This episode is supported by NordVPN.

Start protecting your internet experience today with a 3-year VPN plan. Get 75% off, plus 1 month free by using the code“SCISHOW” at NordVPN.comSCISHOW. [ intro ].

It’s 406 BCE. You, the commander of Sparta’s navy, have a top-secret message for your magistrate back home: the new strategy to defeat those dastardly Athenians is to cut off their grain supply! But wait…what if your messenger gets captured?

Athens might see your message and head off your plan! The standard Spartan solution was a scytale—a wooden rod paired with a strip of leather. You’d wind the leather around the rod and write your message line by line.

When you unwound the leather, the letters would look like a meaningless jumble to anyone who didn’t know the width of the rod. Of course, all you’d have to do was try a bunch of different thicknesses until the letters turned into words, so it wouldn’t be an especially difficult code to crack. Over the centuries, people have tried to do better, coming up with more and more sophisticated ways to encrypt, or scramble, information.

Most of these encryption methods weren’t perfect—there was always a chance that an attacker would manage to undo the procedure you used to encode the information. But with the help of computers, we now have ways to encrypt information that are almost impossible to crack. That’s a very good thing, because encryption is what protects your bank password from hackers, keeps prying eyes out of your WhatsApp messages, and even makes sure those Windows updates really came from Microsoft.

The weird thing, though, is that these practically-unbreakable codes are still based on the same building blocks the ancient Greeks used — with just a couple of twists. Any coded message has two main parts: The first component is the cipher—a scrambling procedure like the scytale, which is meant to mash up the message into something unrecognizable. The second component is the key—some secret, like the diameter of the scytale, that keeps unauthorized people from unscrambling the message.

In modern encryption, the process of sharing keys can be kind of involved. And it definitely involves way more math than before computers were a thing. But none of that matters unless you have a usable cipher that can’t be cracked.

Those have only existed for a few decades, but they’re built on the same ideas we’ve been using for centuries. In fact, many modern ciphers just involve taking the two main types of classical ciphers and applying the techniques a little differently. One type of classical cipher is the transposition cipher, where the key tells you how to reorder the letters in the message.

The scytale was a simple version of that. A more sophisticated example of a transposition cipher is the route c ipher. Say you wanted to encrypt a message telling the Spartans back home to “cut off the grain supply.” You’d write it down in a grid of, say, 5 columns, then read off the letters in a prearranged pattern.

That path through the grid is your key. Transposition ciphers leave each letter intact and swaps their positions. The other type of classical cipher, the substitution cipher, does the opposite: it leaves each letter in position, but replaces it with something else.

The best-known example is the Caesar cipher, named after Julius Caesar, who was quite the cryptography enthusiast. He liked to send secret military messages by sliding every letter down three places in the alphabet. So A became D, B became E, and so on down the line until Z wrapped around to C.

Here’s what our message looks like encrypted with Caesar’s method. Of course, a Caesar cipher doesn’t have to stick to shifting by three. The key that tells you how far to rotate the alphabet can be anything from 1 to 25.

And why stop there? Forget Caesar ciphers; you could make the key to a substitution cipher any of the over 400 septillion ways you can rearrange the alphabet. Substitution and transposition are fine for passing notes in class, but they have some pretty serious security flaws.

A transposition cipher is just a giant anagram. And anagrams aren’t that hard to crack. Substitution ciphers, meanwhile, leave all the structure of the original text.

So for example, if an enemy intercepts the message and sees that ‘x’ is the most common letter, it’s a safe bet that it corresponds to ‘e’. And then maybe they’ll notice “IRX” all over the place and guess that it spells “the,” and so on with other letters and words. With some statistics and good guessing—what cryptographers call frequency analysis—it’s easy to work out the key.

You can make frequency analysis harder by systematically re-scrambling the alphabet after every letter. A classic cipher called the Vigenère cipher works that way, as did the famous Enigma machines used by the Germans in World War II. But even then, some patterns still leak through.

In particular, if you know a specific word will show up a lot—“Führer,” for example—and you know the rules for re-scrambling the alphabet, you can guess which chunks of encrypted text might correspond to that word. That’s how the computer scientist Alan Turing and his colleagues were eventually able to crack the Enigma. So, both transposition and substitution have some pretty big weaknesses.

But even today, these two techniques do most of the work! You just need to fix their flaws. In 1949, a computer science pioneer named Claude Shannon suggested a simple solution: alternate between applying substitution and transposition to the same message.

One version of Shannon’s idea had actually been used earlier, during World War I, when the Germans developed a cipher called ADFGVX. But it was still crackable. To encode a message, you’d first print a jumbled alphabet into a 6-by-6 square with the letters ADFGVX along the sides.

