This episode is supported by NordVPN. Start protecting your internet experience

today with a 3-year VPN plan. Get 75% off, plus 1 month free by using the

code“SCISHOW” at NordVPN.comSCISHOW. [ intro ] It’s 406 BCE. You, the commander of Sparta’s navy, have

a top-secret message for your magistrate back home: the new strategy to defeat those dastardly

Athenians is to cut off their grain supply! But wait…what if your messenger gets captured? Athens might see your message and head off

your plan! The standard Spartan solution was a scytale—a

wooden rod paired with a strip of leather. You’d wind the leather around the rod and

write your message line by line. When you unwound the leather, the letters

would look like a meaningless jumble to anyone who didn’t know the width of the rod. Of course, all you’d have to do was try

a bunch of different thicknesses until the letters turned into words, so it wouldn’t

be an especially difficult code to crack. Over the centuries, people have tried to do

better, coming up with more and more sophisticated ways to encrypt, or scramble, information. Most of these encryption methods weren’t

perfect—there was always a chance that an attacker would manage to undo the procedure

you used to encode the information. But with the help of computers, we now have

ways to encrypt information that are almost impossible to crack. That’s a very good thing, because encryption

is what protects your bank password from hackers, keeps prying eyes out of your WhatsApp messages,

and even makes sure those Windows updates really came from Microsoft. The weird thing, though, is that these practically-unbreakable

codes are still based on the same building blocks the ancient Greeks used — with just

a couple of twists. Any coded message has two main parts: The

first component is the cipher—a scrambling procedure like the scytale, which is meant

to mash up the message into something unrecognizable. The second component is the key—some secret,

like the diameter of the scytale, that keeps unauthorized people from unscrambling the

message. In modern encryption, the process of sharing

keys can be kind of involved. And it definitely involves way more math than

before computers were a thing. But none of that matters unless you have a

usable cipher that can’t be cracked. Those have only existed for a few decades,

but they’re built on the same ideas we’ve been using for centuries. In fact, many modern ciphers just involve

taking the two main types of classical ciphers and applying the techniques a little differently. One type of classical cipher is the transposition

cipher, where the key tells you how to reorder the letters in the message. The scytale was a simple version of that. A more sophisticated example of a transposition

cipher is the route c ipher. Say you wanted to encrypt a message telling

the Spartans back home to “cut off the grain supply.” You’d write it down in a grid of, say, 5

columns, then read off the letters in a prearranged pattern. That path through the grid is your key. Transposition ciphers leave each letter intact

and swaps their positions. The other type of classical cipher, the substitution

cipher, does the opposite: it leaves each letter in position, but replaces it with something

else. The best-known example is the Caesar cipher,

named after Julius Caesar, who was quite the cryptography enthusiast. He liked to send secret military messages

by sliding every letter down three places in the alphabet. So A became D, B became E, and so on down

the line until Z wrapped around to C. Here’s what our message looks like encrypted

with Caesar’s method. Of course, a Caesar cipher doesn’t have

to stick to shifting by three. The key that tells you how far to rotate the

alphabet can be anything from 1 to 25. And why stop there? Forget Caesar ciphers; you could make the

key to a substitution cipher any of the over 400 septillion ways you can rearrange the

alphabet. Substitution and transposition are fine for

passing notes in class, but they have some pretty serious security flaws. A transposition cipher is just a giant anagram. And anagrams aren’t that hard to crack. Substitution ciphers, meanwhile, leave all

the structure of the original text. So for example, if an enemy intercepts the

message and sees that ‘x’ is the most common letter, it’s a safe bet that it corresponds

to ‘e’. And then maybe they’ll notice “IRX”

all over the place and guess that it spells “the,” and so on with other letters and

words. With some statistics and good guessing—what

cryptographers call frequency analysis—it’s easy to work out the key. You can make frequency analysis harder by

systematically re-scrambling the alphabet after every letter. A classic cipher called the Vigenère cipher

works that way, as did the famous Enigma machines used by the Germans in World War II. But even then, some patterns still leak through. In particular, if you know a specific word

will show up a lot—“Führer,” for example—and you know the rules for re-scrambling the alphabet,

you can guess which chunks of encrypted text might correspond to that word. That’s how the computer scientist Alan Turing

and his colleagues were eventually able to crack the Enigma. So, both transposition and substitution have

some pretty big weaknesses. But even today, these two techniques do most

of the work! You just need to fix their flaws. In 1949, a computer science pioneer named

Claude Shannon suggested a simple solution: alternate between applying substitution and

transposition to the same message. One version of Shannon’s idea had actually

been used earlier, during World War I, when the Germans developed a cipher called ADFGVX. But it was still crackable. To encode a message, you’d first print a

jumbled alphabet into a 6-by-6 square with the letters ADFGVX along the sides. That would be the key, which would tell you

how to translate each character in the message to a corresponding two-letter code. So the ‘C’ in “cut” would become FG,

‘u’ would be XX, and so on. Once you used that first key to code the letters,

you’d write the coded letters into another grid. Across the tops of the columns you’d write

letters that you’ll use for a second key. This would be the transposition part of the

cipher, where you rearrange the letters in the message. To actually rearrange them, you’d switch

the order of the columns so the key you wrote on top is in alphabetical order. Then you’d read off columns vertically,

and that’s your encrypted message. The French managed to crack ADFGVX shortly

after the Germans introduced it, but only because it didn’t take the combination idea

far enough. Shannon realized that if you keep alternating

between transposition and substitution, each fixes the weaknesses of the other. With transposition alone, you can crack the

code by anagramming. But when you add substitutions, characters

in the original are changed in unpredictable ways. With substitution, on the other hand, you

can break the encryption by analyzing the structure of the text, like by looking for

common words and letter combinations. But when you add transposition, any repetitions

or groupings get spread out all over. If you alternate between them, applying both

strategies multiple times, every bit of the encrypted text depends in a very complex way

on the entire key and the entire original message. Much of modern cryptography is built on Shannon’s

alternating ciphers, although computers allow for more fiddly transformations and bigger

keys. The first widespread digital cipher was the

Data Encryption Standard, which was commissioned in 1976 by what’s now the U.S. National

Institute of Standards and Technology, or NIST. These days there are tons of different options,

but most, including that original Data Encryption Standard, follow a similar procedure. For example, many are based on a process called

a substitution-permutation network. The idea is to alternate between two ways

to scramble the data: First, there’s the substitution box, which

replaces short sequences of bits, or zeros and ones, with different sets of zeros and

ones. —

It’s like how the ADFGVX cipher replaced letters of the alphabet with other letters,

except using sets of zeros and ones instead. Then there’s the permutation box, which

swaps around the positions of the bits. That’s the transposition part. Then you repeat both steps over and over and

over. Without the key, the result is practically

indistinguishable from random garbage. But this method does have one big limitation:

the boxes you use for each encoding step are small, fixed-size tables, so they can only

operate on small, fixed-size blocks of data. Ciphers like this are called block ciphers. Problem is, sometimes you need to encrypt

more than a few bits at a time. Like, what if your bank statement stretches

on for pages? It might seem like you could just encrypt

each smaller chunk of data separately—but that’s a big no-no. Just look at what happens to Tux, the friendly

penguin who personifies the type of operating system called Linux, if you encrypt him block

by block. Each block turns into something random-looking. But identical blocks get encrypted the same

way, so the structure shows through. A few years after that original data encryption

standard came out, NIST came to the rescue with new ways to extend block ciphers for

messages of any length. These techniques mix information from all

previous blocks into each new block. That way information spreads out across the

whole encrypted message and the structure doesn’t stick out anymore. Another way to encrypt big messages is what’s

known as a stream cipher. It builds on the idea of the substitution

cipher, but it doesn’t directly combine older methods the way block ciphers do. Instead, a stream cipher makes the encrypted

text look random by mixing every bit with another, randomly generated zero or one. Of course, to decrypt a message where you’re

mixing in a totally random bit every single time, you’d need that whole list of random

zeros and ones. That’s a key as big as your message! So instead, stream ciphers use math to generate

a long sequence of random-looking bits based on a shorter secret key. Of course, even with the best ciphers, there’s

still a major challenge: when you share the key with the person you’re sending the message,

you need to make sure it’s not intercepted. That’s another problem modern cryptography

has been able to solve, although in this case the techniques we use are very different from

how keys were exchanged before computers became a thing. So we’ll leave that story for another episode. But none of that other stuff would matter

without fast and secure ways of encoding information. Everything we do with computers today would

be so much harder. So let’s just thank all the cryptographers

from ancient Greece to today for allowing us to safely order our favorite snacks online. And speaking of cryptographers and encryption,

thanks to NordVPN for supporting SciShow. Right now, NordVPN is offering SciShow viewers

a 3-year Virtual Private Network plan for 75% off, plus 1 month free. When you’re ordering your favorite snacks

online, or sharing this episode of SciShow with your ancient Spartan friends, you want

to make sure your information is secure. With a Virtual Private Network from NordVPN

your information is encrypted and sent via one of their super fast servers, so you know

it’s safe. NordVPN has over 5100 secure servers in 62

countries and they’re always adding more. You’ll also never be slowed down with their

unlimited bandwidth and 247 customer support. Head to NordVPN.comSciShow and use the code

“SciShow” to get your 3-year plan for 75% off, plus 1 month free.