Computers don’t use letters
Every letter you type becomes a byte — an 8-bit number between 0 and 255.
A= 65 =01000001B= 66 =01000010!= 33 =00100001
Computers don’t scramble “letters”. They scramble bits. And the most useful bit-scrambling trick has a friendly name: XOR.
XOR — the magic mixer
XOR (pronounced “ex-or”) stands for “exclusive or”. It’s a tiny rule for combining two bits:
| A | B | A XOR B |
|---|---|---|
| 0 | 0 | 0 |
| 0 | 1 | 1 |
| 1 | 0 | 1 |
| 1 | 1 | 0 |
In plain English: “different bits make a 1, same bits make a 0.”
The magic property is this:
(A XOR B) XOR B = A
If you XOR a message with a key, then XOR the result with the same key again — you get the original message back. So XOR is its own reverse. That’s perfect for encrypting and decrypting with the same key.
Try XOR with bits
Below: type a message and a key. See the bits line up and XOR together.
Notice how the output is totally unpredictable from the input. Flip one letter of the key and every output bit can change. That’s why XOR is the heart of almost every modern cipher.
The one-time pad: the only unbreakable cipher
There’s exactly one cipher in the world that cannot be broken, even by a computer the size of a galaxy running for a billion years.
It’s called the one-time pad. The rules are:
- Your key is as long as the message (or longer).
- Every bit of the key is random.
- You XOR message with key.
- You never, ever, use the same key again.
If you follow all four rules, the ciphertext could decode to any plaintext the same length — there’s no way to tell which one is “right” without the key. It’s mathematically proven to be unbreakable.
So why don’t we use it for everything? Because of rule #1. If you have a secret key already as long as the message, you could have just shared the message that way in the first place. One-time pads are used for the very highest-stakes secrets — like nuclear hotlines — but not for daily stuff.
What your phone actually uses
Your phone doesn’t use one-time pads. It uses something called AES (Advanced Encryption Standard), invented in 2001.
AES works like this, roughly:
- Your 128-bit key is expanded into a schedule of round-keys.
- The plaintext is chopped into 16-byte blocks.
- Each block goes through 10 rounds of: mixing, substituting, XORing with a round-key, and shuffling.
- Out comes a block of ciphertext.
Nobody has ever broken AES with 128-bit keys. If every computer on Earth worked together to guess the key by trying all 2¹²⁸ possibilities, it would take billions of years.
That’s why your WhatsApp messages, your bank login, and your Apple ID are actually safe.
The two kinds of cryptography today
Modern crypto has two big families:
1. Symmetric (shared-key) cryptography
You and your friend both know the same secret key. Fast, used for big data. AES is the most famous one.
Problem: How do you share the secret key in the first place? If you could send it securely, you could just send the message securely!
2. Asymmetric (public-key) cryptography
This is the mind-blowing one. You have two keys:
- A public key you give to everyone (even your enemies).
- A private key only you know.
If anyone encrypts a message with your public key, only your private key can decrypt it. The math (called RSA or elliptic curves) makes this possible.
This is how your phone does it: when it wants to talk to WhatsApp’s servers, it grabs WhatsApp’s public key, uses it to send a fresh random symmetric key, and then they chat using AES from there.
This idea — public-key cryptography — was invented in the 1970s and it changed the world.
Practice
What does 0 XOR 1 equal?
XOR returns 1 when the inputs are different. 0 and 1 are different, so the answer is 1.
What does A XOR B XOR B equal?
XOR is self-inverse. Doing it twice with the same value cancels out. That's why the same key can encrypt AND decrypt.
Which of these is proven mathematically unbreakable?
Only the one-time pad has a proof of perfect secrecy. AES is unbroken in practice but doesn't have a proof — it just happens that nobody has found a way to break it.
What's the KEY idea behind public-key cryptography?
Public-key has two mathematically linked keys. You publish one, keep the other. Anyone can encrypt for you, only you can decrypt. This is how the internet can be safe even when strangers talk to each other.
You finished the course!
You now know:
- Plaintext, ciphertext, keys, and how a cipher works.
- The Caesar cipher and why it has only 25 keys.
- Morse code (not a cipher, but an elegant alphabet).
- Frequency analysis — the superpower that broke ciphers for 1200 years.
- Substitution ciphers and how to crack them.
- XOR, one-time pads, AES, and public-key crypto.
The next time you see the little padlock in your browser, you’ll know that behind it is an entire chain of ideas from Caesar to Shannon to the math powering your phone.