Well before the Data Encryption Algorithm was specified by FIPS 46 in 1977, people were using various forms of encryption to protect sensitive information. Encrypted information actually appears in the Bible, and both Julius Caesar and Augustus Caesar used a form of encryption for their sensitive communications.
The book of Jerimiah in the Bible contains examples of an Atbash cipher. In an Atbash cipher, a letter is replaced by the corresponding letter in a reversed alphabet, so A is replaced by Z, B is replaced by Y, etc.
The word “Atbash” comes from the Hebrew words “aleph,” “tav,” “beth” and “shin,” which are the first, last, second, and next-to-last letters in the Hebrew alphabet, so saying “Atbash cipher” roughly corresponds to saying “AZBY cipher” in English. The book of Jeremiah was written in about 600 BC, so encryption has probably been around for at least 2,600 years.
But the Atbash cipher might have been just a word game in which speakers of Hebrew would engage. The way that it is used in the Bible suggests that its intended audience may have understood how to figure out what plaintext a ciphertext corresponded to, so it may not have been used to ensure privacy. So even though the Atbash cipher technically is a form of encryption, it may not have been used to protect sensitive information from eavesdroppers.
When in Rome
But using encryption for that purpose definitely happened a few centuries later, when Julius Caesar used a form of encryption to protect sensitive information. In particular, he used the eponymous Caesar Cipher to encrypt private communications. His use of the Caesar cipher was described by Suetonius in his The Lives of the Caesars like this:
There are also letters of his to Cicero, as well as to his intimates on private affairs, and in the latter, if he had anything confidential to say, he wrote it in cipher, that is, by changing the order of the letters in the alphabet, so that not a word could be made out. In anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D for A, and so on with the others.
Another way to say this is that to encrypt we shift a letter forward three letters in the alphabet, and to decrypt we shift a letter three letters backwards in the alphabet (wrapping around from Z to A or from Z to A as necessary).
Contemporaries of Julius Caesar also used ciphers to protect their private communications. In The Lives of the Caesars, Suetonius tells us that Augustus Caesar also encrypted his personal communications:
Whenever he wrote in cipher, he wrote B for A, C for B, and the rest of the letters on the same principle, using AA for Z.
Because both Julius Caesar and Augustus Caesar used ciphers to protect their personal communication, and the way that they did this was well enough known for Suetonius to have written about it in The Lives of the Caesars in AD 121, it may be the case that similar forms of encryption were well known in the time of the Roman empire, and that the privacy of any information encrypted with them may have depended more on the fact that the ability to read and write was far from universal in that time instead on the security provided by the encryption itself.
The Caesar Cipher was eventually broken by a clever cryptanalyst. In approximately AD 850, the great Arab scientist Al-Kindi used frequency analysis to do this. To apply this idea to a message in English encrypted by a Caesar cipher, we note that the most common letter in English words is E, so that the most common letter in ciphertext probably corresponds to the plaintext letter E. If this letter happens to be H, for example, then we probably have that E gets encrypted to H, and finding a single correspondence is enough to break the Caesar cipher.
Many things have changed since ancient times. One if these is the fact that it now takes cryptographers much less than 850 years to find a weakness in any cryptosystem. Whether that is good or bad, of course, depends on your particular point of view.
About the author:
Luther Martin, HPE Distinguished Technologist, recently spoke on Format-preserving Encryption at HPE Protect, and is a frequent contributor to articles and blogs. Articles on encryption include A software engineer’s guide to encryption: How not to fail and Relax! Good encryption practices won’t affect app performance in TechBeacon Magazine, as well as Entertainment Makes Encryption Look Easy on the Voltage.com blog.