Nyheter

Cryptology: From antiquity to modern information security

Published: May 6, 2026
Kryptologins historia 2

Cryptology is concerned with protecting information so that it cannot be read or altered by unauthorised parties. It has existed in various forms for several thousand years and is today a central part of modern information security and digital communication.

Already in antiquity, simple methods were used to conceal messages, and traces of encrypted communication have been found as far back as ancient Egypt. Since then, cryptography has developed in step with society's need to protect information, from handwritten messages to today's digital systems. The purpose of what encryption is meant to achieve, however, remains the same. Jens Bohlin, CEO of Tutus, describes the fundamental principles of cryptography.

– It is a method for securing communication against eavesdropping and undetected modification. It is about being able to know that nobody has read it, but also that what you decrypt is correct and has not been altered along the way, he says.

From simple ciphers to open standards

Historically, cryptography has developed from simple methods such as the Caesar cipher, where letters are shifted in the alphabet, or methods where the positions of letters are swapped. Over time, mechanical solutions for encryption and decryption also emerged.

– The early methods can at first glance appear difficult to crack, but can often be broken by looking for patterns and carrying out straightforward statistical analyses, says Jens.

Common to the early methods was that the protection relied largely on keeping the method itself, or the apparatus, secret. Once the apparatus fell into enemy hands, the entire system was compromised.

Today, modern cryptography rests on a different underlying philosophy. According to Kerckhoffs' principle*, security should not lie in keeping the method or algorithm secret, but in introducing a temporary external secret into the system – an encryption key. This remains perhaps the most important principle in modern cryptography: that the system can be scrutinised and evaluated by independent experts, thereby instilling confidence that it contains no weaknesses or backdoors.

This has made possible open and scrutinised standards such as the cryptographic algorithm AES (Advanced Encryption Standard), where the strength lies in the design and key management, rather than in keeping the system concealed.

Keys, randomness, and human factors

In modern cryptosystems, key length and randomness are two entirely decisive factors in determining whether a system can be considered secure. Keys must be sufficiently long and unpredictable to make it impractical to guess one's way through, even with substantial computational resources.

This is also why modern standards use long keys of at least 250 bits, providing a security margin well beyond what is practically feasible to attack by brute force – a method of breaking encryption by simply trying every possible combination until the correct one is found.

A crucial factor in cryptology is how randomness is generated. Since computers are fundamentally deterministic, external sources of randomness are required in order to generate keys that cannot be predicted.

– Classical computers are not particularly good at generating randomness. They do exactly what they have been told to do. For key generation, the opposite applies – everything must be left to chance, says Jens.

At the same time, the mathematics is only part of the picture. In practice, many attacks do not succeed by breaking algorithms, but rather by exploiting weaknesses in implementation, key management, or human factors.

– One must not forget that cryptography is merely one link in the chain. In reality, several factors come into play when it comes to protecting one's information – not least the human factor, says Jens.

*Kerckhoffs' principle

Kerckhoffs principle is named after the Dutch cryptographer Auguste Kerckhoffs and is one of the foundational principles of cryptography. It states that a cryptosystem should remain secure even if an adversary knows every detail about the system, except for the secret decryption key. In other words, security should rest on the secrecy of the key, rather than on keeping the algorithm or the design of the system concealed.

About Jens

Jens Bohlin has been CEO of Tutus since 2009 and has an extensive background in cryptology and information security. He has previously worked as a technical cryptologist at both Swedish MUST and FRA, as well as at the Ministry for Foreign Affairs, where he was involved in joint initiatives concerning cryptography and secure systems. Jens holds a Master of Science in Engineering in Computer Science.

Namnlos design 20
Linked In 9

About Tutus

Tutus is a Swedish cybersecurity company providing comprehensive solutions in information and network security, with a particular focus on encryption and secure communication. Since 1992, we have developed advanced solutions for critical societal functions with high security requirements — offering products approved for handling security-classified information up to the level of Restricted at the national level, as well as EU Restricted and NATO Restricted.