Please note: we are not currently updating this site with new content, but please continue to explore our resources.

# All about... cryptography

Classified documents released by former National Security Agency contractor Edward Snowden have revealed that spy organisations have cracked the encryption used to protect the privacy of emails and medical records, and the security of online financial transactions. Can physics stop snoops where maths fails?

Much web traffic, such as email and payments for goods and services, is sent over a secure protocol, meaning that its contents are encrypted before being transferred.

Commonly used methods of encryption are based on pure maths. They convert the plain-text message into “ciphertext” – a version that appears garbled – by substituting characters for other characters. If the message is intercepted, it will read as nonsense unless it’s decrypted.

Decoding a message needs the encryption key – i.e., the way in which text is converted between plain text and ciphertext.

One simple cipher, used by Julius Caesar, simply replaces each letter with another letter a fixed distance down the alphabet. The famous German Enigma machines used a complex series of rotors to determine the nature of the substitution.

Keys typically used online are 128 bits long, which was thought to be secure against brute-force attacks that check every possible combination until the right answer is found, but which were first cracked by a team of Israeli researchers in 2010.

A one-time pad, on the other hand, is impossible to crack – if used properly. It’s made up of a random string of text that converts the original message via modular addition.

In its simplest form, each letter is assigned a number from one to 26, and the plaintext is added to the key of the one-time pad. (If the result for any pair of letters is more than 26, then 26 is subtracted).

So for example if the plaintext message is “HELLO”, and the random key of the one-time pad is “NTNHR”, then adding the two together produces ciphertext that reads: “VYZTG”. Subtracting the key again restores the plain text, which can then be read by the recipient of the message.

Encryption using a one-time pad can’t ever be broken provided that the text of the pad is truly random, at least as long as the plaintext message, only used once – and never shared or intercepted.

That’s where physics comes in – specifically, quantum mechanics.

At the smallest scales, strange things begin to happen. Particles become wave-like, and vice-versa. Among the results of this is the “uncertainty principle”, formulated by Werner Heisenberg in 1927.  It states that complementary variables, such as position and momentum, can’t be precisely measured simultaneously, and that it’s impossible to measure a system without disturbing it.

Quantum key distribution” uses this property of the universe to exchange cryptographic keys securely. They can be sent across optical fibres using single photons – which are impossible to intercept without disturbing the system and being detected.

So the strange behaviour of individual particles can help keep your most private data away from prying eyes – as long as a rogue contractor doesn’t simply walk away with it.

The folowing links are external