alphabet or even with letters from a fictional language. One example is the enchantment table in the game Minecraft: it uses a substitution cipher in which Latin letters have been replaced with alien symbols from the game Commander Keen. In reality, simple phrases in English are encoded there: for example, “each spell costs experience” or “you play well on the internet.” Deciphering this made-up text isn’t all that difficult, since certain symbols will appear more frequently than others, and in this way they’ll reveal the whole secret.
The letter “Z” appears less frequently in English texts than any other. It’s followed by the letters “Q” and “X,” which are almost always used only in specific or borrowed words. Conversely, the most common letters are vowels and certain consonants like “T,” “A,” or “I.” The clear leader is the letter “E”: nearly 12 percent of English texts consist solely of this letter. Knowing these statistics allows you to decrypt a simple substitution cipher.
If you take an encrypted text that looks like a jumble of letters and replace the most frequent letter with “E,” the second most frequent with “T,” the third with “A,” and so on all the way to “Z,” you can reveal the original message. If the meaning of some words is distorted during decryption, simply swap letters with similar frequencies (for example, “T” and “A”), and the cipher will be fully deciphered. The longer the text, the easier it is to find such patterns in it.
Mary Stuart encrypted all her letters using the same cipher, which gave the English intelligence services a clue. However, when the intelligence services substituted the most frequent characters in the letter with the most frequent letters of the English alphabet, the result was an unreadable jumble of characters, and none of them matched. Mary knew how substitution ciphers were cracked and used special techniques. Her cipher contained filler symbols that meant nothing and were added solely to confuse code breakers. At the same time, each real letter had four different symbols assigned to it. In addition, separate symbols were used for frequently used syllables, words, and entire phrases, such as “Pope” or “King of France.” The symbols for the months were deliberately drawn in such a way as to be confused with the filler symbols. Because of all this, it took a long time to crack the cipher, but in the end, the intelligence services managed to break it. After cracking the code, they did not immediately arrest everyone involved but began corresponding with them: they would take a real letter and, using the same cipher, add a couple of questions on Maria’s behalf—for example, asking for the names of everyone who would be helping with the conspiracy. The conspirators answered honestly and gave themselves away. Afterward, the conspirators were executed and quartered, while Maria herself was beheaded; her belongings were then burned so they would not become objects of worship.
Despite the vulnerability of substitution ciphers, they formed the basis of modern encryption. In the twentieth century, military and intelligence agencies around the world began using them, adding an important twist to the technology. For thousands of years, people had been passing military messages from hand to hand via couriers—dating back to ancient times, when a messenger ran the distance from Marathon to Athens to report the victory. Even with the advent of the telegraph and radio, couriers did not disappear, as wires were constantly breaking and radio signals were easily intercepted. Messages transmitted via radio had to be reliably encrypted. Since a simple substitution cipher can be cracked by counting the frequency of symbols and comparing it to the frequency of letters in a language, the pattern must be obscured to ensure security. To achieve this, the cipher must be changed as often as possible: in every new message, sentence, word, or, ideally, in every letter. Changing every letter by hand was extremely difficult, so in the twentieth century, encryption was performed not by people but by special machines.
One such machine was the “Enigma.” This cipher machine enabled the German army to wage a blitzkrieg—a lightning war. The military would launch rapid attacks, break through defenses, occupy territory, and advance further: for example, France held its defenses for four years during World War I, but for only a month and a half during World War II. As soon as weaknesses in the defenses were detected, the army did not wait hours or days for orders from headquarters but struck immediately. Thanks to radio communications and the “Enigma” cipher, coordination took place in a matter of hours. Smaller countries were captured even faster: the Netherlands in five days, Luxembourg in one day, and Denmark in six hours.
Anyone could intercept the radio signals, but it was impossible to decipher what was contained within them because of the encryption. Despite its engineering complexity, all the “Enigma” does is substitute one letter for another. When the “B” key is pressed, the “E” light comes on. When “E” is pressed, the “O” light comes on. Even if you press the “O” key several times in a row, a different light will come on each time. All the mechanism’s workings take place inside the machine’s casing: each key is connected to its own light via a wire, but along the way, this wire passes through three rotors. Each of these rotors substitutes one letter for another depending on its angle of rotation. After each keystroke, the rotors rotate, rearranging the wires and completely changing the cipher for the next character. This is precisely why pressing the same key causes different lights to illuminate each time. In addition, the front of the “Enigma” features a switch panel where specific letters can be manually swapped, allowing for further encryption of messages. All these mechanisms together provide a vast number of encryption variations, and each letter of the text ends up being encrypted with its own unique substitution cipher.
In actual combat conditions, the machine was operated as follows: one operator typed the text of the order on the keyboard, while a second operator standing next to him recorded the letters that lit up on the lamp panel. The recorded encrypted text was then transmitted by radio, and the receiving party decrypted it at the destination. The recipient knew exactly how to decrypt the signal, since they had an identical “Enigma” machine and a special cipher book. These books contained the machine settings for an entire month in advance. Additionally, the ink in the books was water-soluble: if the convoy or radio operators were attacked by the enemy, all secret records could be destroyed instantly with water.
The Evolution of Encryption: From Cracking the “Enigma” to Internet Security
Anyone who intercepted a radio signal without the proper settings or the “Enigma” machine itself would receive nothing but a jumbled set of letters. It was simply impossible to crack it by brute force. The letter-frequency method didn’t work either, since the cipher changed every time a key was pressed. Two things helped crack this machine: German punctuality and plain old corruption. Hans Thilo Schmidt was in charge of all documents related to the “Enigma.” When the Europeans offered him twenty months’ salary—that is, about fifty thousand modern dollars—for the “Enigma” blueprints, he agreed.
The machine was placed at the disposal of intelligence, but the problem of determining the settings remained—there were quintillions of possible combinations, and they changed every day. The seller himself did not know these settings. To solve this, the British, who had cracked the “Enigma,” began searching for clues in the already decrypted messages. This batch of messages—each of which included the ciphertext, the plaintext, and the settings—was handed over by the same Hans in exchange for a bribe. The British studied them and found a second loophole: German punctuality. Every day at exactly six in the morning, the Germans sent out a weather forecast. At that time, the cipher always began with the word “weather” (Wetter in German). If a message was intercepted at six in the morning, it would inevitably start with the word “weather.” In other words, one word per day was already decrypted. This greatly simplified the rest of the process, since now they could simply turn the “Enigma” rotors and flip the switches until the word “weather” appeared. Moreover, you don’t necessarily have to turn the rotors yourself; you can have a computer do it, since once it sees the word “weather,” it will automatically realize that the text has been decrypted.Alt: The “Bomba” computing machine for decrypting the Enigma code.
All these discs simulated the Enigma’s settings. In reality, this computer made a ticking sound, which is why it was nicknamed “Bomba.” The discs cycled through all the machine’s settings one by one until the word “weather” appeared. When the rotation stopped, the cipher was decrypted. After that, British intelligence learned all of the Germans’ plans for the day and knew in advance where and whom they would attack. However, they couldn’t simply repel the attack outright, because then the enemy would realize that the “Enigma” had been cracked and would either stop using it or change its settings. Therefore, the British had to act more cunningly. For example, when they intercepted a plan for a naval attack on a convoy, they deliberately sent a reconnaissance plane there. This created the appearance that the plane had stumbled upon the enemy by chance, rather than that intelligence had intercepted the plans. As a result, five heavy enemy ships were sunk, and Britain lost far fewer lives than other major countries, as the timely information saved lives. At that time, every major power was developing its own ciphers. The Soviet Union, for example, had already improved upon the “Enigma” after the war and developed the “Violet” machine. Instead of three rotors, it had ten, and instead of switches, it used punch cards that further altered the letters. It had $10^{15} times more possible settings, meaning that a computer named “Bomba” simply would not have been able to crack it in time.
The “Fialka” was not phased out until 2010. Its security classification was not lifted until 2021. The British, as well as the Americans and the Japanese, had similar cipher machines. During World War II, the U.S. devised another original system by giving radios to the Native Americans—the Navajo. In essence, the Navajo became living cipher machines. Alt: Navajo radio operators during World War II. Orders were dictated to them in English; they translated them into their native language and relayed them via radio, while at the other end, a fellow Navajo translated everything back into English. The code turned out to be very secure, since no one knew the Navajo language except the Navajo themselves. To turn it into a code, the language had to be modified slightly. The Navajo did not have an alphabet, so one was created from words: “ant” became the letter A, “bear” became B, “cat” became C, and so on. As a result, “Japan” is represented by donkey, ant, pig, ant, and nut. The Native Americans had no words at all for military equipment, so a fighter jet was called a “hummingbird,” a submarine an “iron fish,” bombs “eggs,” and reconnaissance planes “owls.” In nearly thirty years of use, these codes were never cracked.
One of the main classical ciphers is the substitution cipher, in which letters were replaced with others. In the 20th century, electromechanical machines appeared that encrypted each letter using their own substitution cipher. Until then, ciphers were used by the military, the government, and conspirators, but not by ordinary people, who communicated in only two ways: by mail or verbally.
Then the Internet emerged, which operated entirely without encryption in its early years. It soon became clear that anyone who connected to a Wi-Fi router could steal data, so traffic began to be encrypted. Phones and computers use the same encryption principles as the “Enigma.” While the “Enigma” substituted some letters for others, a phone swaps bits of information, since these bits can be used to encode anything: text, images, videos, or photos.
After the introduction of traffic encryption, a new problem arose: how to transmit the encryption key so that no one could intercept it. For example, when conducting a large transaction, the key must remain only with the bank and the customer. The Germans used to pass their cipherbooks in person. If you send the key over the Internet, it will end up in the hands of the entire Internet. If you encrypt the key itself and then send it, you’d then need to somehow transmit the key generated by that new cipher, which creates a vicious cycle.
Scientists spent decades and devised a scheme that allows participants to agree on a key with maximum secrecy. Even if someone eavesdrops on two people discussing this key, they would never be able to guess the key itself. This requires a process that cannot be reversed: just as you cannot un-mince meat or build a chicken from a chicken. A similar principle applies to paints, where any two colors can be mixed to produce a third.
How Encryption, Public and Private Keys
Imagine two participants who need to agree on a common color without ever saying it out loud. First, they agree on an initial color, such as yellow. Then each of them chooses their own secret color and mixes it with the yellow to encrypt it. Next, the participants exchange their mixed colors. Each mixes the blend received from the other participant with their own secret color, and as a result, they arrive at a single shared color. This is the shared key. And even if someone were to see the colors they exchanged with each other, they would have no way of determining the shared color. Without knowing the secret colors, it’s impossible.
This is roughly how encryption works on the internet. Except that computers use numbers instead of colors, because everything on the internet communicates in the language of numbers. To start, let’s look at a simple example of such calculations. Let’s try adding 22 and 5. Usually, the result is 27, but here the logic is different. If you imagine a clock face, the number 22 is at the 10 o’clock mark. We add 5 to ten (one, two, three, four, five) and get 3. In other words, according to this logic, 22 plus 5 equals 3. Scientists call this type of calculation “cyclic mathematics.” It’s necessary to ensure that the process cannot be reversed. By adding 22 and 5, we got 3, but if we subtract 5 from 3, it’s unclear which number we started with—it seems like 10, even though it was originally 22.
Let’s look at the process of creating an encryption key using this principle. Two participants each choose a number: the first chose 2, and the second chose 3. Then each adds 14 to their number (on the clock face, this is a full rotation plus another 2 hours). The first participant gets 4, and the second gets 5. Then they exchange these answers and add the number each of them thought of at the very beginning to the resulting number. The first adds 2 to 5, and the second adds 3 to 4. This way, both arrive at the same answer: 7. This happened because, in essence, they were performing the same calculations, just in a different order.
There is a loophole in this simplified process: if you subtract 14 from 4 and 5 on the clock, you can obtain the secret numbers 2 and 3, and with them, it’s easy to calculate the shared key. That’s why, in real-world encryption, numbers aren’t added but raised to a power, making it much harder to reverse the process.
Let’s imagine the same process, but with exponentiation. The first participant again thinks of 2, and the second thinks of 3. Only now, instead of adding 14, they raise that number to a power: the first to the second power, and the second to the third. The first gets 196, and the second gets 2,744. To perform math with such large numbers on a clock, they simply divide them by 12, since there are 12 hours on the clock face. The remainder from the division is what the clock shows: the first person gets 4, and the second gets 8. The participants tell each other these numbers and then raise them to the power of their secret number. Finally, they divide them by 12 again and look at the remainder. Both end up with 4. They have once again arrived at a common number, which is the encryption key.
This is how keys work on the internet. They consist of two halves. The first is the private key. This is the number that each participant chose, or the secret color from the example. The phone generates it randomly and never reveals it online. Then it generates a public key—this is the number that participants share with each other, or the color that resulted after mixing with yellow. If two people exchange public keys and mix them with their private keys, they will obtain a shared encryption key.
That’s exactly why Telegram asks you to verify four emojis when you make a call. It has already done all the work when establishing the connection, and these four emojis are the encryption key that only the two participants can see. The same thing happens when you visit any website: first, encryption keys are exchanged, and only then is the traffic encrypted so that it cannot be hacked. This same principle of using keys underlies the entire cryptocurrency system. Bitcoins are stored on hundreds of thousands of computers, but only one person can use them because they’re all encrypted, and only the owner has the key to these encryptions. The key here is the seed phrase—that very set of words you write down when creating a wallet. It works like a password, except you can’t change it or view it again, because—to put it very simply—it is the private key (the secret code). A wallet address, on the other hand, is a public key, which is why you can share the address but not the seed phrase.
These kinds of key-based algorithms are everywhere: when connecting to Bluetooth headphones or CarPlay in a car, a separate key is embedded in a bank card, another in an electronic signature, and even simple Wi-Fi passwords are keys too. All online security relies on these keys: money, documents, and personal data. Humanity has placed its trust in these ciphers because it is convinced that no one can crack them. People thought the same way back in the days of Enigma: the Germans staked everything on a single cipher because, at the time, there was no computer capable of trying every possible combination to crack it—or, more precisely, they thought no such computer existed. However, a machine capable of cracking modern ciphers now exists—the quantum computer.
To understand how it works, let’s look at some actual code for a quantum computer written in Python. All this simple code does is calculate the outcome of a coin flip: heads or tails. After a thousand virtual flips, the computer outputs the result: heads came up 46 percent of the time, tails 49 percent of the time, and a calculation error occurred 4.5 percent of the time. A quantum computer does not provide a specific answer but calculates a probability, and this is its main difference from a conventional computer. In a conventional computer, bits function like switches: either on or off—0 or 1. You can assemble words and numbers from these switches, add them together, and do just about anything else. But qubits in a quantum computer can be not only 0 and 1, but also a probability between 0 and 1.
This principle of probability control can be illustrated by the example of flipping a coin. If you tilt your hand and flip the coin so that it doesn’t spin but simply rotates with the desired side facing up, then that side will land face up. If heads was facing up, then heads will land. A 50-50 probability occurs when this is done at random, but if done deliberately, this probability can be controlled. This is exactly what a quantum computer does.
How Quantum Computers Work, Post-Quantum Encryption, and Social Engineering
To predict tomorrow’s weather, each atmospheric phenomenon can be assigned its own qubit. The first qubit will be responsible for rain. It hasn’t rained anywhere for a week, so the probability associated with that qubit is low. The second qubit is responsible for wind. The wind has been blowing outside for two days now and is gradually picking up, so the probability is higher. The same applies to all atmospheric indicators. This will require hundreds, if not thousands, of qubits. Each one will estimate the probability of a single small event, and together they will predict the final outcome: 87.5% chance of rain, 12% chance of clear skies, and another 0.5% chance of a sudden July snowfall.
The IBM computer has only 156 qubits. That’s not really that many. But quantum computers with tens of thousands of qubits can not only predict the weather, but also develop new drugs and, of course, crack every encryption key on the internet. A conventional computer would have to try every key one by one, and it simply wouldn’t have enough time—even all the time humanity has—to find the right one. A quantum computer, on the other hand, would immediately guess the correct one with a 99.999% probability.
When a quantum computer with the required number of qubits becomes available, the so-called “quantum apocalypse” may occur. In such a scenario, Face ID and fingerprint scanners would no longer recognize the user. Your inbox would be flooded with messages about loans that have been taken out in your name. The bank wouldn’t recognize you even with your passport. All money transfers would be frozen because it’s unclear who they’re from or where they’re going. There would be no new posts on social media because it’s impossible to tell who owns which account. Gas, electricity, and water would be cut off because you no longer exist in the database. All that’s left is to hope there’s enough time to get far away from the cities while the car still starts and before anarchy and looting break out. All of this is happening because anyone who connects to a quantum computer can now crack encryption keys.
