The idea of hiding something from certain parties has existed throughout most of history. The 'password', a word that acts as a key to identify oneself, has been the most common method of doing so. We would think of passwords as literally a shared "word", however it could take different forms- such as a cipher, or even a map.

The first and oldest of such devices we know today, is the scytale. Used first in Ancient Greece, it involves two rods of equal size. The sender will wrap a long strand of paper across the rod, like in Figure 1. The number of times it is wrapped around the rod is important to note. Then, a portion of the message will be written across one "side" of the rod. Then, the rod will be rotated to the next "side", and this will repeat until the message is etched completely. Once you take the strand of paper off, the message will be mostly indiscernible, until the receiver does this same process to view the text.

The scytale involves something like a password, but instead of a word, it's knowledge of how many times the paper is wrapped. Additionally, something like a physical key exists too, in the form of the rod.

Figure 1: Scytale being viewed.

Rodriguez-Clark, Daniel. "An image of a Scytale with 10 faces." Crypto Corner, 2013, link.

Besides physical methods like the scytale, other "algorithmic" ciphers like the Caesar cipher existed too. That cipher is one many people are familiar with, shifting letters by a certain amount that another party can then reverse. Transposition ciphers will "merge" words together in alternating character injection, like "Hello" and "World" would become "HWeolrllod."

Notably, all of these ciphers require both parties to have knowledge of them, and their methods of decoding. These ciphers were used mainly in Rome. For example, Caesar was known to use 'his' respective cipher to encrypt important military messages. Spartans in Ancient Greece used the scytale.

Enter a message:

Shift by (characters):

The general idea of ciphers was to ensure both parties were valid and authentic, at least in principle. This is especially important during wartime, where each side constantly tries to intercept the other's messages in order to gain some military advantage. There, is where much of authentication innovation stems.

Germany was known for developing and extensively using the Enigma machine, until the Allied powers had cracked it. It used an electromechanical rotor mechanism. On the surface, you simply type in a letter, and the encoded letter would light up. Once you've encoded the entire message letter by letter, you would use morse code to send this message to someone else. They would use the same machine, and just enter the encoded message letter by letter. The final message would light up. So it seems on the outside, but it is quite complicated on the inside. Both sides need to know and configure their machines appropriately for this to work. The Enigma machine used a plugboard that would manually map some letter to another letter. Those electromechanical rotors - three of them - would shuffle the mapped letter based on their position and order. A "reflector" would send current in reverse order to "decode" t his message. It may sound simple, but it was hard to crack the message. As a matter of fact, the algorithm was never fully reversed, but the reflector played a part in "cracking" the Enigma machine as it guaranteed a character never maps to itself.

Enigma simulation by Matheus V. Portela

Asymmetric encryption means two different "keys" - a public key and a private key. However, the algorithm works in a "one way" sense. The sender uses this public key to encrypt a message, and passes it to receiver. The receiver will use (and can only use) their private key to decrypt the message. It travels one-way, so that only the public key can communicate with the private key user.

A somewhat similar concept would be cryptographic hash functions. It is not used to encrypt and decrypt a message, rather, it is used to verify you from other people. In the simplest sense, it is a password authentication function. It is also "one way". Password authentication long ago would have been both parties knew some secret word, and one can simply say it to confirm their identity to the other.

However, in the modern era, we cannot rely on the second party. One may want the other to know it's them, but not know the passcode. This is where cryptographic hash functions come into play. It's a complex mathematically grounded algorithm that takes a password and produces some jumbled output that won't lead back to the password. Even if someone had this jumbled output, they would never (theoretically) be able to get the original password used. Additionally, no two passwords ever leads to the same jumbled output.

Hash functions are quite useful, since servers storing your passwords are susceptible to attack. Further, most users would not feel comfortable giving someone else their password. Therefore, this hash function would produce some unique text that doesn't look like the original password. Even if an attacker steals the hashes, (ideally) they would not be able to get the password originally used.

Throughout hashing history, there have been several popular "methods" of hashing. Pretty much just different algorithms, but we have such methods like MD5, or SHA1, both of which are completely obsolete due to several types of attacks. The most secure hashing algorithms used today are Blowfish, SHA-256, or Whirlpool.

Try hashing for yourself in the interactive app to the right!

Enter text:

Select an algorithm: MD5 SHA-1 SHA-256 RIPEMD-160

Another form of authentication, and the last one mentioned here, is biometrics.

This form of authentication measures physical characteristics in order to verify one's identity. This is familiar to most everyone, as most modern day smartphones have fingerprint sensors, or iris scanners. There are several types of biometric authentication, like the two above, or whole facial recognition and voice recognition. Windows Hello, for example, uses facial recognition technology, and the Google Assistant will use voice recognition to deliver personal updates and distinguish you from your family.

The Google Assistant example overlaps with biometrics as identification. Not only are these physical properties used to authenticate oneself into a system, but also to differentiate between multiple peoples, for example, surveillance.

This "biometric authentication, " is theoretically asymmetric. We can all know of your fingerprint pattern, but theoretically it is impossible for you to have my fingerprint. Realistically, due to technical constraints and marginal errors, one can "replicate" the finger of another. This was the case for Touch ID and other fingerprint sensors, where scientists were able to capture someone's fingerprint and mold it into silicone and unlock the phone.

Additionally, the quality of biometric authentication is still doubtful, as we all have seen at some point or another. Your iPhone not recognizing your face as you wear a mask, or fingerprint sensor not reading correctly. Sometimes, your fingerprint may change a bit due to a scratch, moisture or oils, or otherwise, and you may not be able to authenticate yourself even though you are yourself.

Try this voice recognition module for yourself!