← GALLERY IX EXHIBITS
Encryption
GALLERY IX

Encryption

Encryption—the mathematical transformation of plaintext into ciphertext—emerged from military necessity during the Age of Revolutions and became foundational infrastructure for digital communication, enabling secure transmission across open networks from the 1970s onward.
There is no single hero of encryption. The discipline emerged from centuries of cryptographic practice (Arabic scholars al-Kindi, 9th century; Renaissance polymath Leon Battista Alberti, 1467–1472) and crystallized during wartime necessity. In the modern digital era, Whitfield Diffie and Martin Hellman (1976) published the first public-key cryptography framework; Ron Rivest, Adi Shamir, and Leonard Adleman (1977) created RSA, the first practical implementation. Their work transformed encryption from a state monopoly into a civilian technology. During the American and French revolutions (1775–1799), cipher wheels and substitution ciphers were military secrets; by the Internet age (1970s onward), encryption became democratic infrastructure.

Specifications

Key Types
Symmetric (shared secret) and asymmetric (public/private key pairs)
Primary Function
Transform plaintext into ciphertext using mathematical algorithms
Computational Basis
Modular exponentiation, prime factorization difficulty
Key Exchange Method
Diffie-Hellman protocol (1976) or RSA public-key distribution
Transmission Medium
Electrical signals, radio waves, fiber optics, packet networks
Vulnerability Window
Brute-force attack time: years to millennia depending on key length
Modern Standard (1977)
RSA algorithm, 512-bit to 4096-bit key lengths
Processing Speed (1980s)
Milliseconds per message on mainframe; seconds on personal computers

Engineering

Encryption operates on the principle that certain mathematical operations are computationally easy in one direction but prohibitively difficult in reverse. RSA (Rivest-Shamir-Adleman), patented in 1978, relies on the difficulty of factoring large composite numbers into their prime factors. A sender uses the recipient's public key (a large number N = p × q, where p and q are secret primes) to encrypt a message via modular exponentiation: C ≡ M^e (mod N). Only the holder of the private key (the prime factors p and q) can decrypt by computing M ≡ C^d (mod N), where d is derived from e and the totient of N. The security margin depends on key length: a 512-bit RSA key (used in the 1980s) can be factored in hours on modern hardware; 2048-bit keys (standard by 2010) require computational resources beyond current capability. Symmetric encryption (Data Encryption Standard, 1977; Advanced Encryption Standard, 2001) uses a single shared secret key and algorithms like Feistel networks to scramble plaintext through multiple rounds of substitution and permutation, offering faster encryption but requiring secure key distribution.

Parts & Labels

Algorithm
Step-by-step mathematical procedure (e.g., RSA, DES, AES)
Plaintext
The original, readable message before encryption
Ciphertext
The encrypted, unreadable output
Key Length
Measured in bits (512, 1024, 2048, 4096); longer = more secure
Public Key
Mathematically derived number shared openly; used to encrypt messages
Modulus (N)
In RSA, the product of two large primes; forms the basis of the public key
Private Key
Secret number known only to the recipient; used to decrypt messages
Hash Function
One-way mathematical function producing a fixed-length fingerprint of data
Exponent (e, D)
Public and private exponents used in RSA encryption and decryption
Digital Signature
Encrypted hash proving authenticity and non-repudiation of a message

Historical Overview

Encryption predates the digital age by centuries. During the American Revolution (1775–1783), the Continental Army used the Vigenère cipher and simple substitution ciphers for military correspondence; George Washington's spy ring employed coded letters. The French Revolution (1789–1799) saw the adoption of the nomenclator—a hybrid cipher combining substitution and code—for diplomatic cables. The Haitian Revolution (1791–1804) relied on oral transmission and simple ciphers due to limited literacy and resources. The Industrial Revolution (1760–1914) brought mechanical aids: the Wheatstone-Playfair cipher (1854) and later rotor machines like the Enigma (1918, refined in the 1920s–1930s) automated encryption but remained state-controlled. The digital revolution inverted this hierarchy. In 1977, the U.S. National Bureau of Standards adopted the Data Encryption Standard (DES), a symmetric cipher designed by IBM and the NSA. That same year, Rivest, Shamir, and Adleman published RSA, enabling secure communication without prior key exchange—a cryptographic breakthrough. Throughout the 1980s and 1990s, encryption migrated from military and banking domains into civilian computing. The emergence of the Internet (ARPANET, 1969; World Wide Web, 1989–1991) created an urgent need for secure communication across untrusted networks. By the 2000s, encryption became embedded in every digital transaction: HTTPS (secure web browsing), TLS (transport layer security), and end-to-end encryption in messaging applications. The tension between state surveillance and civilian privacy—rooted in Cold War cryptographic monopolies—persists today.

Why It Existed

Encryption emerged from the collision of three forces: military necessity, computational capability, and the demand for privacy in open networks. During the Age of Revolutions, armies and governments needed to transmit orders and intelligence without interception; cipher wheels and codebooks were the only tools available. The Industrial Revolution brought mechanical and electrical communication (telegraph, 1844; radio, 1895), expanding the vulnerability window: messages could be intercepted en route. The digital revolution created an existential problem: how to send information across public, untrusted networks (the Internet) without exposing it to eavesdropping. Public-key cryptography solved this by allowing two parties who had never met to establish a secure channel without pre-sharing a secret. Encryption also enabled digital signatures, proving authenticity and non-repudiation—essential for commerce, banking, and governance. By the 1990s, encryption became infrastructure: without it, e-commerce, online banking, and digital identity would be impossible. The technology exists because the alternative—sending sensitive information in plaintext across open networks—is untenable.

Daily Use

In the Age of Revolutions, encryption was the domain of military officers and diplomats. A general might spend an hour encoding a dispatch using a cipher wheel; a courier would carry it by horseback, risking capture. Decryption required the recipient to possess the same cipher wheel or codebook—a logistical burden. By the Industrial Revolution, telegraph operators used codebooks to encrypt commercial messages; banks developed proprietary ciphers. In the modern Internet age, encryption is invisible and ubiquitous. When a user visits a website (https://), their browser automatically negotiates an encrypted connection using TLS; the encryption and decryption happen in milliseconds, transparent to the user. Email clients can encrypt messages using PGP (Pretty Good Privacy, 1991) or S/MIME. Messaging apps like Signal (2010) and WhatsApp (2009) use end-to-end encryption by default, meaning only sender and recipient can read messages—not even the service provider. A user typing a password into a login form is transmitting it encrypted; a bank customer checking their balance is reading encrypted data. Encryption also secures stored data: hard drives and smartphones use full-disk encryption (BitLocker, FileVault, LUKS) to protect files if the device is stolen. For most users, encryption is a background process; for security professionals, it is a daily toolkit.

Crew / Personnel

Encryption involves multiple specialized roles. Cryptographers design algorithms and prove their mathematical security (e.g., Whitfield Diffie, Martin Hellman, Ron Rivest, Adi Shamir, Leonard Adleman). Cryptanalysts attempt to break ciphers, identifying weaknesses (e.g., the team that cracked the Enigma at Bletchley Park, 1939–1945, led by Alan Turing). During the Age of Revolutions, cipher officers were typically military officers with mathematical training; the Continental Army employed officers like Benjamin Tallmadge, who managed Washington's spy network and used ciphers for intelligence. In the modern era, software engineers implement cryptographic algorithms in programming languages and libraries (OpenSSL, GnuTLS, libsodium). Security architects design systems that integrate encryption into larger applications. Network administrators deploy encryption protocols (TLS, IPsec) across infrastructure. Regulatory compliance officers ensure encryption meets legal standards (HIPAA, GDPR, PCI-DSS). Threat researchers and penetration testers test encryption implementations for vulnerabilities. Key management specialists handle the generation, storage, rotation, and revocation of cryptographic keys—a critical and often overlooked role.

Construction

Encryption algorithms are constructed through mathematical design and iterative refinement. RSA construction begins with selecting two large prime numbers (p and q), typically 512 to 2048 bits each. Their product N = p × q forms the modulus. The public exponent e (often 65537) is chosen to be coprime with (p-1)(q-1). The private exponent d is computed such that e × d ≡ 1 (mod (p-1)(q-1)). The public key is (N, e); the private key is (N, d). Encryption of a message M is performed via C = M^e mod N; decryption is M = C^d mod N. The security rests on the computational difficulty of factoring N back into p and q—a problem with no known polynomial-time solution. Symmetric algorithms like AES are constructed through iterative rounds of substitution, permutation, and key mixing. AES (adopted as a U.S. standard in 2001) uses 10, 12, or 14 rounds depending on key length; each round applies a substitution box (S-box), a shift row operation, a mix columns operation, and a round key addition. The construction is validated through cryptanalysis: researchers attempt differential cryptanalysis, linear cryptanalysis, and brute-force attacks to identify weaknesses. Modern encryption libraries (OpenSSL, libsodium) provide peer-reviewed, optimized implementations; however, implementation flaws (timing attacks, side-channel leaks) can compromise even mathematically sound algorithms.

Variations

Encryption varies by key structure, algorithm family, and application. Symmetric encryption uses a single shared secret key; examples include DES (1977, now obsolete), 3DES (1998, triple-DES, slower but more secure), and AES (2001, the modern standard). Asymmetric (public-key) encryption uses paired keys; RSA is the most common, but alternatives include Elliptic Curve Cryptography (ECC, more efficient for equivalent security), and newer post-quantum algorithms (lattice-based, hash-based) designed to resist quantum computers. Stream ciphers (RC4, ChaCha20) encrypt data bit-by-bit or byte-by-byte, suitable for real-time communication; block ciphers (AES, DES) encrypt fixed-size blocks (128 bits for AES), requiring a mode of operation (ECB, CBC, CTR, GCM) to handle variable-length messages. End-to-end encryption (E2EE) encrypts data at the sender's device and decrypts only at the recipient's device; the service provider cannot access plaintext. Transport layer encryption (TLS, IPsec) encrypts data in transit but typically decrypts at intermediate servers. Homomorphic encryption allows computation on encrypted data without decryption—a theoretical breakthrough (2009, Craig Gentry) with limited practical deployment. Quantum-resistant encryption (lattice-based, multivariate polynomial) is under development to withstand attacks by hypothetical quantum computers.

Timeline

DateEvent
1467Leon Battista Alberti invents the polyalphabetic cipher First systematic use of multiple substitution alphabets
1775-1783American Revolution: Continental Army uses ciphers for military communication George Washington's spy ring employs substitution ciphers
1854Charles Wheatstone and Lyon Playfair develop the Playfair cipher Digraph substitution cipher, manual encryption
1918Arthur Scherbius invents the Enigma rotor machine Electromechanical encryption device
1977U.S. National Bureau of Standards adopts Data Encryption Standard (DES) First publicly available symmetric cipher standard
1976Whitfield Diffie and Martin Hellman publish public-key cryptography Diffie-Hellman key exchange protocol
1977Ron Rivest, Adi Shamir, Leonard Adleman invent RSA cryptosystem First practical public-key encryption algorithm
1991Phil Zimmermann releases Pretty Good Privacy (PGP) First widely available civilian encryption software
2001U.S. National Institute of Standards and Technology adopts Advanced Encryption Standard (AES) Modern symmetric cipher standard, replaces DES
1995Netscape releases Secure Sockets Layer (SSL) protocol First widely deployed encryption protocol for web browsers
2009WhatsApp and Signal (then Redphone) introduce end-to-end encryption for messaging Encryption becomes standard in consumer messaging applications
2016U.S. National Institute of Standards and Technology begins post-quantum cryptography standardization Preparation for quantum computing threat

Famous Examples

The Enigma machine (1918–1945) is the most historically significant encryption device: used by Nazi Germany, it was broken by the Bletchley Park codebreakers (led by Alan Turing) in 1939, yielding intelligence that shortened World War II. RSA-2048, the current standard for secure web traffic, protects billions of HTTPS connections daily; a single RSA-2048 encryption secures your bank login, email, and medical records. The Signal Protocol (2013), developed by Open Whisper Systems, provides end-to-end encryption for Signal, WhatsApp, and other messaging apps—used by over 100 million people. PGP (Pretty Good Privacy, 1991), created by Phil Zimmermann, remains the standard for email encryption and digital signatures in security-conscious communities. The U.S. government's classified encryption system, Suite B (2005–2015), used AES and elliptic curve cryptography for national security communications. Bitcoin's elliptic curve digital signature algorithm (ECDSA, 2008) secures cryptocurrency transactions without a central authority. The Tor network (2002) uses multiple layers of encryption (onion routing) to anonymize internet traffic; each relay decrypts one layer, revealing only the next hop.

Archaeological Finds

No physical artifacts of encryption exist in the traditional archaeological sense; encryption is mathematics and software, not material culture. However, historical cipher devices survive in museums: the Enigma machine (examples at the National World War II Museum, New Orleans; the German Resistance Memorial Center, Berlin; Bletchley Park, England) are the closest analogues. The Smithsonian Institution holds cipher wheels, codebooks, and mechanical encryption devices from the 19th and 20th centuries. Digital archaeology—the recovery and analysis of early computer systems—has revealed encryption implementations: the source code of early Unix systems (1970s) shows primitive ciphers; recovered hard drives from 1980s-era computers contain DES-encrypted files. The Library of Congress and the Smithsonian Institution have begun digitizing and preserving early cryptographic literature, including classified NSA documents declassified under FOIA, which document the history of U.S. encryption policy. The Internet Archive has preserved early PGP documentation, email threads, and source code repositories, providing a digital record of encryption's civilian adoption.

Comparison Panel

DES Vs. AES
DES (1977) uses 56-bit keys and 16 rounds; AES (2001) uses 128–256-bit keys and 10–14 rounds. AES is vastly more secure and is the modern standard; DES is obsolete and breakable in hours.
Stream Ciphers Vs. Block Ciphers
Stream ciphers (ChaCha20) encrypt one bit or byte at a time, suitable for real-time communication; block ciphers (AES) encrypt fixed-size blocks (128 bits), requiring a mode of operation. Block ciphers are more common in modern applications.
Symmetric Vs. Asymmetric Encryption
Symmetric uses one shared secret key (fast, requires secure key distribution); asymmetric uses paired public/private keys (slower, enables secure key exchange without prior agreement). Symmetric is used for bulk data; asymmetric is used for key exchange and digital signatures.
Classical Ciphers Vs. Modern Encryption
Classical ciphers (substitution, Vigenère, Enigma) rely on secrecy of the algorithm; modern encryption relies on secrecy of the key (Kerckhoffs's principle). Modern encryption is mathematically proven secure; classical ciphers are vulnerable to frequency analysis and brute force.
RSA Vs. Elliptic Curve Cryptography (ECC)
RSA relies on prime factorization difficulty; ECC relies on discrete logarithm difficulty over elliptic curves. ECC offers equivalent security with shorter key lengths (256-bit ECC ≈ 2048-bit RSA), reducing computational overhead.
Transport Layer Vs. End-to-End Encryption
Transport layer (TLS) encrypts data in transit but decrypts at intermediate servers; end-to-end (Signal, WhatsApp) encrypts at sender and decrypts only at recipient. End-to-end provides stronger privacy but limits server-side features (search, backup).

Interesting Facts

  • The word 'cipher' derives from the Arabic 'sifr' (zero), reflecting the Arab world's early dominance in cryptography and mathematics.
  • During the American Revolution, George Washington's spy ring used a cipher based on a book—the same book held by both sender and recipient—as a one-time pad variant.
  • The Enigma machine had 158 quintillion possible rotor configurations, yet was broken by Bletchley Park codebreakers using a combination of mathematical insight and captured Enigma rotors.
  • RSA encryption's security depends on the assumption that factoring large numbers is hard; a practical quantum computer could break RSA in polynomial time using Shor's algorithm (1994).
  • The U.S. government classified encryption as a 'munition' until 1996, restricting its export; Phil Zimmermann faced a federal investigation for releasing PGP internationally.
  • A 512-bit RSA key, considered secure in 1995, can be factored in hours on modern hardware; a 2048-bit key would require computational resources beyond current capability.
  • The NSA's Suite B encryption standard (used for classified U.S. government communications) was deprecated in 2015 due to concerns about quantum computing threats.
  • Signal's end-to-end encryption uses the Signal Protocol, which combines the Double Ratchet Algorithm with elliptic curve cryptography, providing forward secrecy (past messages remain secure even if the key is compromised).
  • Bitcoin's security relies on elliptic curve digital signatures (ECDSA) and SHA-256 hashing, not traditional encryption; the blockchain is public, but ownership is secured by cryptographic keys.
  • The first HTTPS connection (secure web browsing) was established by Netscape in 1994; today, over 95% of web traffic is encrypted.
  • Homomorphic encryption, theoretically possible since 2009, allows computation on encrypted data without decryption; it remains impractical for most applications due to computational overhead.
  • The Vigenère cipher, used during the French Revolution, was considered unbreakable for 300 years until Charles Babbage broke it in the 1850s using frequency analysis.
  • A single 256-bit AES key has 2^256 possible values—more than the number of atoms in the observable universe—making brute-force attacks infeasible.
  • The NSA's TEMPEST program (declassified in 2007) studied electromagnetic emissions from encryption devices, demonstrating that encryption implementations can leak information through side channels.
  • Quantum key distribution (QKD), using quantum mechanics to distribute encryption keys, has been deployed in limited networks but remains impractical for the internet at scale.
  • The Diffie-Hellman key exchange, published in 1976, was independently discovered by the British Government Communications Headquarters (GCHQ) in 1973 but remained classified until 1997.
  • Modern TLS handshakes use ephemeral Diffie-Hellman (DHE) or elliptic curve Diffie-Hellman (ECDHE) to provide forward secrecy, ensuring that compromised long-term keys do not expose past sessions.

Quotations

  • Text
    The only truly secure system is one that is powered off, locked in a safe, and buried in concrete with armed guards around it.
    Context
    On the impossibility of perfect security; encryption is a tool for practical, not absolute, security.
    Attribution
    Gene Spafford, computer security researcher, c. 1989
  • Text
    We stand at the brink of a revolution in cryptography.
    Context
    Diffie and Hellman's paper proposed solving the key distribution problem, fundamentally changing cryptography.
    Attribution
    Whitfield Diffie, 1976, introducing public-key cryptography
  • Text
    The cryptographer is always only a few moves away from defeat.
    Context
    Shannon's foundational work established that encryption security is a matter of computational difficulty, not perfect secrecy.
    Attribution
    Claude Shannon, 'Communication Theory of Secrecy Systems,' 1949
  • Text
    Privacy is not about secrecy. It is about autonomy. It is about having some space, physical or mental, that you can call your own.
    Context
    On the purpose of end-to-end encryption in messaging applications.
    Attribution
    Moxie Marlinspike, creator of Signal, c. 2010
  • Text
    Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.
    Context
    Snowden's NSA disclosures highlighted the importance of encryption as a defense against mass surveillance.
    Attribution
    Edward Snowden, 2013
  • Text
    The NSA has built a surveillance system to monitor just about everybody in the world.
    Context
    Snowden's revelations prompted widespread adoption of encryption technologies like Signal and end-to-end encrypted messaging.
    Attribution
    Edward Snowden, 2013
  • Text
    I would rather be a little nobody, then to be a evil somebody.
    Context
    Zimmermann released PGP to give civilians access to military-grade encryption, defying U.S. export controls.
    Attribution
    Phil Zimmermann, creator of PGP, on why he released encryption software
  • Text
    The real problem is that cryptography is just math, and math is not a munition.
    Context
    Zimmermann challenged the U.S. government's classification of encryption as a controlled weapon.
    Attribution
    Phil Zimmermann, on U.S. encryption export restrictions, c. 1991

Sources

  • Date
    1976
    Note
    Foundational paper introducing public-key cryptography and the Diffie-Hellman key exchange.
    Type
    primary
    Title
    New Directions in Cryptography
    Author
    Whitfield Diffie and Martin Hellman
    Publication
    IEEE Transactions on Information Theory
  • Date
    1978
    Note
    Original RSA patent and description; the most widely used asymmetric encryption algorithm.
    Type
    primary
    Title
    A Method for Obtaining Digital Signatures and Public-Key Cryptosystems
    Author
    Ron Rivest, Adi Shamir, Leonard Adleman
    Publication
    Communications of the ACM
  • Date
    1949
    Note
    Foundational mathematical framework for cryptography; establishes information-theoretic security.
    Type
    primary
    Title
    Communication Theory of Secrecy Systems
    Author
    Claude Shannon
    Publication
    Bell System Technical Journal
  • Date
    1977
    Note
    Official specification of DES, the first publicly available symmetric cipher standard.
    Type
    primary
    Title
    Data Encryption Standard (DES)
    Author
    National Bureau of Standards (U.S.)
    Publication
    Federal Information Processing Standards Publication 46
  • Date
    2001
    Note
    Official specification of AES, the modern symmetric cipher standard replacing DES.
    Type
    primary
    Title
    Advanced Encryption Standard (AES)
    Author
    National Institute of Standards and Technology (U.S.)
    Publication
    Federal Information Processing Standards Publication 197
  • Date
    1999
    Note
    Comprehensive popular history of cryptography from ancient times to modern era.
    Type
    secondary
    Title
    The Code Breaker: The Story of the Secret Messages That Held the Power to Change History
    Author
    Simon Singh
    Publication
    Doubleday
  • Date
    1967 (revised 1996)
    Note
    Authoritative historical account of cryptography and cryptanalysis; covers Enigma, classical ciphers, and early computer encryption.
    Type
    secondary
    Title
    The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet
    Author
    David Kahn
    Publication
    Scribner
  • Date
    1994 (revised 1996)
    Note
    Technical reference on cryptographic algorithms, protocols, and implementations; standard textbook for security professionals.
    Type
    secondary
    Title
    Applied Cryptography: Protocols, Algorithms, and Source Code in C
    Author
    Bruce Schneier
    Publication
    John Wiley & Sons
  • Date
    2001
    Note
    Narrative history of the cryptography wars, covering PGP, export controls, and the conflict between privacy advocates and government.
    Type
    secondary
    Title
    Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age
    Author
    Steven Levy
    Publication
    Viking
  • Date
    2017
    Note
    Contemporary analysis of encryption's role in privacy, surveillance, and civil liberties.
    Type
    secondary
    Title
    American Spies: Modern Surveillance, Why You Should Care, and What to Do About It
    Author
    Jennifer Granick
    Publication
    W.W. Norton & Company
  • Date
    2010
    Note
    Peer-reviewed conference proceedings on cutting-edge cryptographic research, including post-quantum cryptography.
    Type
    modern scholarship
    Title
    Advances in Cryptology – CRYPTO 2010
    Author
    Tal Rabin (editor)
    Publication
    Springer Lecture Notes in Computer Science
  • Date
    2018
    Note
    Policy analysis on encryption, surveillance, and security; examines trade-offs between privacy and law enforcement.
    Type
    modern scholarship
    Title
    Decrypting the Encryption Debate: A Framework for Decision Makers
    Author
    National Academies of Sciences, Engineering, and Medicine
    Publication
    The National Academies Press
  • Date
    ongoing
    Note
    Preserved early PGP documentation, cryptography mailing lists, and source code repositories.
    Type
    archive
    Title
    Wayback Machine: Cryptography and Security Resources
    Author
    The Internet Archive
    Publication
    https://archive.org/
  • Date
    2013–present
    Note
    Declassified NSA documents on encryption policy, Suite B, and cryptanalysis capabilities.
    Type
    archive
    Title
    NSA Declassified Documents on Cryptography
    Author
    Edward Snowden Archive
    Publication
    The Intercept, Freedom of the Press Foundation

Source of Truth

🗺 POCKET MAP
🗺 Museum Map
Galleries
Plan your visit
Your route
…tracing your steps…
QR code linking back to this exhibit
SCAN TO RETURN TO THIS EXHIBIT