2024-05-20 7 min read

Notes, 2024-05-20.

Notes, 2024-05-20.
 Teenage George, engrossed in the book that first sparked my adventures into cryptography. Photo by my Dad.

Many people remember their first kiss, or first day at high school. I remember the day I learned how public-private key encryption works.

I was on holiday, aged 13, and had borrowed The Code Book by Simon Singh. The book tells the story of how for thousands of years, the only way to securely share a message was to first meet up and agree on a secret key, after which future messages could be exchanged safely using this key. The principle was considered such an axiom of cryptography that until the 1970s, little research was done to explore alternatives

The method invented to share secrets without a prior meeting exploited the mathematical challenge in factoring large integers, and is known as public-key cryptography. Today it is a critical component in securing most online communications and, thanks in part to Singh’s superb writing, thirteen-year-old George was captivated. I felt like I had a superpower; I knew what the padlock icon in my web browser meant.

Over the intervening twenty years I have delighted in reading all manner of ideas around encryption and data security, despite a complete lack of relevance to my day job. This newsletter is an indulgence of that moment of childhood joy, and a reminder to celebrate and share even the most nerdy and obscure of personal interests.

Scope of Work is supported by our awesome Members, and through support from:

Xometry Autodesk Fusion 360


  • Multiple discovery theory is the idea that independent researchers so frequently arrive at the same ideas, at the same time, that there is an inevitability about scientific progress. Isaac Newton and Gottfried Leibniz’s simultaneous invention of calculus is an often-cited example, and the invention of public-key encryption feels like it should be another. For years the first inventors were believed to be Whitfield Diffie, Martin Hellman and Ralph Merkle, who in 1976 invented the eponymous Diffie-Hellman key exchange. But in 1997, declassified research from the UK’s Government Communications Headquarters showed that the same ideas had previously been developed there between 1969 and 1973. Encryption has long been a matter of national security, and cryptographic devices were once rated as munitions and subject to export controls. This 1995 t-shirt featuring the source code to one public-key algorithm made light of that fact, as it was theoretically illegal to export.
  • I’m fascinated by the growing intersection of bug-finding and branding. For 25 years the Common Vulnerabilities and Exposures (CVE) system has been used to assign generic references to security issues found in software. But more recently, research teams have begun using logos, custom websites and PR agents to publicly share details of their exploits. In 2014 the “Heartbleed” bug (CVE-2014-0160) received widespread media coverage, credited in part to the $200 spent on a logo by the firm who discovered it. More recently, the Meltdown & Spectre bugs launched with a flashy website that placed technical details alongside a cute logo of a ghost, downloadable in a variety of image formats. But this rise of media-friendly information packaging is also open to manipulation. In one example from 2018, researchers launched a slick marketing website for a relatively benign bug in AMD computer chips – whilst admitting they would profit from a fall in the company’s stock price.


  • The ancient Greeks were amongst the earliest users of cryptography. In the 5th and 4th centuries BCE, Spartans are believed to have wrapped a strip of parchment around a cylindrical rod called a scytale to scramble a message. This is a good example of a transposition cipher, and building a scytale is a great first project for children to learn about cryptography – although despite my childhood curiosity I never attempted it myself.

    Unlike transposition ciphers, which simply rearrange letters, substitution ciphers swap each letter for another based on a pre-agreed pattern. The most famous of these is the Caesar shift cipher, recorded in the AD 121 biographies The Twelve Caesars as being popular with the Roman emperor Julius Caesar. Easy to crack, as a teenager I enjoyed making and breaking Caesar shift messages, along with the more challenging Vigenère cipher. First described in 1553, Vigenère relies on a secret key phrase to significantly increase its complexity, and was known in French as le chiffrage indéchiffrable (the indecipherable cipher). This reputation lasted into the 20th Century, despite a full solution to decrypting it being published in 1863. The Confederate States in the American Civil War heavily adopted the Vigenère cipher, encrypting messages with the key phrases "Manchester Bluff," "Complete Victory," and "Come Retribution," not realizing that the Union was often able to decrypt them.
  • Last year, a competition sought entries for psychedelic cryptography: hiding information in images that could only be understood when tripping. There were only three successful entries, and they all exploited the tracer effect where bright colors last longer in your visual field while on psychedelics. If you’d like to try yourself, the final images and required dosing to decrypt the messages are detailed in the competition’s results pages, although Spencer suggested a more family-friendly version in the form of the popular childhood book Magic Eye.
  • An excellent write-up on using 3d printed stamps and IR absorbing inks to secretly mark and track an entire deck of cards.


Last October the British Library suffered a major cyber attack that took many services offline for months, severely impacting the work of researchers worldwide. In March the library published a detailed report into the attack, in which they explained that:

Our major software systems cannot be brought back in their pre-attack form, either because they are no longer supported by the vendor or because they will not function on the new secure infrastructure that is currently being rolled out.



  • I love this simple explanation of why pixelating words in an image doesn’t mean they can’t be read. The author created an automated tool to unscramble pixelated letters and numbers. PSA: The only safe way to hide personal information is to draw black bars over the words, and then save the result as an image file.
  • The most common approach to cracking basic codes such as Caesar or Vigenère ciphers is using frequency analysis. Letter occurrences follow a standard distribution model, and I learned the mnemonic ETA ION RHS as a child to remember the order of the most common letters in English writing. This sort of statistical analysis reminds me of the German tank problem. Allied forces in World War II attempted to estimate the monthly production rate of German tanks, based on the sequential part numbers found on captured vehicles. Conventional intelligence suggested a rate of 1,400 tanks per month, whereas a statistical approach estimated a figure of 246. After the war, the true figure was discovered to have been 245.


Thanks as always to Scope of Work’s Members and Supporters for making this newsletter possible. Thanks also to my Dad for first lending me Simon Singh’s Code Book, and, as always, to Erinna & Lukas for everything else.

Love, George

p.s. - We care about inclusivity. Here’s what we’re doing about it.

George Cave
George is an expert in experience prototyping & interactive technology. He's currently building the drone delivery network for the UK's National Health Service at Apian.
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Scope of Work.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.