When you think of encryption, what likely springs to mind are movies and TV shows filled with hacking and mysterious messages. You might also think of the battle between Apple and the FBI over the latter demanding access to encrypted information on a San Bernardino shooter's iPhone. But it's simpler: Encryption is the technique by which the understandable is rendered unintelligible—to anyone not holding the key, that is. Spies use encryption to send secrets, generals use it to coordinate battles, and criminals use it to carry out nefarious activities.

Encryption systems are also at work in nearly every facet of modern technology, not just to hide information from criminals, enemies, and spies but also to verify and clarify basic, personal information. The story of encryption spans centuries, and it's as complicated as the math that makes it work. And new advances and shifting attitudes could alter encryption completely.

We talked to several experts in the field to help us understand the many facets of encryption: its history, current state, and what it may become down the road. Here's what they had to say.

The Birth of Modern Encryption

Professor Martin Hellman was working at his desk late one night in May, 1976. Forty years later, he took my call at the same desk to talk about what he had written that night. Hellman is better known as part of the pair Diffie-Hellman; with Whitfield Diffie, he wrote the milestone paper New Directions in Cryptography, which completely changed how secrets are kept and more or less enabled the Internet as we know it today.

Prior to the publication of the paper, cryptography was a fairly straightforward discipline. You had a key that, when applied to data—a message about troop movements, for example—rendered it unreadable to anyone without that key. Simple cyphers abound even now; substitution cyphers, where a letter is replaced with another letter, is the simplest to understand and is seen daily in various newspaper cryptoquip puzzles. Once you discover the substitution, reading the rest of the message is simple.

For a cypher to work, the key had to be secret. This held true even as encryption methods became more and more complex. The technological sophistication and murderous severity of the Second World War produced several cryptographic systems that, while challenging, were still based upon this principle.

The Allies had SIGSALY, a system that could scramble voice communications in real time. The system's keys were identical phonograph records that were played simultaneously while the conversation was in progress. As one person spoke into the telephone, their words were digitized and meshed with specifically created noise on the record. The encrypted signal was then sent to another SIGSALY station, where it was decrypted using the encoding record's twin and the voice of the speaker was reproduced. After each conversation, the records were destroyed; new ones were used for each call. So each message was encoded with a different key, making decrypting much harder.

The German military relied on a similar but more storied system for text communication: The Enigma machine consisted of a keyboard, wires, a plugboard similar to a telephone switchboard, rotating wheels, and an output board. Press a key, and the device would run through its mechanical programming and spit out a different letter, which lit up on the board. An identically configured Enigma machine would perform the same actions, but in reverse. Messages could then be encrypted or decrypted as fast as they could be typed, but the key to its infamous success was that the specific cypher changed each time the letter was pressed. Press A and the machine would display E, but press A again and the machine would display a completely different letter. The plugboard and additional manual configurations meant that huge variations could be introduced into the system.

The Enigma and SIGSALY systems were early equivalents to an algorithm (or many algorithms), performing a mathematical function over and over again. Breaking the Enigma code, a feat carried out by Alan Turing and fellow codebreakers at England's Bletchley Park facility, hinged on being able to understand the methodology employed by the Enigma machine.

Hellman's work with cryptography was quite different in a number of ways. For one thing, he and Diffie (both mathematicians at Stanford University) were not working at the behest of a government organization For another, everyone told him he was crazy. In Hellman's experience, this wasn't anything new. "When my colleagues told me not to work in cryptography—instead of scaring me away, it probably attracted me," he said.

Public Key Encryption

Hellman and Diffie, with the help of a third collaborator, Ralph Merkle, proposed a radically different kind of encryption. Instead of a single key on which the entire system would hang, they suggested a two-key system. One key, the private key, is kept secret as with a traditional encryption system. The other key is made public.

To send a secret message to Hellman, you'd use his public key to encipher the message and then send it. Anyone who intercepted the message would see just a great amount of junk text. Upon receipt, Hellman would use his secret key to decypher the message.

The advantage might not be immediately obvious, but think back to SIGSALY. For that system to work, both sender and receiver needed identical keys. If the receiver lost the key record, there was no way to decrypt the message. If the key record was stolen or duplicated, the message could be unencrypted. If enough messages and records were analyzed, the underlying system for creating the keys could be discerned, making it possible to break every message. And if you wanted to send a message but did not have the correct key record, you couldn't use SIGSALY at all.

Hellman's public key system meant that the encryption key didn't need to be secret. Anyone could use the public key to send a message, but only the owner of the secret key could decipher it.

Public key encryption also eliminated the need for a secure means to relay cryptographic keys. Enigma machines and other encoding devices were closely guarded secrets, intended to be destroyed if discovered by an enemy. With a public key system, the public keys can be exchanged, well, publicly, without risk. Hellman and I could shout our public keys at each other in the middle of Times Square. Then, we could take each other's public keys and combine them with our secret keys to create what's called a "shared secret." This hybrid key can then be used to encrypt messages we send to each other.

Hellman told me he was aware of the potential of his work back in 1976. That much is clear from the opening lines of New Directions in Cryptography:

"We stand today on the brink of a revolution in cryptography. The development of cheap digital hardware has freed it from the design limitations of mechanical computing and brought the cost of high grade cryptographic devices down to where they can be used in such commercial applications as remote cash dispensers and computer terminals. In turn, such applications create a need for new types of cryptographic systems which minimize the necessity of secure key distribution channels and supply the equivalent of a written signature. At the same time, theoretical developments in information theory and computer science show promise of providing provably secure cryptosystems, changing this ancient art into a science."

"I remember talking with Horst Feistel, a brilliant cryptographer who started IBM's effort that led to the data encryption standard," said Hellman. "I remember trying to explain [public key cryptography] to him before we had a workable system. We had the concept. He basically dismissed it and said, 'You can't.'"

His iconoclastic streak wasn't the only thing that drew Hellman to the advanced math at the heart of cryptography; his love of math did, too. "When I first started looking at [mathematical systems, I felt] like... Alice in Wonderland," he told me. As an example, he presented modular arithmetic. "We think that two times four is always eight, [but] it's one, in mod seven arithmetic."

His example of modular arithmetic isn't random. "The reason we have to use modular arithmetic is it makes what are otherwise nice, continuous functions that are easy to invert into very discontinuous ones that are hard to invert, and that's important in cryptography. You want hard problems."

This is, at its core, what encryption is: really hard math. And all cryptographic systems can, eventually, be broken.

The simplest way to try to break encryption is just to guess. This is called brute-forcing, and it's a boneheaded approach to anything. Imagine trying to unlock someone's phone by typing all the possible four-digit combinations of the numbers from 0 to 9. You'll get there eventually, but it could take a very, very long time. If you take this same principal and scale it up to a massive level, you start approaching the complexity of designing cryptographic systems.

But making it hard for an adversary to crack the system is only part of how encryption needs to work: It also needs to be doable by the people who are doing the encrypting. Merkle had already developed part of a public key encryption system before Diffie and Hellman published New Directions in Cryptography, but it was too laborious. "It worked in the sense that the cryptanalysts had to do a lot more work than the good guys," said Hellman, "But the good guys had to do far too much work for what could be done in those days, and maybe even today." This was the problem that Diffie and Hellman eventually solved.

Hellman's drive to tackle seemingly unsolvable problems takes a more personal bent in his latest work, coauthored with his wife, Dorothie Hellman: A New Map for Relationships: Creating True Love at Home & Peace on the Planet.

Encryption's Bad Reputation

Cryptography is a wonderland of mathematics to Hellman, but the general public seems to assume that encryption implies some kind of nefarious or unseemly activity.

Phil Dunkelberger has built a decades long career in encryption. He started with the PGP company, based on the Pretty Good Privacy protocol invented by Phil Zimmerman and famously put to use by journalists working with Edward Snowden. Currently, Dunkelberger works with Nok Nok Labs, a company working to spearhead adoption of the FIDO system to streamline authentication—and hopefully, to kill passwords.

The problem with how encryption is perceived, Dunkelberger said, is that it has been largely invisible, despite being a daily part of our lives. "Most people don't realize when you put that PIN in… [it] does nothing more than kick off an encryption scheme, and key exchange, and protection of your data to be able to transfer the money and make that little door open and give you your cash."

Encryption, said Dunkelberger, has developed along with modern computing technology. "Encryption has to be able to protect your data to meet the both liability and legal requirements of things that have been around for hundreds of years," he said.

This is more important than ever, because, Dunkelberger said, data has become a currency—one that's stolen and then traded in Dark Web clearinghouses.