That would be the key, which would tell you how to translate each character in the message to a corresponding two-letter code. So the ‘C’ in “cut” would become FG, ‘u’ would be XX, and so on. Once you used that first key to code the letters, you’d write the coded letters into another grid.

Across the tops of the columns you’d write letters that you’ll use for a second key. This would be the transposition part of the cipher, where you rearrange the letters in the message. To actually rearrange them, you’d switch the order of the columns so the key you wrote on top is in alphabetical order.

Then you’d read off columns vertically, and that’s your encrypted message. The French managed to crack ADFGVX shortly after the Germans introduced it, but only because it didn’t take the combination idea far enough. Shannon realized that if you keep alternating between transposition and substitution, each fixes the weaknesses of the other.

With transposition alone, you can crack the code by anagramming. But when you add substitutions, characters in the original are changed in unpredictable ways. With substitution, on the other hand, you can break the encryption by analyzing the structure of the text, like by looking for common words and letter combinations.

But when you add transposition, any repetitions or groupings get spread out all over. If you alternate between them, applying both strategies multiple times, every bit of the encrypted text depends in a very complex way on the entire key and the entire original message. Much of modern cryptography is built on Shannon’s alternating ciphers, although computers allow for more fiddly transformations and bigger keys.

The first widespread digital cipher was the Data Encryption Standard, which was commissioned in 1976 by what’s now the U. S. National Institute of Standards and Technology, or NIST.

These days there are tons of different options, but most, including that original Data Encryption. Standard, follow a similar procedure. For example, many are based on a process called a substitution-permutation network.

The idea is to alternate between two ways to scramble the data:. First, there’s the substitution box, which replaces short sequences of bits, or zeros and ones, with different sets of zeros and ones. -- It’s like how the ADFGVX cipher replaced letters of the alphabet with other letters, except using sets of zeros and ones instead. Then there’s the permutation box, which swaps around the positions of the bits.

That’s the transposition part. Then you repeat both steps over and over and over. Without the key, the result is practically indistinguishable from random garbage.

But this method does have one big limitation: the boxes you use for each encoding step are small, fixed-size tables, so they can only operate on small, fixed-size blocks of data. Ciphers like this are called block ciphers. Problem is, sometimes you need to encrypt more than a few bits at a time.

Like, what if your bank statement stretches on for pages? It might seem like you could just encrypt each smaller chunk of data separately—but that’s a big no-no. Just look at what happens to Tux, the friendly penguin who personifies the type of operating system called Linux, if you encrypt him block by block.

Each block turns into something random-looking. But identical blocks get encrypted the same way, so the structure shows through. A few years after that original data encryption standard came out, NIST came to the rescue with new ways to extend block ciphers for messages of any length.

These techniques mix information from all previous blocks into each new block. That way information spreads out across the whole encrypted message and the structure doesn’t stick out anymore. Another way to encrypt big messages is what’s known as a stream cipher.

It builds on the idea of the substitution cipher, but it doesn’t directly combine older methods the way block ciphers do. Instead, a stream cipher makes the encrypted text look random by mixing every bit with another, randomly generated zero or one. Of course, to decrypt a message where you’re mixing in a totally random bit every single time, you’d need that whole list of random zeros and ones.

That’s a key as big as your message! So instead, stream ciphers use math to generate a long sequence of random-looking bits based on a shorter secret key. Of course, even with the best ciphers, there’s still a major challenge: when you share the key with the person you’re sending the message, you need to make sure it’s not intercepted.

That’s another problem modern cryptography has been able to solve, although in this case the techniques we use are very different from how keys were exchanged before computers became a thing. So we’ll leave that story for another episode. But none of that other stuff would matter without fast and secure ways of encoding information.

Everything we do with computers today would be so much harder. So let’s just thank all the cryptographers from ancient Greece to today for allowing us to safely order our favorite snacks online. And speaking of cryptographers and encryption, thanks to NordVPN for supporting SciShow.

Right now, NordVPN is offering SciShow viewers a 3-year Virtual Private Network plan for 75% off, plus 1 month free. When you’re ordering your favorite snacks online, or sharing this episode of SciShow with your ancient Spartan friends, you want to make sure your information is secure. With a Virtual Private Network from NordVPN your information is encrypted and sent via one of their super fast servers, so you know it’s safe.

NordVPN has over 5100 secure servers in 62 countries and they’re always adding more. You’ll also never be slowed down with their unlimited bandwidth and 247 customer support. Head to NordVPN.comSciShow and use the code “SciShow” to get your 3-year plan for 75% off, plus 1 month free.