When attempting to run the code to crack the laptop’s encryption on an IBM quantum computer in the U.S., an error occurs. The system reports that 9,216 qubits are required for this and that no suitable quantum computer is currently available. So, for now, modern devices are safe.
In reality, even if a computer with the required number of qubits were to appear, it would not be able to break the encryption. This is because all existing qubits are currently imperfect. All the qubits mentioned earlier are logical qubits. What does that mean? A logical qubit is something we’ve conceived in our minds—a theoretical abstraction. But to explain to a machine how this idea works in practice, a very large number of physical qubits are needed. And if a thousand logical qubits are required, then at least tens of thousands—or even millions—of physical qubits are needed. Otherwise, the quantum computer would produce a random answer every time.
The entire room, equipped with specialized equipment, constitutes a single large quantum computer. The blue light in this setup is a laser that controls 6,000 microscopic qubits.
Under the microscope, each dot represents a qubit—or, more precisely, an individual cesium atom whose energy fluctuates slightly back and forth, like heads or tails. But all these qubits are merely prototypes. They cannot work together to solve a single problem. What’s more, they constantly make mistakes, and the probability of their “heads or tails” state is still not exactly 50%. Cracking an encryption key is a problem billions of times more complex, which is why current systems cannot handle it.
If a quantum computer with perfect qubits does eventually emerge, it’s unlikely to make the news, since it’s in any country’s best interest to keep quiet about it and quietly crack everyone else’s encryption. Such a scenario is possible, but even in that case, the data remains secure.
The world is constantly changing, and to prevent a repeat of the situation with the “Enigma” cipher machine, people have already devised a new type of encryption that will be secure even against quantum computers. Even now, modern smartphones encrypt messages using post-quantum encryption. This is the method used to encrypt any message in messaging apps like iMessage. The keys here are hundreds of thousands of times longer than the ones we’re used to. This isn’t some fundamentally new cipher. The algorithm itself has hardly changed—it’s still the same “Enigma.” It’s just that the keys have become much longer, making it an impossible task even for a quantum computer to brute-force them. Thus, a virtually perfect cipher has been created. Companies will implement it gradually, even before a fully functional quantum computer appears, staying one step ahead of the threat.
However, there is a fundamental threat looming over all ciphers, both present and future—people themselves. Mary Stuart did not die because of a simple cipher; she simply trusted it too much and therefore used it to write down all the details of her conspiracy. And her accomplices were caught because of letters sent to the police and ended up revealing their own names. A similar situation occurred with “Enigma.” The cipher was excellent, but first its secret was sold by a low-paid employee, and then it was cracked because the weather forecast was always sent at exactly six in the morning. People are the main vulnerability of any cipher.
Even the most ingenious encryption can be cracked with a phone call, using tactics such as claiming a relative has been in an accident and asking the victim to dictate a code from a text message. Whereas cracking codes used to be a matter of cryptanalysis, today it’s social engineering—that is, exploiting people themselves via cell phones or the internet. Examples of this include numerous well-known cases of fraud and schemes in which scammers swindle millions from the elderly.
Another example is a case from 2018, when money began disappearing from accounts at a South African bank. First, funds disappeared from one person’s account, then from another. This pattern repeated itself 25,000 times. In this instance, the fraudsters did not call the customers—the bank itself lost their money.

At that time, the bank was migrating from one set of servers to another, and one employee printed out the encryption key for convenience. The result was a plain A4 sheet with 36 characters. That turned out to be enough to decrypt all the bank’s data. Money in an account isn’t a physical stockpile of gold in a vault, but simply a number in a database. When the key is entered in the right place, the encryption disappears, and an edit button appears next to the balance. Over the course of a year and a half, that employee illegally credited himself with $3 million. He was never found, as the breach was detected too late.
It doesn’t matter how secure an encryption algorithm is: if it’s used by people rather than robots, there will always be a way to bypass it. To stay safe in such conditions, you must constantly assess the value of the information you need to protect. A supermarket loyalty card number is not particularly important and poses no risk if leaked. However, the most critical passwords and the seed phrase for a crypto wallet are best kept in your memory or written down on paper in a highly secure location. Data security depends first and foremost not on encryption algorithms, but on the users themselves.