"Encryption isn't nefarious. Without encryption, we can't do the things it enables," he said. "It's been an enabler since Julius Caesar used puzzles to send information into the battlefield so it wasn't intercepted by the enemy."

The kind of applied encryption that Dunkelberger works with, bringing it to ATMs, e-commerce, and even telephone conversations, makes things safer. The SIM card in his phone, said Dunkelberger, uses encryption to verify its authenticity. If there was no encryption protecting the device and the conversation, people would simply clone a SIM and make calls for free, and there would be no benefit to the wireless carriers that set up and maintain cellular networks.

"Encryption protects the investment that people made in providing you the goods and services that telephony provides. When you're worried about crime and people using [encryption] to hide or conceal or do things, that's taking a good thing and using it in a bad way," he said.

Dunkelberger has special frustration with legislators who periodically move to break or undermine encryption in the name of stopping the worst criminals. "I think we all agree that we'd like to catch bad guys and we'd like to stop terrorism... I bristled when there was intimation that people [who support encryption] were supporting pedophiles and terrorists."

He provides a counterexample in cameras. Photography is a technology that's been around for a couple hundred years and enables all kinds of positive things: art, entertainment, sharing personal memories, and catching criminals (as in security cameras). "It's bad when those things are turned around and somebody taps into them or is suddenly spying on our daily lives, because that encroaches on our freedoms. At least, the freedoms that most people think we have."

Good Math

Bruce Schneier has the mathematical chops of any cryptologist, but he's mostly known for his honest assessment of issues in computer security. Schneier is something of a mythic figure to some. A colleague of mine, for example, owns a shirt that features Schneier's smooth-headed, bearded visage artfully superimposed onto the body of Walker, Texas Ranger, along with a statement celebrating Schneier's prowess as a security expert and how he is, in fact, standing right behind you.

His personality can, in a word, be described as direct. At the 2013 RSA conference, for example, he said of encryption that "the NSA can't break it, and it pisses them off." He also calmly, cuttingly remarked that it seemed likely that the NSA had found a weakness in a certain type of encryption and was trying to manipulate the system so that weakness was expressed more often. He described the NSA's relationship to breaking encryption as "an engineering problem, not a math problem." The latter statement is about working at scale: The crypto can be broken, but the messages still need to be decrypted.

Schneier is someone who understands the value of good math. He told me (paraphrasing Bletchley Park cryptanalyst Ian Cassels) that crypto is a mix of math and muddle, of building something very logical but also very complex. "It's number theory, it's complexity theory," said Schneir. "A lot of bad crypto comes from people who don't know good math."

A fundamental challenge in cryptography, said Schneier, is that the only way to show a cryptosystem is secure is to try and attack and fail. But "proving a negative is impossible. Therefore, you can only have trust through time, analysis, and reputation."

"Cryptographic systems are attacked in every way possible. They are attacked through the math many times. However, the math is easy to do correctly." And when the math is correct, those kinds of attacks aren't successful.

Math, of course, is far more trustworthy than people. "Math has no agency," said Schneier. "In order for cryptography to have agency, it needs to be embedded in software, put in an application, run on a computer with an operating system and a user. All of those other pieces turn out to be extremely vulnerable to attack."

This is a huge problem for cryptography. Let's say a messaging company tells the world that no one has to worry, because if with its service, all messages will be encrypted. But the average person, you or me, might not have any idea whether the crypto system being used by the company is doing anything at all. That's especially problematic when companies create proprietary crypto systems that are closed for examination and testing. Even if the company does use a strong and proven cryptographic system, not even an expert could tell whether it was properly configured without having extensive inside access.

And then, of course, there's the issue of backdoors in encryption systems. "Backdoors" are various means that allow someone else, perhaps law enforcement, to read encrypted data without having the necessary keys to do so. The struggle between an individual's right to have secrets and the need for authorities to investigate and access information is, perhaps, as old as government.

"Backdoors are a vulnerability, and a backdoor deliberately introduces vulnerability," said Schneier. "I can't design those systems to be secure, because they have a vulnerability."

Digital Signatures

One of the most common uses of encryption, specifically the public key encryption that Hellman helped create and helped Dunkelberger popularize, is verifying the legitimacy of data. Digital signatures are just what they sound like, Hellman told me. Like a handwritten signature, it's easy for the authorized person to make and difficult for an imposter to reproduce, and it can be authenticated roughly with a glance. "A digital signature is very similar. It's easy for me to sign a message. It's easy for you to check that I've signed the message, but you cannot then alter the message or forge new messages in my name."

