01 — Cryptography Timeline

Chronology of relevant milestones from the origins to today. Exact dates where known; "circa" when approximate. Negative milestones (breaks, incidents) marked with (broken) or (incident).


Antiquity (up to the 5th century AD)

Date Event
~1900 BC Non-standard hieroglyphs in the tomb of Khnumhotep II, Egypt — first known record of writing transformed to confuse the casual reader. Not cryptography in the modern sense; ritualistic obfuscation.
~1500 BC Mesopotamian tablets with a pottery formula in modified writing (proto industrial secret).
~600 BC Atbash — Hebrew cipher of reverse alphabet substitution (A↔Z, B↔Y…). Appears in the book of Jeremiah.
~500 BC Spartan scytale — rod of fixed diameter wrapped with a leather strip: transposition cipher. Attributed by Plutarch to Greek military use.
~100 BC Caesar cipher — Julius Caesar describes in De Bello Gallico the use of substitution with a fixed shift (classic: shift=3) in military correspondence.
~50 BC Augustus cipher — variant: shift=1, no wrap (Z stays Z, or becomes AA).
~150 AD Steganography documented by Herodotus (already earlier) and Aeneas Tacticus: invisible ink, messages on scalps, scraped tablets.
~200 AD Kama Sutra (Vatsyayana, India) lists 64 arts of the courtesan, including mlecchita-vikalpa (secret writing by substitution).

Middle Ages and Arab world (8th–15th c.)

Date Event
~800 Al-Khalil ibn Ahmad al-Farahidi (Basra) writes Kitab al-Mu'amma — first known treatise on cryptanalysis by permutations.
~850 Al-Kindi publishes Risalah fi Istikhraj al-Mu'amma (manuscript of the House of Wisdom, Baghdad) — describes frequency analysis, the first systematic cryptanalysis technique. Breaks any monoalphabetic cipher.
~1379 Gabriele de Lavinde (Vatican) — first European nomenclator (substitution cipher + list of codes for common words).
1466 Leon Battista Alberti publishes De Cifris — proposes a polyalphabetic cipher disk (Alberti disk); father of Western cryptography.
1518 Johannes Trithemius publishes Polygraphiatabula recta, basis of tabular polyalphabetic ciphers.
1553 Giovan Battista Bellaso publishes La cifra del Sig. Giovan Battista Bellaso — polyalphabetic cipher with a keyword (later misattributed to Vigenère).
1586 Blaise de Vigenère publishes Traicté des Chiffres ou Secrètes Manières d'Escrire — formalizes the cipher that would inherit his name (actually Bellaso's autokey/cipher).

Early modern era (16th–19th c.)

Date Event
1605 Francis Bacon publishes a binary two-letter cipher (biliteral cipher) — embryo of binary in text encoding.
1795 Thomas Jefferson designs the Wheel Cypher (Jefferson disk) — 36 disks with scrambled alphabets; rediscovered and used by the US Army in 1922 as the M-94.
1854 Charles Babbage breaks the Vigenère cipher (does not publish). Friedrich Kasiski publishes an independent method in 1863 — the Kasiski test.
1854 Charles Wheatstone invents the Playfair cipher (promoted by Lord Playfair) — substitution by bigrams in a 5×5 square. Used by the British in the Boer War, WWI, and WWII tactical.
1883 Auguste Kerckhoffs publishes La Cryptographie Militaire — formulates the 6 Kerckhoffs principles, whose second became a maxim: "The system must remain secure even if everything about it, except the key, is public knowledge".
1917 Gilbert Vernam (Bell Labs) patents the XOR stream cipher with paper tape — basis of the One-Time Pad.
1917 William Friedman (Riverbank Labs, later US Army) — father of American cryptanalysis; introduces rigorous statistical methods.
1917 Zimmermann Telegram deciphered by the British Room 40 — a factor that precipitates US entry into WWI.
1918 Joseph Mauborgne (US Army) combines Vernam + a single-use random key = One-Time Pad with Shannon's later proof (1949) of perfect secrecy.

Era of the machines (1918–1945)

Date Event
1918 Arthur Scherbius patents the commercial Enigma machine (Germany).
1923 The German Navy adopts Enigma; in 1926 the Wehrmacht follows; by 1945, dozens of variants (M3, M4 naval, etc.).
1929 Lester S. Hill publishes Cryptography in an Algebraic Alphabet — the Hill cipher, the first purely algebraic cipher (matrix multiplication modulo 26).
1932 Marian Rejewski (Polish Biuro Szyfrów) makes the first structural break of the military Enigma using permutation theory; creates the Bomba kryptologiczna.
1939 The Poles transfer their Enigma knowledge to the British and French (July, at Pyry).
1939–45 Bletchley Park — Alan Turing, Gordon Welchman, Hugh Alexander, Bill Tutte, Max Newman, and thousands of others. Continuous breaking of Enigma (Ultra) and of the Lorenz SZ40/42 (Tunny).
1940 Tommy Flowers designs the Colossus Mark 1 — first programmable digital electronic computer; used against Lorenz. Operational in December 1943.
1940 William Friedman + Frank Rowlett (US Signal Intelligence Service) break the Japanese Purple; codename Magic.
1941 Navajo code talkers — code spoken in Navajo used by marines in the Pacific (not cryptography, but ethnic security through obscurity that worked).
1945 Claude Shannon (Bell Labs) writes the classified memorandum A Mathematical Theory of Cryptography; declassified and published in 1949 as Communication Theory of Secrecy Systems (Bell System Technical Journal). Begins modern cryptography.

Foundation of modern cryptography (1949–1975)

Date Event
1949 Shannon, "Communication Theory of Secrecy Systems" — defines perfect secrecy, proves that the OTP is the only perfectly secure cipher, introduces confusion and diffusion as design principles.
1961 Start of TEMPEST (NSA) — classified research on electromagnetic leakage from cryptographic equipment.
1971 Horst Feistel (IBM) publishes Block Cipher Cryptographic System — the Feistel structure, basis of DES, Blowfish, Twofish, Camellia.
1973 GCHQ (UK) — Clifford Cocks internally discovers an analog of RSA (declassified 1997). Malcolm Williamson formulates a DH analog. James Ellis had proposed "non-secret encryption" in 1969.
1974 IBM submits Lucifer (precursor of DES) to NBS (later NIST) in a competition for a federal standard.

Public-key revolution (1976–1985)

Date Event
1976 Whitfield Diffie + Martin Hellman, New Directions in Cryptography (IEEE Trans. on Information Theory). Introduce the concept of public key and the Diffie-Hellman key exchange. Credit also to Ralph Merkle (Merkle's Puzzles, 1974).
1977 DES (Data Encryption Standard) standardized by NBS as FIPS 46 — 64-bit block, 56-bit key (after the NSA reduced it from the 64 proposed by IBM).
1977 Ron Rivest, Adi Shamir, Leonard Adleman publish A Method for Obtaining Digital Signatures and Public-Key CryptosystemsRSA. Presented by Rivest in Martin Gardner's Mathematical Games column in Aug 1977; formal paper MIT/LCS Tech Memo 82, later CACM 1978.
1979 Adi Shamir publishes How to Share a Secret (CACM) — Secret Sharing with polynomials.
1979 Ralph Merkle publishes Secrecy, Authentication, and Public Key Systems (PhD Stanford) — Merkle trees, Merkle signatures (hash-based, basis of the modern SPHINCS+).
1980 Martin Hellman + Whitfield Diffie patent DH (US Patent 4,200,770; expires 1997).
1983 RSA Patent US 4,405,829 granted (expires September 2000). RSA Data Security Inc. founded in 1982.
1984 Taher ElGamal publishes an encryption and signature scheme based on the discrete log problem — the ElGamal cryptosystem and ElGamal signature (later generalized into DSA).
1984 Charles Bennett + Gilles Brassard publish BB84 — first quantum key distribution protocol.
1985 Neal Koblitz and Victor Miller, independently, propose Elliptic Curve Cryptography (ECC) — using groups of points on elliptic curves instead of \(mathbb{Z}_p^*\).
1985 Goldwasser, Micali, Rackoff publish The Knowledge Complexity of Interactive Proof Systemszero-knowledge proofs.

Maturation (1986–1999)

Date Event
1989 PGP 1.0 (Phil Zimmermann) — first popular encrypted e-mail tool; becomes PGP 2.0 in 1992 with IDEA, RSA, MD5.
1991 MD5 published by Ron Rivest (RFC 1321).
1991 DSA (Digital Signature Algorithm) proposed by NIST (FIPS 186) — a Schnorr/ElGamal variant.
1992 Whitfield Diffie publishes The First Ten Years of Public-Key Cryptography.
1993 Mihir Bellare + Phillip Rogaway introduce the Random Oracle Model (CCS '93).
1993 SHA-0 (FIPS 180) — quickly replaced by SHA-1 in 1995.
1993 Eli Biham + Adi Shamir publish Differential Cryptanalysis of the Data Encryption Standard — a method already developed in 1990; the NSA had known it since the 1970s (DES was designed to resist it).
1993 Mitsuru Matsui introduces linear cryptanalysis; breaks DES with 2^43 known plaintexts.
1994 Peter Shor publishes Algorithms for Quantum Computation: Discrete Log and Factoring (FOCS '94) — Shor's algorithm breaks RSA, DH, ECC if a large-scale quantum computer exists.
1995 SHA-1 (FIPS 180-1) published.
1995 SSL 2.0 published by Netscape.
1996 SSL 3.0 published.
1996 Lov Grover publishes a quantum algorithm that gives a quadratic speedup in search — implying symmetric keys would need to double for post-quantum resistance.
1997 NIST launches the AES competition (to replace DES).
1997 GCHQ declassifies the CocksWilliamsonEllis works on "non-secret encryption" (1969–1974).
1998 Daniel Bleichenbacher publishes Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 — breaks TLS-RSA. The million-message attack. Returns to haunt as ROBOT in 2017.
1998 Paul Kocher, Joshua Jaffe, Benjamin Jun publish Differential Power Analysis — begins the modern era of side-channel attacks. (Kocher's timing attacks in 1996.)
1998 TLS 1.0 standardized (RFC 2246) — basically SSL 3.0 with minor changes.
1999 DES broken in 22 hours by the EFF Deep Crack (US$250k of hardware) + distributed.net. Confirms the 56-bit key is infeasible.

AES era and standardizations (2000–2010)

Date Event
2000 NIST selects Rijndael (Joan Daemen + Vincent Rijmen) as AES (FIPS 197 published in 2001). 128-bit block, 128192256-bit keys.
2001 Niels Ferguson + Bruce Schneier publish Helix (later evolving into Phelix); a growing pattern of AEAD stream ciphers.
2002 Galois/Counter Mode (GCM) published by David McGrew + John Viega — an AEAD mode that becomes standard in TLS, IPsec, SSH.
2002 Bernstein publishes an AES timing attack demonstrating that the S-box table in cache leaks the key.
2003 Boneh-Franklin Identity-Based Encryption (IBE) made practical with pairings on elliptic curves.
2004 Wang Xiaoyun, Yiqun Lisa Yin, Hongbo Yu announce collisions in MD5, MD4, RIPEMD, HAVAL-128 (CRYPTO '04 rump session). MD5 effectively broken.
2005 Wang, Yin, Yu publish a theoretical attack on SHA-1 (263 operations for a collision; below the ideal 280).
2005 TLS 1.1 (RFC 4346).
2005 DJB (Daniel J. Bernstein) publishes Salsa20 (eSTREAM project).
2006 Start of the eSTREAM project (ECRYPT) — selects a portfolio of stream ciphers.
2008 Marc Stevens et al. demonstrate a chosen-prefix collision in MD5 — forges a fake SSL certificate.
2008 TLS 1.2 (RFC 5246).
2008 Satoshi Nakamoto publishes the Bitcoin whitepaper (Oct 2008); genesis block on Jan 3, 2009.
2009 Craig Gentry (PhD Stanford) publishes the first Fully Homomorphic Encryption (FHE) scheme based on ideal lattices.
2010 Bernstein publishes Curve25519 (2006 paper, popularized post-2010).

Post-Snowden era (2011–2017)

Date Event
2011 BEAST (Browser Exploit Against SSLTLS) — Duong + Rizzo demonstrate CBC IV-prediction in SSL 3.0TLS 1.0.
2012 CRIME (Compression Ratio Info-leak Made Easy) — Duong + Rizzo. Leakage via TLS compression.
2012 Argon2 not yet — but scrypt (Colin Percival, 2009) and PBKDF2 dominate.
2013 Edward Snowden reveals NSA documents: the BULLRUN program (standards sabotage), DualECDRBG confirmed backdoored, EDGEHILL (GCHQ), interference in the IETF.
2013 Lucky Thirteen (AlFardan + Paterson) — timing attack on CBC-mode TLS.
2014 POODLE (Padding Oracle On Downgraded Legacy Encryption) — Möller, Duong, Kotowicz (Google) — forces a downgrade to SSL 3.0 and breaks padding.
2014 Heartbleed (CVE-2014-0160) — bug in the OpenSSL TLS heartbeat extension; leaks server memory. Discovered by Google + Codenomicon.
2014 FREAK (Factoring RSA Export Keys) — forces a downgrade to "export-grade" RSA 512-bit, breakable in hours.
2014 WireGuard begins development (Jason Donenfeld) with the Noise Protocol Framework and Curve25519.
2015 Logjam — DH 1024 downgrade with precomputation; feasible for a state actor (NSA-grade).
2015 Signal Protocol (X3DH + Double Ratchet) formally published (Marlinspike, Perrin). Adopted by WhatsApp in 2016.
2015 TLS 1.3 draft begins (finalized 2018).
2015 Let's Encrypt launched in production (Sep 2015) — ACME automation.
2016 NIST PQC competition announced (Jan 2017 calls for submissions; 69 initial proposals).
2016 DROWN — a cross-protocol attack that uses still-enabled SSLv2 on a server to break modern TLS on the same key.
2016 Sweet32 (Bhargavan + Leurent) — birthday attack on 64-bit block ciphers (3DES, Blowfish) in CBC/CTR modes with long traffic.
2017 SHA-1 practical collision — Google + CWI publish SHAttered (chosen-prefix; colliding PDF).
2017 ROCA (CVE-2017-15361) — flawed RSA key generation in Infineon chips used in smartcardsTPMsEstonian eID. Millions of keys breakable.
2017 KRACK (Key Reinstallation Attack) — Mathy Vanhoef breaks the WPA2 4-way handshake.
2017 ROBOT (Return Of Bleichenbacher's Oracle Threat) — Bleichenbacher 1998 attack still working on Cisco, Citrix, F5, IBM, Oracle servers.

TLS 1.3 era and PQC migration (2018–present)

Date Event
2018 TLS 1.3 finalized (RFC 8446) — removes RSA key transport, MD5, SHA-1, RC4, CBC, compression; adds 0-RTT, mandatory ChaCha20-Poly1305, AEAD only.
2018 GDPR takes effect (May 2018) — demands adequate crypto for personal data.
2018 WireGuard merged into the Linux kernel (5.6, 2020), but the formal paper and public implementation date from 2017–18.
2019 EDNS Client Subnet privacy — concerns about DNS leak; DNS-over-HTTPS (DoH, RFC 8484) and DNS-over-TLS (DoT, RFC 7858) grow.
2019 NIST PQC Round 2 — 26 remaining candidates.
2020 NIST PQC Round 3 — 7 finalists + 8 alternates.
2020 Zerologon (CVE-2020-1472) — Kerberos/Netlogon: an AES-CFB8 implementation with a fixed IV allows zeroing a domain controller password.
2021 SIKE (Supersingular Isogeny Key Encapsulation) eliminated from PQC — Castryck + Decru break it in hours with classical mathematics (Jul 2022).
2022 NIST announces the first PQC winners: CRYSTALS-Kyber (KEM), CRYSTALS-Dilithium + FALCON + SPHINCS+ (signatures). Jul 2022.
2022 Apple iMessage Contact Key Verification announced — PQC basis.
2023 Signal announces PQXDH (Sep 2023) — replaces X3DH with a hybrid PQ layer (X25519 + ML-KEM).
2023 Apple iMessage PQ3 announced in Feb 2024 — Curve25519 + Kyber-1024.
2024 NIST publishes FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA) in Aug 2024. FALCON renamed to FN-DSA (FIPS 206 draft).
2024 Cloudflare + Google enable the X25519MLKEM768 hybrid in production TLS 1.3.
2024 Terrapin (CVE-2023-48795) — truncation attack on the SSH BPP.
2025 Mainstream PQC migration — CNSA 2.0 (NSA) requires software ML-KEM/ML-DSA by 2030, hardware by 2033.
2025 HQC announced by NIST as a second PQC KEM (Mar 2025) — a backup for ML-KEM in case lattice-based is broken.
2026 Current state: TLS 1.3 + ChaCha20-Poly1305 + X25519MLKEM768 hybrid is the recommendation. RSA, classic DH, ECDSA-P256 still dominant but migration active.

Pending milestones (2026–2030+ expected)

  • Mandatory PQC in CNSA 2.0 (NSA), eIDAS 2.0 (EU), new FIPS validations in 2026+.
  • Cryptographically relevant quantum advantage — not expected before 2030; estimates vary (Google Quantum AI, IBM, IonQ, PsiQuantum, Quantinuum each with their own roadmaps).
  • MLS (Messaging Layer Security) (RFC 9420, July 2023) gaining adoption as a replacement for the Signal Protocol for groups.
  • TLS 1.4 / TLS-PQ drafts in progress.
  • Schnorr signatures more widespread (Bitcoin Taproot activated Nov 2021; Ethereum moving in this direction).
  • Practical FHE still 10–100× slower than plaintext computation; OpenFHE / Concrete / TFHE-rs maturing.
  • Confidential Computing (SEV-SNP, TDX) becoming standard in the cloud (Azure, GCP, AWS Nitro). Remote attestation as contractual.

Cross-reference

  • Technical detail of each algorithm: see files 04-symmetric.md, 05-asymmetric.md, 06-hash-and-mac.md, 08-post-quantum.md.
  • Technical detail of each protocol: see 07-protocols.md.
  • Technical detail of each attack: see 11-attacks.md.
  • Biography of the people cited: see 12-people.md.
  • Contextual detail of the incidents: see 13-incidents.md.