IOP Institute of Physics

# Topic of the Moment – cryptography

Classified documents released by former National Security Agency contractor Edward Snowden have revealed that spy organisations have cracked the encryption used to protect the privacy of emails and medical records, and the security of online financial transactions. Can physics stop snoops where maths fails?

Much web traffic, such as email and payments for goods and services, is sent over a secure protocol, meaning that its contents are encrypted before being transferred.

Commonly used methods of encryption are based on pure maths. They convert the plain-text message into “ciphertext” – a version that appears garbled – by substituting characters for other characters. If the message is intercepted, it will read as nonsense unless it’s decrypted.

Decoding a message needs the encryption key – i.e., the way in which text is converted between plain text and ciphertext.

One simple cipher, used by Julius Caesar, simply replaces each letter with another letter a fixed distance down the alphabet. The famous German Enigma machines used a complex series of rotors to determine the nature of the substitution.

Keys typically used online are 128 bits long, which was thought to be secure against brute-force attacks that check every possible combination until the right answer is found, but which were first cracked by a team of Israeli researchers in 2010.

A one-time pad, on the other hand, is impossible to crack – if used properly. It’s a key made up of a random string of text that converts the original message via modular addition.

In its simplest form, each letter is assigned a number from one to 26, and the plaintext is added to the text of the one-time pad. (If the result for any pair of letters is more than 26, then 26 is subtracted).

So for example if the plaintext message is “HELLO”, and the random key of the one-time pad is “NTNHR”, then adding the two together produces ciphertext that reads: “VYZTG”. Subtracting the key again restores the plain text, which can then be read by the recipient of the message.

Unlike a standard key, the pad is only used once and none of the text cyclically repeats. The encryption can’t ever be broken provided that the text of the pad is truly random, at least as long as the plaintext message, only used once – and never shared or intercepted.

That’s where physics comes in – specifically, quantum mechanics.

At the smallest scales, strange things begin to happen. Particles become wave-like, and vice-versa. Among the results of this is the “uncertainty principle”, formulated by Werner Heisenberg in 1927.  It states that complementary variables, such as position and momentum, can’t be precisely measured simultaneously, and that it’s impossible to measure a system without disturbing it.

### Other IOP websites

Your guide to physics on the web