For most people, the word "encryption" brings another word to mind: "yawn." Could there be a more boring topic? But encryption is actually an exciting and dynamic field. It has existed since ancient times and has played a role in the outcome of almost every major conflict in human history. It is also the cornerstone of the modern-day business battlefield, the Internet. So let's dig in and learn a little about encryption, and I'll try not to put you to sleep.

For me, it all started with a box of Cap'n Crunch--a bright blue box of sugar-coated sugar that in and of itself would have been enough to nag your mother within an inch of being grounded for. But this box also proudly proclaimed an extraordinary bonus, a secret decoder wheel that would allow you to send encrypted messages to your friends. Somehow, I convinced my Mom to buy me a box. Inside, as promised, was the secret decoder wheel. The decoder wheel consisted of two disks that you joined together through the centers with a thumbtack-like device. One wheel was larger than the other and had all 26 letters of the alphabet around the outside of the wheel arranged in order, A through Z. Just inside this ordered ring of letters was another, smaller wheel with all the letters of the alphabet, but this time they were arranged in a random order. The small wheel had a hole in it just large enough to expose one letter from the larger wheel's inner circle, in addition to an arrow that pointed from the hole to the rim. So to encode your secret message you would dial the inner wheel to point to the letter you wanted to encode and then write down the letter you could see through the hole in the second wheel. You could then give the note to your buddy along with the decoder wheel and he could work the process in reverse.

As a second grader, I learned a lot about encryption. The first thing I learned was that encryption takes time. Looking up each letter, one by one, was painfully slow. And decrypting took even longer because the letters were not in order in the inner wheel; on average, you had to look at 13.5 letters before finding the right one. (In case you were wondering, the formula for calculating the average of a series of numbers is maxNumber + minNumber / 2 ). The second thing I learned was that you need to keep your decoder wheel safe and secure. My friends and I had only one decoder wheel, so we had to pass it along with each message. Sure enough, we got hacked. One day, our message and wheel were intercepted, and the truth was revealed that I been spreading the rumor that Kim had cooties.

The Need for Encryption

As computer professionals, we are often faced with problems that require the hiding of data. We may want to send email without everybody on the Internet knowing our company strategy, or we may want to hide salary or other sensitive data in our database from our own employees. In Web applications, we may want to collect and store customer credit card numbers without unauthorized external or internal eyes seeing the numbers. Being able to communicate or store information securely is core to almost every significant computer application. There are many ways to solve each of these problems. But first, let's look a little more into what cryptography is and isn't.

Cryptography

Cryptography is the science or art of encryption. Cryptography, like most topics, comes with its own set of terms that we must define. Let's start with methods and keys. Methods are the algorithms for how we translate unencrypted data into encrypted data and back again. A good analogy is to think of the method as the lock that secures your data. This ties in nicely with our next term, which is "key." A key combined with a method allows you to encrypt and decrypt data. In our Cap'n Crunch scenario, the wheel and how we use it is the method, and the order of the letters on the inner ring is the key. Together, a method and a key form a cipher. So a cipher is a way to encrypt and decrypt data. Our Cap'n Crunch cipher is a particular kind of cipher known as a circle cipher or a substitution cipher, because each letter is substituted for another in the same position. Although this cipher seems pretty good for passing notes in a second grade class (provided you keep the wheel safe), it is not nearly secure enough for commercial use. The goal of any good cipher is twofold. The first goal is to make sure that there are so many possible keys that someone trying to break the cipher can't possibly try them all. The second goal is to make sure that the key or parts of the key cannot be guessed. If the key or parts of it can be guessed, then hackers may be able to narrow down the number of possible keys enough that the cipher can be broken. The problem with our Cap'n Crunch cipher is that because each unencrypted letter always maps to the same encrypted letter, some simple statistical analysis on letter frequency, especially looking for common letters and double letters, can solve for parts of the key.

Another and more powerful kind of cipher is a transposition cipher, my first introduction to which was not much later in my cryptography career, probably around the third grade. This time around, I was the person trying to break the code. This all took place in the days of yore when the only way to find out what was on TV was the TV Guide in the Sunday paper. Being the youngest of three siblings, I was rarely allowed custody of the Guide and was often at the mercy of my older siblings as to what to watch. However, they often needed to communicate with each other what was going to be on TV without letting me know. So they used a transposition cipher of choice for teenagers known as Pig Latin. Transposition ciphers work by simply changing the order of the data being encrypted. The Pig Latin for "A Charlie Brown Christmas Special" is "Away Arliechay Ownbray Istmaschray Ecialspay." Pig Latin has only two transposition rules:

• Words that begin with vowels (a, e, i, o, u) have "way" appended to them.
• Words that begin with consonants have all of the letters preceding the first vowel moved to the end of the word and then have "ay" append to them.

Since they only talked about the shows they wanted to watch in plain English, I was unaware of all the good shows that were on TV. So when it came time for the family vote for what to watch for the evening, my vote was often cast in error. I missed out on a lot of good TV because transposition ciphers allowed my siblings to securely communicate.

Another transposition cipher that most people are familiar with are the "jumbles" that appear in the daily newspaper. These trivial transposition ciphers challenge you to "unscramble" a string of letters back into the original message. Sometimes, the puzzle creators give you a clue about the message to help get you started. A simple way to create a transposition cipher is to map your data into a two dimensional array in row major order. So the message ATTACK THE GREEKS AT DAWN would look like this in a 5x5 array:

If we then read up the array in column major order, we would get the message AK K T GSDTTR AAHEAWCEETN, which, unless I had a pretty good clue for in the Sunday jumble, I would probably not be able to solve.

One of the core objectives of a good cipher is diffusion. Diffusion means that there is no statistical structure of the original message left. This is accomplished by repeatedly applying substitutions and transpositions based on a supplied key. I like to think of this process as making batter. When you start, you have eggs, milk, sugar, flour, and other ingredients in a bowl. Each time you stir that batter, it's a little harder to tell what you started with until finally you are left with a new substance that bears no resemblance to the original ingredients. Each time you apply a substitution or transposition, you are stirring your data batter.

Encryption techniques fall into one of two categories: symmetric-key and public-key/private-key. Symmetric-key, which is also sometimes called private-key, refers to any method in which you use the same key to both encrypt and decrypt data. Public-key/private-key refers to any method in which a public key is used to encrypt data and a private key is used to decrypt it. The idea here is that if somebody wants to send you a secure message, you first send him your public key to encrypt the data with. Then, he sends you the encrypted message, which can only be decrypted with your private key. All of the ciphers that we have talked about are of the symmetric-key type.

DES, Double DES, and Triple DES

In 1977, the National Institute of Standards and Technology (NIST) for the first time adopted an encryption standard for private-key encryption. The standard was called DES, which stands for Data Encryption Standard. DES is based on what at the time was thought to be a sufficiently long key of 56 bits. A brute force attack would need to try approximately 70 billion keys in order to break the code. Over time, however, Moore's Law (which claims that computers will double in speed every 18 months) caught up to DES. DES was reincarnated a couple of times, first as double DES and then as triple DES, essentially applying the same algorithm multiple times using different keys.

AES

With the imminent death of DES and its derivatives looming, NIST set out to create a new standard for encryption. Advanced Encryption Standard (AES) was chosen by conducting a shoot-out of sorts by the best and brightest cryptographers of our time. When the process was complete, NIST chose an algorithm known as the Rijndael algorithm as the standard.

AES and Java

So what does all this have to do with Java? Well, most of the algorithms that the NIST tested, including Rijndael, were implemented in Java. As of the Java 2 Platform, Standard Edition (J2SE) V1.4, AES is included as part of the Java Cryptography Extension (JCE). In other words, you have the government-approved standard for strong encryption built into the Java Runtime Environment (JRE) that you are using for all your Java applications already.

Conclusion

Encryption has won and lost wars. It can be as simple as a couple of pieces of cardboard from a kid's breakfast cereal or so complex that you need an advanced degree in mathematics just to be able to understand. There are two major types of encryption, symmetric-key and public-key/private-key. Encryption can be accomplished through the use of a key and either translation or transposition. Strong encryption is achieved by diffusing data by using repeated applications for both translation and transposition. DES, the first government standard for encryption, is being deprecated because the geometric growth in processing power has made it possible to break with a brute force attack. AES, the replacement for DES, is part of the Java JRE and ready to be used in your applications.

Where to Go for More Information

The CODEBREAKERS : The Comprehensive History of Secret Communication from Ancient Times to the Internet by David Kahn
Don't let the phrase "comprehensive history" scare you off. This is book is an excellent collection of stories that chronicle the evolution of cryptography.

Cryptography Decrypted by H. X. Mel and Doris Baker
This could be called The Big Cartoon Book of Cryptography. It has lots of great diagrams to help explain what other books try to explain with words and code.

Applied Cryptography by Bruce Schneier
The definitive guide to cryptography, this is the book you buy if you have to implement your own algorithms

Author's Note

I never finished the box of Cap'n Crunch, it still bothers me when people talk in Pig Latin, and I married the girl with cooties.

Michael J. Floyd is an extreme programmer and the Software Engineering Technical Lead for DivXNetworks. He is also a consultant for San Diego State University and can be reached at This email address is being protected from spambots. You need JavaScript enabled to view it..

Michael J. Floyd is the Vice President of Engineering for DivX, Inc.

Also Read

Practical Java: Start Your Java Engine!

Practical Java: Making Java Work for You

Book Review: Java for RPG Programmers