Normally, when securing a message with public key encryption, you would use the recipient's public key to encrypt a message so that it's unreadable to anyone without the recipient's private key. Digital signatures work in the opposite direction. Hellman gave the example of a hypothetical contract where I would pay him in exchange for the interview. "Which, of course, I'm not going to require."

But if he did intend to charge me, he'd have me write out the agreement and then encrypt it with my private key. This produces the usual gibberish ciphertext. Then anyone could use my public key, which I can give away without fear of compromising the private key, to decrypt the message and see that I did indeed write those words. Assuming my private key hasn't been stolen, no third party could change the original text. A digital signature confirms the author of the message, like a signature—but like a tamper-proof envelope, it prevents the contents from being changed.

Digital signatures are often used with software to verify that the contents were delivered from a trusted source and not a hacker posing as, say, a major software and hardware manufacturer with a fruit-themed name. It was this use of digital signatures, explained Hellman, that was at the heart of the dispute between Apple and the FBI, after the FBI recovered the iPhone 5c owned by one of the San Bernardino shooters. By default, the phone would have wiped its contents after 10 failed login attempts, preventing the FBI from simply guessing the PIN via a brute-force approach. With other avenues allegedly exhausted, the FBI requested that Apple create a special version of iOS that allowed for unlimited number of password attempts.

This presented a problem. "Apple signs each piece of software that goes into its operating system," said Hellman. "The phone checks that Apple has signed the operating system with its secret key. Otherwise, someone could load another operating system that wasn't approved by Apple.

"Apple's public key is built into every iPhone. Apple has a secret key that it uses to sign software updates. What the FBI wanted Apple to do was to create a new version of the software that had this hole in it that would be signed by Apple." This is more than decrypting a single message or hard drive. It's an entire subversion of Apple's security infrastructure for iPhone. Perhaps its use could have been controlled, and perhaps not. Given that the FBI was forced to seek an outside contractor to break into the iPhone, Apple's position was clear.

While data that has been signed cryptographically is unreadable, cryptographic keys are used to open that information and verify the signature. Therefore, cryptography can be used to verify the data, in effect, clarifying critical information, not obscuring it. That's key to blockchain, a rising technology mired in as much controversy as encryption.

"A blockchain is a distributed, immutable ledger that is designed to be completely immune to digital tampering, regardless of what you're using it for—cryptocurrency, or contracts, or millions of dollars worth of Wall Street transactions" Rob Marvin, PCMag assistant editor (who sits a row away from me) explains. "Because it's decentralized across multiple peers, there's no single point of attack. It is strength in numbers."

Not all blockchains are the same. The most famous application of the technology is powering cryptocurrencies such as Bitcoin, which, ironically, is often used to pay off ransomware attackers, who use encryption to hold victims' files for ransom. But IBM and other companies are working to bring it to widespread adoption in the business world.

"Blockchain basically is a new technology that enables businesses to work together with a lot of trust. It establishes accountability and transparency while streamlining business practices," said Maria Dubovitskaya, a researcher at IBM's Zurich lab. She's earned a Ph.D. in cryptography and works not only on blockchain research but also on cooking up new cryptographic protocols.

Very few companies are using blockchain yet, but it has a lot of appeal. Unlike other digital systems for storing information, the blockchain system enforces trust with a mix of encryption and distributed database design. When I asked a colleague to describe the blockchain to me, she said that it was as close as we have yet come to establishing total certainty of anything on the Internet.

The IBM blockchain allows blockchain members to validate one another's transactions without actually being able to see who made the transaction on the blockchain, and to implement different access-control restrictions on who can see and execute certain transactions. "[They] will just know that it is a member of the chain that is certified to submit this transaction," said Dubovitskaya. "The idea is that the identity of who submits the transaction is encrypted, but encrypted on the public key; its secret counterpart belongs only to a certain party that has the power of auditing and inspecting what's going on. Only with this key, the [auditor] can see the identity of whoever submitted the certain transaction." The auditor, who is a neutral party in the blockchain, would enter only to resolve some problem between the blockchain members. The auditor's key can also be split among several parties to distribute the trust.

With this system, competitors could be working together on the same blockchain. This might sound counterintuitive, but blockchains are stronger the more peers are involved. The more peers, the harder it becomes to attack the entire blockchain. If, say, every bank in America entered into a blockchain that held banking records, they could leverage the number of members for more secure transactions, but not risk revealing sensitive information to one another. In this context, encryption is obscuring information, but it's also verifying other information and allowing nominal enemies to work together in mutual interest.

When Dubovitskaya isn't working on IBM's blockchain design, she's inventing new cryptographic systems. "I'm working basically on two sides, which I really like," she told me: She's designing new cryptographic primitives (the fundamental building blocks of encryption systems), proving them secure, and prototyping the protocols that she and her team designed in order to bring them into practice.

"There are two aspects of encryption: how it's used and implemented in practice. When we design cryptographic primitives, like when we brainstorm on a white board, it's all math for us," Dubovitskaya said. But it can't stay just math. Math might not have agency, but people do, and Dubovitskaya works to incorporate countermeasures against known attacks being used to defeat encryption into new cryptographic design.

The next step is developing a proof of those protocols, showing how they are secure given certain assumptions about the attacker. A proof shows what hard problem an attacker has to solve in order to break the scheme. From there, the team publishes in a peer-reviewed journal or a conference and then often releases the code to the open-source community, to help track down missed problems and spur adoption.

We already have many ways and means to render text unreadable, or digitally sign data with encryption. But Dubovitskaya firmly believes that research into new forms of cryptography is important. "Some standard, basic cryptographic primitive might be enough for some applications, but complexity of the systems evolves. Blockchain is a very good example of it. There, we need more advanced cryptography that can efficiently realize much more complex security and functionality requirements," Dubovitskaya said. Good examples are special digital signatures and zero-knowledge proofs that allow one to prove that they know a valid signature with certain properties, without having to reveal the signature itself. Such mechanisms are crucial for protocols that require privacy and free service providers from storing users' personal information.

This process of iterating through proofs is what brought about the concept of zero-knowledge, a model for various types of public key encryption where an intermediary providing the service of encryption—say, Apple—is able to do so without maintaining any of the information necessary to read the data being encrypted and transmitted.

The other reason to design new encryption is for efficiency. "We want to basically make protocols as efficient as possible and bring them to real life," Dubovitskaya said. Efficiency was the devil of many cryptographic protocols two decades ago, when it was considered too onerous a task for computers of the time to handle while delivering a fast experience to human users. "That's also why we keep researching. We try to build new protocols that are based on different hard problems to make systems more efficient and secure."

Related We Asked Experts What Would Happen If Everything Were Encrypted

Applied Cryptology

"If I want to send you a secret message, I can do that with encryption. That's one of the most basic technologies, but now crypto is used for all kinds of things." Matt Green is an assistant professor of computer science and works at the Johns Hopkins Information Security Institute. He mostly works in applied cryptography: that is, using cryptography for all those other things.

"There's cryptography that's math on a whiteboard. There's cryptography that is very advanced theoretical type of protocols that others are working on. What I focus on is actually taking these cryptographic techniques and bringing them into practice." Practices you might be familiar with, like buying stuff.

"Every aspect of that financial transaction involves some kind of encryption or authentication, which is basically verifying that a message came from you," Green said. Another more obscure example is private computations, where a group of people want to compute something together without sharing what inputs are being used in the computation.

The concept of encrypting sensitive information to ensure that it isn't intercepted by malicious third parties is much more straightforward. This is why PC Magazine recommends that people use a VPN (virtual private network) to encrypt their Web traffic, especially when they're connected to public Wi-Fi. An unsecured Wi-Fi network might be operated or infiltrated by a criminal intent on stealing any information that passes through the network.

"A lot of what we do with cryptography is to try to keep things confidential that should be confidential," said Green. He used the example of older cell phones: Calls from these devices could be intercepted by CB radios, leading to many embarrassing situations. Transit encryption ensures that anyone monitoring your activity (either wired or wireless) sees nothing but unintelligible garbage data.

But part of any exchange of information is not only ensuring that no one is spying on you but also that you are who you say you are. Applied encryption helps in this way as well.

Green explained that when you visit a bank's website, for example, the bank has a cryptographic key that's known only to the bank's computers. This is a private key from a public key exchange. "My Web browser has a way of communicating with those computers, verifying that key that the bank has really does belong to, let's say, Bank of America, and not somebody else," said Green.

