How Encryption Works
Every time you log in, buy something online, or send a message, encryption keeps it private. From Julius Caesar's simple letter shift to the RSA algorithm that protects the modern internet, this is the story of how maths makes secrets.
The Caesar Cipher
Julius Caesar reportedly sent messages to his generals by shifting every letter of the alphabet three places forward. A becomes D, B becomes E, and so on. The recipient knew to shift back by three.
Cipher (shift +3) D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Message ATTACK AT DAWN
Encrypted DWWDFN DW GDZQ
This is simple substitution encryption: each plaintext symbol is replaced by another symbol. The key is just the number 3.
Breaking it takes at most 25 attempts (there are only 25 non-trivial shifts). Against modern computers — or even pencil and paper — a Caesar cipher fails instantly. The core problem is that it has an extremely small key space.
Symmetric Key Encryption
A major improvement is to use a long random key where each position in the plaintext is shifted by its own key character. This is the Vigenère cipher. Applied perfectly — a key as long as the message, used only once, truly random — it becomes the unbreakable one-time pad (proved mathematically secure by Claude Shannon in 1949).
Modern symmetric ciphers like AES-256 use 256-bit keys. There are 2²⁵⁶ ≈ 10⁷⁷ possible keys — more than the number of atoms in the observable universe. Brute-forcing AES-256 is computationally infeasible even with all the world's computers running until the heat death of the universe.
| Cipher | Key bits | Key space | Status |
|---|---|---|---|
| Caesar | ~5 | 25 keys | Broken trivially |
| DES | 56 | 7.2 × 10¹⁶ | Broken (1999, 22h) |
| 3DES | 112 | 5.2 × 10³³ | Deprecated (2024) |
| AES-128 | 128 | 3.4 × 10³⁸ | Secure |
| AES-256 | 256 | 1.2 × 10⁷⁷ | Post-quantum secure |
AES encrypts data in fixed 128-bit blocks through 10–14 rounds of mathematical operations: substitution (S-box), row shifting, column mixing, and key addition. The result is a completely scrambled block with no statistical trace of the original.
The Key Distribution Problem
Symmetric encryption has one fatal weakness: both the sender and receiver must already share the same secret key. But how? If Alice wants to send Bob an encrypted message, she needs to send him the key first — but the key itself must travel securely. This is circular.
For centuries this was solved with physical key distribution — couriers, codebooks, and cipher machines (like Enigma). For digital communications at internet scale, this approach is impossible. In 1976, Whitfield Diffie and Martin Hellman published a revolutionary solution.
Diffie–Hellman Key Exchange
Diffie–Hellman lets two parties agree on a shared secret over a completely public, monitored channel. The trick is a mathematical one-way function based on modular exponentiation:
Computing g^x mod p (raising g to the power x, then finding the remainder when divided by p) is fast. But given the result, working backwards to find x — the discrete logarithm problem — is computationally hard for large p.
Alice chooses secret a = 4 Sends: A = 5⁴ mod 23 = 4
Bob chooses secret b = 3 Sends: B = 5³ mod 23 = 10
Shared secret Alice: 10⁴ mod 23 = 18
Bob: 4³ mod 23 = 18 ✓
An eavesdropper sees g, p, A=4, and B=10 in the clear. To find the shared secret 18, they must solve the discrete log problem — which for 2048-bit numbers would take longer than the age of the universe.
RSA: The Lock Anyone Can Close
Invented by Rivest, Shamir, and Adleman (RSA) in 1977, public-key cryptography solves a different problem: not just key exchange, but authenticated encryption. Everyone can encrypt messages to you, but only you can decrypt them.
RSA is based on the difficulty of integer factorization: multiplying two large primes p and q is trivial, but given the product n = p × q, recovering p and q is computationally hard once n is large enough (2048+ bits).
How RSA works conceptually:
- Key generation: Choose large primes p, q. Compute n = p·q and φ(n) = (p−1)(q−1). Choose public exponent e and compute private exponent d such that e·d ≡ 1 (mod φ(n)).
- Public key: (n, e) — share this with the world.
- Private key: (n, d) — keep this secret.
- Encrypt: C = M^e mod n
- Decrypt: M = C^d mod n
For a 2048-bit RSA key, factoring n would require approximately 10¹⁵ years using the best-known classical algorithm (General Number Field Sieve) on all current computing hardware combined.
One-Way Functions and Trapdoors
Both Diffie–Hellman and RSA rely on trapdoor one-way functions: operations that are fast in one direction but computationally infeasible in reverse, unless you have a special piece of information (the trapdoor — your private key).
| Algorithm | One-way function | Trapdoor | Hard problem |
|---|---|---|---|
| Diffie–Hellman | g^x mod p | Private exponent x | Discrete logarithm |
| RSA | M^e mod n | Factorisation of n | Integer factorisation |
| ECDSA (curves) | k·G on elliptic curve | Scalar k | Elliptic curve discrete log |
Elliptic curve cryptography (ECC) uses shorter keys for equal security: a 256-bit ECC key provides similar security to a 3072-bit RSA key. ECDH and ECDSA are now preferred for TLS and digital signatures.
Hybrid Encryption in Practice
Public-key cryptography (RSA/ECC) is mathematically elegant but slow — about 1000× slower than AES for large amounts of data. In practice, systems always use hybrid encryption:
- Use the (slow) public-key algorithm to securely exchange a random session key.
- Use the (fast) symmetric algorithm (AES) with that session key to encrypt all actual data.
You get the security of public-key crypto for key exchange and the speed of symmetric crypto for bulk data — the best of both worlds.
How HTTPS Actually Works
When your browser connects to a site over HTTPS, the TLS (Transport Layer Security) handshake runs this hybrid scheme in a fraction of a second. Here is what happens, simplified:
-
ClientHello: Your browser announces the TLS version and cipher suites it supports (e.g., TLS 1.3 + AES-256-GCM + X25519 key exchange).
-
ServerHello + Certificate: The server picks a cipher suite and sends its X.509 certificate containing the server's public key, signed by a trusted Certificate Authority (CA).
-
Certificate Verification: Your browser verifies the certificate chain against its built-in list of trusted CAs. This prevents "man-in-the-middle" attacks.
-
Key Exchange: Both sides run Diffie–Hellman (or its elliptic-curve variant ECDH) to derive a shared session key. No private key material travels the wire.
-
Symmetric Encryption: All subsequent data is encrypted with AES-256-GCM using the session key. The session key is discarded afterward (forward secrecy).
The Quantum Threat
Peter Shor's 1994 algorithm showed that a sufficiently powerful quantum computer could solve both the discrete logarithm problem and the integer factorisation problem in polynomial time — breaking RSA and Diffie–Hellman.
Such a quantum computer does not yet exist. Today's noisy quantum processors max out at a few hundred error-corrected logical qubits; breaking RSA-2048 would require around 4,000 logical qubits.
The US National Institute of Standards and Technology (NIST) standardised the first post-quantum algorithms in 2024: ML-KEM (key encapsulation, based on lattice problems) and ML-DSA (digital signatures). These are already being added to TLS 1.3 libraries.
Try It Yourself
Explore how randomness and probability underpin everything from shuffling to simulation — the same mathematical foundations that make encryption work:
The neural network simulation shows how iterative mathematical operations (similar to block cipher rounds) transform data into something unrecognisable — and back again: