With encryption or encryption, characters are exchanged in texts. In this way, a ciphertext is created from a basic or plain text. Encryption requires an algorithm (a rule or regulation of how a character of the plain text becomes a character of the secret text) and a key (how the rule is to be applied). The ciphertext is illegible for anyone who does not know the key. Information is supposed to be kept secret.
A simple example of this is Caesar encryption:
Basic text or plain text: HELLO
Rule: replace one letter with another in the same alphabet. Go forward x steps.
Key: (e.g.) x = 5.
A B C D E F G H I K L M N O P ….
F G H I K L M N O P Q R S T U …
Secret text: MFQQT
H is replaced by M, A by F …..
This is an encryption machine from Crypto, which has been sold successfully for years.
The greater the “distance” between the plain and the secret text, the more secure the encryption method. In the simple CAESAR procedure we only have one step (A becomes F, B becomes G …), you could make it safer if more steps were inserted in between. With each step, the number of ways in which an exit character can be replaced increases.
Then encryption becomes complicated quickly. And because the characters are not evenly distributed in one language (in German, for example, the “e” occurs much more often than other letters), attempts were also made to avoid statistical attempts to decipher them by converting a particular character into different characters. Therefore, encryption and decryption started to be transferred to machines at the end of the 19th century. A cipher machine is an algorithm implemented in hardware.
An algorithm is a regulation of how character strings are to be transformed. The encryption algorithm is therefore an instruction according to which scheme the process must be carried out – a collection of rules, so to speak. An algorithm is not the final key.
Mechanical encryption machines were built with wheels that turned against each other. Irregular gears (for example, which only hook in every fifth time or even in an irregular sequence) increased safety. The key would then be the starting position of the wheels in the machine. If the wheels represent the alphabet, a certain word could indicate the starting position. You could also use different wheels (rotors), which would also increase safety. Then the key would also have to indicate which rotors from the kit you have to use where in the machine.
The “back door”
Today, encryption works purely electronically on the basis of programming using computers, without electromechanical components. In computers, characters are no longer replaced by other characters, but bit strings are replaced by others. The longer the sequences (in plain text as in the key), the more secure the encryption method (there are 8 options for a sequence of 3 bits: 0 0 0, 0 0 1, 0 1 1, 1 1 1 …), with a sequence of 5 bits already 32).
Computers are able to encrypt and decrypt faster (at any time fairly close to real-time), but they are more vulnerable as devices than mechanical machines (operating software, etc.). According to the “Rundschau” by the SRF, the ZDF and the “Washington Post”, the 280-page dossier available to them shows that security gaps were deliberately built into the encryption products of Crypto AG, a so-called “back door”. That is why the secret services could have tracked the encrypted information.
There are various starting points for installing a deliberate security gap, says Hannes Lubich, Prof. emeritus of the Institute for Mobile and Distributed Systems at the University of Applied Sciences Northwestern Switzerland.
There are then various starting points for a “back door” – the hardware, for example, via the computer chips used, the operating system, the generation, storage and use of the keys used or the actual crypto-algorithm.
Lubich says: “I can’t say what the back door at Crypto AG was.” With the wide range of options, Crypto AG was able to choose where to place the “back door” so that it could not be easily found even during an investigation.
In the 280-page dossier mentioned, there are indications that the encrypted information was also sent without the keys, the media report.
The proprietary systems
With cipher systems, much value is placed on external security verifiability today, explains Lubich. If there is special hardware with an operating system for this, it must generally be certified. The algorithms would also be published so that they could be checked for weaknesses. Lubich says:
In computer science, parameterization means the adaptation, for example of software, to the desired range of functions. Crypto AG had the reputation of a company that kept its secrets. Crypto AG customers could not rely on external verification or certification. Because the systems and algorithms were proprietary, i.e. not public, but secret. That should guarantee your safety.
Lubich says: «Apparently the states have trusted the company and believed that the systems are less vulnerable. And probably also rely a little bit on the fact that the others also know what they are doing. »
The role of Switzerland
The German intelligence agency BND and the American secret service CIA bought the company Crypto AG in 1970 and operated the company undercover as a foundation. Now they could practically switch and control. Not all employees were privy to what was actually going on. Some became suspicious because they saw that certain safety standards were not being met. Or that you deliberately built in weaknesses.
The exact role of Switzerland in this case is still unclear. Did the Swiss secret service know about it? That is the case, say “Rundschau”, ZDF and “Washington Post”. Was the Swiss intelligence service actively involved and benefited from it? Or did he tolerate it passively? The Federal Council commissioned the former federal judge Niklaus Oberholzer to carry out the investigation. The intelligence agency has also opened one. It is open whether a parliamentary commission of inquiry, PUK, will be set up. The decision should have been made this Friday, but was postponed.
National Council President Isabelle Moret said to the media: