The Science of Secrety by Simon Singh, review by Pat Boran

The Science of Secrecy by Simon Singh.

(from the Sunday Business Post, November 2000)

reviewed by Pat Boran

Cryptographers, like members of a magicians' guild, are by necessity a secretive lot. Both the subject and the practise of their business is obscure. The most successful codes and their makers are by definition the least well known.

Until recently, code making might have seemed something of a romantic interest for many. The cloak-and-dagger carry-on of vaguely historical cryptographers may have prompted many schoolboys, this reviewer among them, to spend hours manipulating code wheels and cipher sticks, but few of us extend the fascination into adulthood.

Now however, with new worlds of economic possibility developing around the internet and world wide web, the need for secure, encrypted communication between buyer and seller has taken the subject of cryptography out of the museum and into the daily lives of millions.

Simon Singh's The Code Book of last year was a wonderful and lucid history of cryptography from earliest times, full of poetic detail and the savage ironies of history. This new book, accompanied by a Channel 4 television series, draws on much the same material though it looks to a more general audience. Nevertheless, when the subject requires, it squarely faces the ever-present streams of letters and numbers and, against the odds, manages to make the obscure not only accessible but highly entertaining.

Divided into five parts, each focused on an historical event and the players involved, the book treats of the major problems of cryptography and cryptanalysis, from the simple letter substitution ciphers so beloved of schoolkids, through more complex codes as typified by the German Enigma cipher of the First World War, through the puzzles presented by Egyptian hieroglyphs, and finally into the almost transcendental thought games of RSA and, to a lesser extent PGP, two codes on which the e-commerce revolution is so dependent.

On the way we learn about the inherent differences between ciphers and codes (ciphers work on a one-to-one substitution of letters, whereas codes substitute whole words with single numbers or symbols); we get a glimpse into the almost alchemical world of steganography (the art of covering rather than hiding things) and here admire the efforts of one Histaiaeus who, according to Herodotus, in a revolt against the King of Persia hit upon the simple but ingenious device of shaving the heads of his messengers, writing his letters on their heads, then waiting until the hair had grown again before sending them off to his correspondents who were waiting, one imagines, scissors in hand. 'This was clearly a period of history that tolerated a certain lack of urgency,' Singh comments, typically adding a warmth and affection so often missing in works on this subject.

Every book on cryptography is also, of course, a book on cryptanalysis, and it is this latter branch of the science that is most clouded in secrecy and intrigue. When a cipher, such as Enigma, is broken, most often the news is kept secret so that future messages can be intercepted and read. As Singh says of the cipher that landed Mary Queen of Scots and her allies in considerable trouble, 'weak encryption is worse than no encryption at all' because it gives the code-bearers a false sense of security.

What makes or, in the end, breaks a cipher or code is the key. If a code can be thought of as a strongbox in which a message is placed, the real difficulty therefore is getting the key safely to the recipient so that the box can be opened again. For two thousand years this has been the central difficulty for cryptographers.

The breakthrough, begun in the early 1970s, and fine-tuned by various hands, is called RSA after the initials of its three architects, computer scientists working at MIT. In short, and without the mathematics, what the now lauded Rivest, Shamir and Adleman managed to do was devise two distinct mathematical functions, one which would encrypt a given text and the other which would decrypt it, as if one key could lock a strongbox and another open it.

Though considerably more complex than suggested here, the RSA method means that the code maker no longer has the problem of sending a key to the recipient of the message. Instead he uses the recipient's own 'public key' to encrypt the message -- a key available to everyone -- and the recipient then uses her 'private key' to decrypt it. Each person on the world wide web has an RSA private key, built into the browser, and a public key. Other people's computers detect your public key and use it to encrypt messages to send to you. Only you, with your corresponding, private key can decrypt those messages. And would-be code breakers out there might be put off by Singh's assertion that a typical RSA message would take 'all the computers on the planet... longer than the age of the universe to break'.

With the speed of current developments, how true this will be in say ten years time is anybody's guess, but history suggests that over-confidence in such matters is a dangerous thing.

In the meantime, Singh's new book is another welcome and bright light into one of the most fascinating dark corners of science.