For most of us, this just means that the page loads successfully and a little lock icon appears next to the URL. But behind the scenes is a cryptographic exchange involving our computers, the server hosting the website, and a certificate authority that issued the confirming key to the website. What it prevents is someone from sitting on the same Wi-Fi network as you and serving you a fake Bank of America page, in order to swipe your credentials.

Cryptographic signatures are, not surprisingly, used in financial transactions. Green gave the example of a transaction made with a chip credit card. EMV chips have been around for decades, though they've only recently been introduced to American's wallets. The chips digitally sign your transactions, explained Green. "That proves to the bank and to a court and to anybody else that I really made this charge. You can forge a handwritten signature really easily, and people have done this all the time, but math is a whole different thing."

That, of course, assumes that the math and implementation of the math are sound. Some of Green's previous work focused on the Mobil SpeedPass, which let customers pay for gas at Mobil stations using a special key fob. Green discovered that the fobs were using 40-bit keys when they should have been using 128-bit keys—the smaller the cryptographic key, the easier it is to break and extract data. If Green or some other researcher hadn't examined the system, this may not have been discovered and could have been used to commit fraud. v The use of encryption also assumes that while there may be bad actors, the cryptographic system is secure. This necessarily means that information encrypted with the system could not be unencrypted by someone else. But law enforcement, nation states, and other powers have pushed for special exceptions to be made. There are many names for these exceptions: backdoors, master keys, and so on. But regardless of what they are called, the consensus is that they could have a similar or worse effect than attacks by the bad guys.

"If we build cryptographic systems that have backdoors, they'll start out being deployed in these specific applications, but people will end up reusing the crypto for lots of different purposes. Those backdoors, which may or may not have made sense in the first application, get reused for another application," said Green.

For example, Apple built the iMessage messaging system to be encrypted from end to end. It's a well-constructed system, so much so that the FBI and other law enforcement agencies have complained that it might hinder their ability to do their jobs. The argument is that with the popularity of iPhones, messages that would otherwise have been available for surveillance or evidence would be rendered unreadable. Those in support of enhanced surveillance call this nightmare scenario "going dark."

"It turns out Apple uses that same algorithm or set of algorithms to do the inter-device communication that they've started building. When your Apple Watch talks to your Mac or to your iPhone, it's using a variant of that same code," said Green. "If somebody built a backdoor into that system, well, maybe it's not the biggest deal in the world. But now you have the possibility that somebody can eavesdrop on messages going between your phone and your watch, read your email. They could maybe send messages to your phone or send messages to your watch and hack the phone or the watch."

This is technology, Green said, that we all rely on without really understanding it. "We as citizens rely on other people to look at technology and tell us if it's safe, and that goes for everything from your car to your airplane to your banking transactions. We trust that other people are looking. The problem is that it's not always easy for other people to look."

Green is currently engaged in a court battle over the Digital Millennium Copyright Act. It's most famously used to prosecute file-sharing pirates, but Green said that companies could use the DMCA Section 1201 to prosecute researchers like him for trying to do security research.

"The best thing that we really know how to do is try to settle on a few reputable solutions that have been looked at by experts and have gotten some praise by experts," said Green.

Quantum Cryptography

With the egoless interest of someone really passionate about his craft, Martin Hellman explained to me the limitations of the cryptographic system he helped create and how Diffie-Hellman encryption was being picked apart by modern researchers. So he's entirely credible when he says that cryptography faces some surprising challenges.

He told me that in 1970 there was a major breakthrough in factoring, called continued fractions. The difficulty involved in factoring large numbers is what makes cryptographic systems so complex, and therefore difficult to crack. Any advance in factoring reduces the complexity of the cryptographic system, making it more vulnerable. Then in 1980, a breakthrough pushed factoring further, thanks to Pomerance's quadratic sieve and the work of Richard Schroeppel. "Of course, RSA [computer encryption] didn't exist in 1970, but if it did, they would have had to double key sizes. 1980, they had to double them again. 1990 roughly, the number field sieve roughly doubled the size of numbers again that we could factor. Notice, almost every 10 years—1970, 1980, 1990—there's been a doubling of key size required. Except in 2000, there was no advance, no major advance since then."

Some people, Hellman said, might look at that pattern and assume mathematicians had hit a wall. Hellman thinks differently. He invited me to think of a series of coin flips. Would I assume, he asked, that after coming up heads six times in a row, it was a certainty that the next flip would be heads?

The answer, of course, is absolutely not. "Right," said Hellman. "We need to worry that there might be another advance in factoring." That could weaken existing cryptographic systems or render them useless altogether.

This might not be a problem right now, but Hellman thinks we should be looking for backup systems for modern crypto in the event of future breakthroughs.

But it's the possibility of quantum computing, and with it, quantum cryptanalysis, that could actually break every system that currently relies on encryption. Today's computers rely on a binary 1-or-0 system to operate, with light and electricity behaving as they should. A quantum computer, on the other hand, could take advantage of quantum properties to function. It could, for example, use a superposition of states—not just 1 or 0 but 1 and 0 at the same time—enabling it to perform many calculations simultaneously. It could also make use of quantum entanglement, in which a change to one particle is expressed in its entangled twin faster than light.

It's the sort of thing that makes your head ache, especially if you already get tripped up trying to understand classical computers. The fact that we even have the phrase "classical computers" is perhaps indicative of how far we have come with practical quantum computing.

"Pretty much all of the public key encryption algorithms we use today are vulnerable to quantum cryptanalysis," said Matt Green. Remember, the utility of modern encryption is that it takes seconds to encrypt and decrypt information with the right keys. Without the keys, it could take an incredibly long time even with a modern computer. It's that differential in time, more than math and implementations, that makes encryption valuable.

"Normally [it] would take millions and millions of years for standard classical computers to break, but if we are able to build a quantum computer, we know algorithms we can run on it that would break these cryptographic algorithms in a few minutes or a few seconds. These are the algorithms we use to encrypt pretty much everything that goes over the Internet, so if you go to a secure webpage, we use these algorithms; if you do financial transactions, you're probably using some of these algorithms. Yes, the person who builds a quantum computer first will be able to break and listen in on a lot of your conversations and your financial transactions," said Green.

If you've wondered why major world players like the U.S. and China are spending enormous volumes of cash investing in quantum computing, that's at least part of the answer. The other part is doing some computational work that could yield breakthroughs of enormous importance: say, ending diseases.

But as Hellman suggested, researchers are already working on new cryptographic protocols that would stand up to scouring by a quantum computer. The quest for a working quantum computer has yielded promising results, but anything even resembling an effective quantum computer is far from the mainstream. Thee research in how to guard against quantum cryptanalysis goes forward operating under the assumptions we can make about how such a computer would work. The result is a wildly different kind of encryption.

"These problems are fundamentally mathematically different from [the] algorithms that you can use the quantum computer to break," Maria Dubovitskaya told me. A new kind of math using lattice-based assumptions, explained Dubovitskaya, is being used to ensure that when the next generation of computers comes online, cryptography doesn't disappear.

But quantum computers that would give Einstein a heart attack are just one of the threats to modern encryption. A more real concern is the ongoing attempt to make encryption fundamentally insecure in the name of national security. The tensions between government and law enforcement efforts to make encryption more accessible to surveillance has gone on for decades. The so-called Crypto Wars of the 1990s had many battles: The CLIPPR chip, an NSA-endorsed system designed to introduce a cryptographic backdoor into the U.S. mobile telephony system; attempting to bring criminal charges against PGP's creator Phil Zimmerman for using more secure encryption keys than were legally allowed; and so on. And of course, in recent years, the focus has moved from limiting encryption systems to introducing backdoors or "master keys" to unlock messages secured with those systems.

The issue, of course, is far more complex than it appears. Phil Dunkelberger said that, in the case of bank records, there can be dozens of records with individual encryption keys, and then keys to simply look at the data stream. This, he said, brings about the discussion of so-called master keys that would cut through these layers by weakening the math at the heart of the systems. "They start talking about weaknesses in the algorithm themselves, not the implied use of encryption," he said. "You're talking about being able to run at the foundation of that protection itself."

And perhaps frustration looms even larger than the danger. "We've got to get out of revisiting the same problems," said Dunkelberger. "We've got to start looking at innovative ways to solve the problems and move the industries forward, so the users can just go about their lives as they would any other day."

This story was originally published in the PC Magazine Digital Edition.

Further Reading

Security Reviews