This article is part of the Science in Sci-fi, Fact in Fantasy blog series. Each week, we tackle one of the scientific or technological concepts pervasive in science fiction — space travel, genetic engineering, artificial intelligence, etc. — with input from an expert.
Please join the mailing list to be notified every time new content is posted.
About the Expert
Matt Perkins is a Canadian writer and software developer. His science fiction thriller series Winterwakers, set in an alternate Earth where humans hibernate, is available in paperback and eBook. This is Matt’s second appearance on this blog, and his writing has also appeared on Buzzfeed and the Fantasy Literature blog. He is currently querying a sci-fi adventure novel about a young woman lost on a wild, unexplored planet. You can find him on Twitter, Facebook, or his website.
Encryption 101 for Writers
Let’s pretend you and I live on opposite ends of Sesame Street. I want to share a freshly-baked batch of cookies with you, but I know if I leave my house, the Cookie Monster will try to eat them. Is there a way I can transport the cookies such that they won’t be intercepted by our excitable neighbor?
If your imagined solution involves sealing the cookies in a container only you or I can open, you already understand encryption. Go ahead and skip the rest of this post.
But seriously: at its core, encryption is a way to prevent a message from being read and/or altered by a third party. In the Sesame Street example, we have one party (me) sending a “message” (the cookies) to another party (you), and we want to make sure this message isn’t intercepted (eaten) by a third party (Cookie Monster). To do this, we disguise it as something else (a sealed box) that only the intended parties can interpret correctly.
Of course, when most people talk about encryption, they aren’t thinking of cookies and furry blue sugar fiends. In a modern context, encryption is almost always discussed as a way of protecting data stored on, or transmitted from, a computer. We often think of encryption as a very new tool for dealing with a new kind of threat, but encryption and cryptography (the science of encryption) is much, much older than computing.
As the 2014 film The Imitation Game taught us, one of the world’s first computers was invented by Alan Turing to crack the encryption on Nazi messages. Encryption has been protecting the world’s secrets for millennia, with examples dating as far back as the Roman Empire. Even America’s founding fathers got in on the act — Thomas Jefferson invented an encryption device to prevent his messages from being intercepted by the British.
Today, encryption is a part of everyday life, no longer the exclusive domain of spies, diplomats, and shadowy government agencies. It might be hard to believe we’re all engaging in spycraft every time we check Twitter, but on a basic level, that’s exactly what’s happening behind the scenes. With so much of our lives online, the importance of protecting our communications can’t be understated. Just ask anyone who’s ever been hacked, doxxed, or had their identity stolen.
This is how we, as writers, often deal with encryption in the context of our work: the act of cracking it, and the consequences of revealing someone’s once-encrypted secrets. But before you write that pivotal scene where the shy, nerdy hero hacks the evil corporation’s server, let’s take a look at some of the most common misconceptions about encryption.
Debunking Myths About Encryption
- Encryption is not synonymous with security. That would be like saying beef is synonymous with hamburgers. Most good security strategies include encryption in one or more ways, but they don’t have to, and they rarely use it exclusively.
- A password is not encryption, and encryption is not a password. A password is a form of authentication; it ensures only specific people can access the data. This is subtly distinct from encryption, which is a form of obfuscation; only specific people can read the data. A password might be used as an encryption key (more on that later) but even then, it is not the same as encryption in and of itself.
- Encrypting data is not hiding data. This is a tough one to grasp, because when all’s said and done, encryption is often applied as a means of hiding the real content of a message. But encrypted data isn’t exactly hidden, at least not in the traditional sense. If you found a hard drive full of encrypted data, you’d still be able to observe that it contains something. In most cases, encrypted data is readily accessible with little or no effort. Encryption isn’t stopping you from discovering the data; it’s stopping you from reading it.
- Not all encryption is created equal. To illustrate this, the next sentence will be encrypted. E’vi incryptid thes missogi far yau. I’m betting you had no trouble decrypting that. In fact, I bet it was so easy you didn’t even think of it as encryption at all. But technically, I did use a substitution cipher, so yes, it is encrypted data. Ideally, you would want your characters to use much stronger encryption than that, otherwise cracking it would be trivial. Which brings us to …
- Modern encryption is nearly impossible to crack without a hint. Encryption, at its core, is math, albeit extremely complex math. Computers are great at math, but even the most powerful computer can’t definitively solve an equation if there are too many unknowns. When encryption is cracked, it’s usually because part of the message was already known, and the rest was extrapolated from there.
Here, in a nutshell, is what it’s like to crack encryption
I give you the following equation:
x + y = 245
Your job is to solve for y. Not find all possible values of y, mind you — find a specific, precise value for y. With no additional information, the only way you’d be able to accomplish this is by brute force: try every number between 0 and 245 until you get it right.
Now, imagine instead of 245, the number is actually 617 digits long. And instead of simply adding x and y, you’re performing a far, far more complex equation on those two variables. And you’re doing this thousands of times for every message. That’s modern encryption.
But what if you learned that y is a prime number? This drastically reduces the brute force effort required. When encryption is cracked, it’s almost always because part of the solution was already known. If, for example, you’re trying to decrypt an Excel spreadsheet, the knowledge that it’s actually supposed to be a spreadsheet, and not, say, a picture of an adorable kitten, is helpful. You can look for patterns that you would expect to occur in such a file.
And what if you knew the value of x? Then the answer would be simple. In encryption terms, that’s the equivalent of having the key: a piece of data used to decrypt the message.
Let’s go back to Sesame Street. If I seal those delicious cookies in an opaque, airtight box, and lock that box with a padlock, I can now walk down Sesame Street without alerting Cookie Monster. For this to work, I’d also have to give you the key to the box, so I’d probably take that with me and hide it in my pocket. In cryptography, this would be called a symmetric key, which is a fancy way of saying “the same key is used to encrypt and decrypt the message.”
As you might have guessed, symmetric key encryption has a single, critical vulnerability: reading the message is trivial if you obtain the key. Let’s say Cookie Monster smells me baking the cookies, and grows suspicious when he sees me walking down the street with a locked box. He can easily steal both the box and the key while I’m walking down Sesame Street, thus defeating my encryption.
This is where public key encryption comes in. In spite of the open-sounding name, public key encryption is a lot more secure, especially when sending data to a computer you don’t control (e.g. an email server). With this method, you have two keys: a public key that gets sent along with the message, and a private key that always stays with the recipient. The public key can be used to encrypt the message, but only the private key can decrypt it. And because the private key is never transmitted, there is little chance of a third party cracking the encryption.
On Sesame Street, I call you and let you know I have cookies for you. This time, you’re prepared. You bring your special self-latching lockbox (public key) but you leave its key at home (private key). You walk down the street with the empty box wide open. At my house, you fill the box with cookies and close the lid, locking the box. You carry it back to your house, fetch the key, open the box, and enjoy your delicious cookies. And Cookie Monster is none the wiser. All he ever sees is you walking back and forth with a box.
Encryption, in Summary
- Encryption prevents third parties from reading sensitive messages.
- It accomplishes this by doing lots and lots of intense math to make the message unreadable if it’s intercepted.
- You can’t crack encryption without some kind of hint, and even then it’s difficult.
- If you steal the encryption key, you can easily decrypt the message.
- Public key encryption makes stealing the key unlikely.
- Watch out for Cookie Monster.
Follow me and you'll never miss a post: