We’ve touched on encryption as one of the examples of utility software available on a computer system, but it has a much wider application – it is used by all living things: it surrounds us and penetrates us; it binds the galaxy together. Oh no, hang on, that’s Ben Kenobi’s description of the Force, but it still applies. Websites, social media, mobile telephony, Wi-Fi, Sky Sports, Netflix, banking, business, online shopping… it all uses encryption.

At a personal level, if you are sat there sending private Snapchat messages to your friends, the last thing you want is someone else being able to read those messages, whether you’re sending over your 3G/4G data connection or via a free public Wi-Fi in Starbucks. This is where encryption is your friend.

A quick starter task: here is a code. Can you crack it?

05 08 13 03 14 20 19 22 07 00 19
” 02 17 24 15 19 14 06 17 00 15 07 24 ” 12 04 00 13 18

It says: “find out what “cryptography” means“… and to answer that rhetorical question, it is the art of writing or solving codes. The code used is a substitution cipher – each number corresponded to a letter of the alphabet: 00=a, 01=b, 02=c … 25=z. So 05=F 08=I 13=N 03=D, etc.

Now visit this BBC Bitesize webpage, watch the video at the top, read the rest of it for an introduction to this topic, then answer the questions below.


(1) What is encryption?

Protecting data by scrambling it.

(2) What three things do you need for encryption?

You need a cipher algorithm, a key and some cleartext/plaintext data to encrypt.

(3) Give an example of something you might want to encrypt.

Personal information, passwords, online bank transactions,…

Keywords for this topic: encryption; decryption; data packet; privacy; cipher; key; plaintext; cleartext; ciphertext; interception.

To summarise, to encrypt something is to make it hidden or scrambled so no-one else can read it (like a spy using a secret code to hide their messages). Ideally, the scrambling should be so complex that it would take a very long time for someone to crack it (even better: never!).

To encode and decode something you need the key, which the algorithm (called a cipher) uses to scramble the “cleartext” or “plaintext” data into something unreadable (“ciphertext“), and to unscramble it back again later (NB: this takes time to do, of course, depending on how complex the cipher is and how complicated the key is).

You can think of it like football, rugby, basketball or netball: what you want to do is pass the ball to your team-mate. What you don’t want to happen is for someone to intercept the ball and run off with it.

Encryption hasn’t happened overnight, and it wasn’t invented over the past 50 years by some combination of Vint Cerf, Bob Metcalfe and Tim Berners-Lee (did I mention that I’ve met them? 🙂 )… but there are a few famous names you may well recognise, including Alan Turing, Tommy Flowers and Julius Caesar.

Hail Caesar

Julius Caesar (100 – 40 BCE): Roman politician, general and subsequently Emperor having brought about the end of the Republic and established the Empire… and no, that’s not Revenge of the Sith, that’s the history of the Roman Empire.

Julius Caesar, he of “veni, vidi, vici” (“I came, I saw, I conquered“, alternative translation available in the first Ghostbusters movie), “beware the Ides of March” and “et tu, Brute?” fame, was an early user of cryptography, using it to send secret military messages and messages about his private affairs.

Photo of a bust of Julius Caesar, in the Museo Archeologico Nazionale di Napoli (MANN in Naples, Italy) (photo taken in 2018)

In the code-breaking starter task, we mapped or coded letters as numbers. What Caesar did was similar: he simply shifted the alphabet along and sent the new, coded letters. For example, if he shifted along two letters, then CODE would become EQFG (because C>>E, O>>Q etc.).

If you know how many letters have been shifted along it is easy to decode, you just shift them back.

Actually, even if you don’t know, it’s not going to take you too long to crack it once you know that the “ciphering algorithm” (i.e. the process being done) is just a letter shift. There are only 25 options, after all, so you just try a 1 letter shift, then try a 2 letter shift, … worst case you might have to try all of them up to the 25 letter shift. So it’s far from an unbreakable code, but at the time it must have been novel enough to have worked.


Create a Caesar cipher (up to you how many shifts!) and encrypt a message using it; then decrypt it back again.

Stretch: investigate what ROT13 is. Where is it sometimes used? Why is it really convenient? (Think about how many programs you have to write to have a full set of encoding and decoding software.)

World War II

Please watch these two videos: The Enigma Code (3’36”) and Cracking the Nazi Enigma Code Machine (9’41”).

(Also, the 2014 film “The Imitation Game” (certificate 12A) is a dramatised version of the events, if you have access and time.)

Bletchley Park (photo taken in 2012)

The Government Code and Cypher School at Bletchley Park near Milton Keynes, otherwise known as Station X, was set up in 1938, just before the outbreak of World War II. You can visit Bletchley Park (I recommend it): it is run as a museum to the wartime code-breaking activities and also hosts The National Museum of Computing on the same site (where you can see, in the section on mobile phones, one of the phones, a 2G (GSM) NEC DB2000, with my software in – I’m a museum piece). The site is officially recognised and marked by an IEEE milestone plaque:

IEEE milestone plaque at Bletchley Park house, photo taken in 2012 (did I mention that I’m a Senior Member of the IEEE? 🙂 )

The UK’s code-breaking and signals intelligence (SIGINT) work continues today, although it’s since moved to purpose-built accommodation in Cheltenham known as “The Doughnut” (find it on Google Maps to see why), and is now called GCHQ (the Government Communications Headquarters).

The most famous person at Bletchley Park was Alan Turing (1912 – 1954), an English mathematician and computer scientist, who came up with the theoretical basis for cracking the Nazis’ Enigma code in WWII.

The Alan Turing statue, created in slate by Stephen Kettle in 2007 (photo taken in 2012)

Some say that Turing’s work in breaking the Nazi codes shortened the war by as much as two years, saving thousands of lives.

The work was Top Secret: all the people involved (and there was about 12,000 posted there over the course of the war!) were subject to the Official Secrets Act and couldn’t even tell their families what they’d been working on during the war. The secrecy was maintained after the war – we continued to use it all against the Soviet Bloc during the Cold War, for example. The work at Bletchley Park only started to become public knowledge fifty years after the end of World War II.

Turing should have been celebrated as a national hero. Instead, in 1952, he was prosecuted for homosexual acts and accepted “chemical castration” instead of prison, and in 1954 he died from cyanide poisoning (suspected suicide). A 2009 Internet campaign led to a public apology by the government, and a posthumous pardon by Queen Elizabeth II in 2013. The Alan Turing Law is now an informal term for a 2017 law in the United Kingdom that retrospectively pardoned men cautioned or convicted under historical legislation that outlawed homosexual acts.

Recreation of Alan Turing’s office, in its original location in Hut 8 (photo taken in 2012)

No theoretical scientist will get far without an experimental physicist or engineer to build things to prove their ideas work (the Leonard Hofstadter or Howard Wolowitz to their Sheldon Cooper), and Bletchley Park had an army of engineers alongside the mathematicians, code breakers and machine operators.

Turing’s original design for the “Bombes” (the electromechanical number-crunchers that they used to crack the Enigma codes each day) was further improved by Gordon Welchman (from Fishponds in Bristol) and electrical engineer Harold Keen.

Working Replica Bombe at Bletchley Park (photo taken in 2012)
(please excuse the small child, not part of the Bombe mechanism)

The most well-known engineer at Bletchley Park, though, was Tommy Flowers (1905 – 1998), an electrical engineer seconded from the British General Post Office (GPO), the state-owned organisation that was eventually privatised and split up into British Telecom (BT) and the Royal Mail at the end of the 20th Century.

The German Army also used another, much more complex, cipher, called the Lorenz Cipher, which could not be cracked in the same way as Enigma. Flowers designed and built Colossus, the world’s first programmable electronic computer, which used paper tape and electronic valves rather than the mechanical switches and electromagnetic relays used in the Bombe. A functioning Colossus Mark II was rebuilt by a team of volunteers between 1993 and 2008, and it is on display at The National Museum of Computing at Bletchley Park.

Replica Colossus at Bletchley Park (in The National Museum of Computing)


Draw a timeline of the evolution of cryptography.

Stretch: use the Internet to research additional milestones in addition to the ones given above (e.g. Lysander of Sparta, transposition ciphers, Vigenère cipher, one-time pads and DES/AES).

Alice & Bob

Alice and Bob are fictional characters* used to illustrate cryptography in computer science and beyond (e.g. in physics). There are other characters that pop up and make cameos from time to time, such as Craig the password cracker, Eve the eavesdropper, Mallory the malicious attacker, Trudy the intruder, and so on.

* Alice and Bob were created by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper “A Method for Obtaining Digital Signatures and Public-key Cryptosystems“, published in the Communications of the ACM [did I mention that I was made a Senior Member of the ACM back in 2009? Just checking 🙂 ]
Rivest, R. L.; Shamir, A.; Adleman, L. (1978-02-01). “A Method for Obtaining Digital Signatures and Public-key Cryptosystems”. Communications of the ACM. 21 (2): 120–126. CiteSeerX doi:10.1145/359340.359342. ISSN 0001-0782

For example, a symmetric Caesar-cipher could be explained as: Alice wants to send a secret message to Bob. Alice takes her message and shifts every letter by three. She sends the ciphertext to Bob, and tells him (by another route) that the shift is 3. Bob shifts the letters back the other way and reads the plaintext.

We can then stretch that description to reveal the flaw: Eve listens in on the conversation when Alice tells Bob that the shift is 3. Eve intercepts and copies the ciphertext, and is able to shift the letters back and read the plaintext.

Stretch task: describe a public/private key asymmetric cryptography data exchange using the characters of Alice and Bob. Then, explain what happens when Eve accesses the public key – can she decrypt the message?

Daily Use

Going back to the original premise, how can we be confident that the data we send to websites and so on is secure?

The communications standards themselves usually offer a level of encryption – e.g. mobile phone data is encrypted over the air (between mobile and base-station, using secure algorithms built into the SIM), and Wi-Fi can be encrypted between the STA and the AP.

I wouldn’t rely on that though: whether encryption is used or not is optional in Wi-Fi (configured by whoever sets up the Access Point and hot-spot), and the original Wi-Fi encryption (WEP) was infamously weak – you could pick it with your teeth (there are much better algorithms now – WPA, WPA2 – but it’s still optional whether the owner turns it on).

Plus, that’s only encrypting that one link in the chain, it’ll be decrypted as soon as it is received at the AP or base-station. Therefore, if Eve or Mallory get access to the AP, they can intercept and read the data moving between Alice and Bob.

Instead, we go much further up the protocol stack, to the very top, the Application Layer. Websites can use HTTPS – Hyper Text Transfer Protocol, Secure (rather than regular HTTP) for transactions that need to be protected and secret. These protocols use end-to-end encryption: only you and the website at the far end can see the plaintext (just Alice and Bob, no-one in between). Every router, access point and eavesdropper along the way just sees a load of gibberish, not your card details or your order for that inflatable unicorn outfit.

Look for the padlock symbol in your address bar, and the prefix “https” before the URL:


Create two encrypted messages for somebody else to decrypt. You will need to write:
– Your encrypted message
– A cipher (a method of encrypting the message – can you invent a good one?)
– A key to encrypt and decrypt your message.

Extension Work

Read this website and answer the questions at the bottom.


To wrap up your learning on this, try this Quizizz quiz on Encryption.


Many thanks to Mr A. Esch at HPA for many of the resources and ideas used here – any mistakes on this page are down to me though, of course.