Cryptography is one of those things we use every single second without ever actually thinking about it. You tap a button on your phone, your bank balance pops up, and somewhere in that millisecond, a wall of math protected your life savings from a hacker in another hemisphere. It feels like magic. But it isn't. It's a war. It is a literal, thousand-year-old arms race between people who have secrets and the people who want to steal them.
If you want to understand how that war started—and where it’s going—you have to read The Code Book by Simon Singh.
Honestly, most "science" books are a slog. They’re dry. They read like a manual for a dishwasher you didn't buy. But Singh wrote this like a high-stakes thriller. He takes you from the Mary Queen of Scots’ execution (spoiler: her bad encryption got her killed) to the guys trying to build quantum computers that could break the internet tomorrow. It’s been out for decades, yet it remains the definitive "entry drug" for anyone curious about how information stays private.
The Tragedy of the Babington Plot
Let’s talk about Mary Queen of Scots for a second. This is the part of The Code Book by Simon Singh that usually hooks people who hate math. Mary was sending coded letters while she was imprisoned, plotting to take the throne from Elizabeth I. She used a "nomenclator," which is basically a fancy substitution cipher. She thought she was safe. She wasn't.
Walsingham, Elizabeth’s spymaster, didn't just find the letters. He used frequency analysis—the same trick you might use to solve a Sunday crossword—to break the code. Then, in a move that was basically the 16th-century version of a honeypot, he forged a postscript asking for the names of the conspirators. Mary’s people fell for it. They wrote back with the names. Everyone ended up on the chopping block.
📖 Related: How to Get Appointment at Genius Bar Without Losing Your Mind
It’s a brutal lesson. If your encryption is weak, your secrets aren't just vulnerable; they’re a death sentence. Singh uses this story to show that the history of codes isn't just about numbers—it’s about human ego and the fatal mistake of thinking your lock is unpickable.
Why the Enigma Machine Changed Everything
You’ve probably seen The Imitation Game. It’s a good movie, but it takes some liberties with the actual science. In The Code Book by Simon Singh, you get the real, gritty details of how the Polish mathematicians (who often get ignored in favor of Alan Turing) actually made the first breakthroughs against the German Enigma machine.
The Enigma wasn't just a code; it was a mechanical nightmare. Every time you pressed a key, the wiring changed. The letter "A" could be an "R" one second and a "Z" the next. It was "unbreakable" because the number of possible settings was astronomical.
Singh explains the "Crib" method in a way that actually makes sense to a normal person. The Germans were efficient, right? Too efficient. They started every weather report with the same phrases. That tiny bit of predictability was the loose thread the Allies pulled on until the whole sweater unraveled. It reminds you that the biggest flaw in any secure system is usually the person using it.
People get lazy. They use "123456" as a password today, and back then, they used predictable greetings in radio transmissions.
The Shift to Public Key Cryptography
For most of history, if I wanted to send you a secret message, we had to meet beforehand and agree on a "key." That’s a huge problem. How do you meet a stranger across the world to trade keys without someone intercepting you?
This was the "Key Distribution Problem," and for centuries, nobody knew how to solve it. Then came the 1970s.
Singh dives into the work of Whitfield Diffie, Martin Hellman, and Ralph Merkle. These guys were basically the rockstars of the crypto world. They figured out a way to exchange secrets in public. It sounds impossible. It’s like locking a box with your padlock, sending it to me, me putting my own padlock on it, sending it back, you taking yours off, and sending it back again. Eventually, the box stays locked the whole time but we both use our own keys.
This led to the RSA algorithm. If you see "https" in your browser bar right now, you’re using a descendant of the math Singh explains in this chapter. It relies on the fact that multiplying two huge prime numbers is easy, but trying to "un-multiply" them (factoring) is incredibly hard for a computer.
- Symmetric Encryption: One key to lock and unlock.
- Asymmetric Encryption: Two keys (public and private). One locks, the other unlocks.
The Looming Threat of Quantum Computing
The ending of The Code Book by Simon Singh is where things get a little spooky. Singh updated the book to discuss the "End of Privacy."
Standard computers suck at factoring those huge prime numbers I mentioned. But a Quantum Computer? It doesn't work like a normal PC. It doesn't just do one thing at a time. Through something called Shor’s Algorithm, a powerful enough quantum computer could theoretically tear through RSA encryption like paper.
We aren't quite there yet. The quantum computers we have now are small and "noisy." But every intelligence agency on earth is currently "harvesting" encrypted data. They can't read it now, but they’re saving it for ten or twenty years from now when they do have a quantum computer. It's called "Store Now, Decrypt Later."
Singh leaves us with a choice: do we find new "quantum-resistant" math, or do we accept that the era of digital secrets might be a temporary blip in history?
How to Apply This Knowledge Today
Reading about history is fun, but cryptography is an active sport. If you’ve finished the book or are planning to, there are actual steps you can take to move from a passive reader to a secure user.
First, stop using SMS for anything sensitive. Standard text messages are the "Mary Queen of Scots" letters of our day. They are unencrypted and easily intercepted by "Stingray" devices or sim-swapping. Switch to Signal or another platform that uses end-to-end encryption based on the principles Singh outlines.
Second, understand the "layers" of your data. Use a hardware security key (like a YubiKey) for your most important accounts. This moves your security from "something you know" (a password) to "something you have" (a physical token). Even if someone breaks the math of your password, they can't replicate the physical hardware.
Finally, pay attention to the "Post-Quantum Cryptography" (PQC) standards being developed by NIST. We are currently in a transition period. Software companies are starting to bake quantum-resistant algorithms into things like iMessage and Chrome. Keep your software updated. Those updates aren't just for new emojis; they're often adding the new math that will keep you safe when the first real quantum threats arrive.
The war between code-makers and code-breakers is never over. Singh’s book is the best map we have of the battlefield.
Actionable Next Steps:
- Audit your passwords: Use a dedicated password manager to ensure no two accounts share the same key.
- Enable MFA: Use app-based or hardware-based multi-factor authentication on all financial and email accounts.
- Read the Appendix: Simon Singh included a "Cipher Challenge" in the back of the book. Even though the prize has been claimed, trying to crack those ciphers manually is the best way to truly grasp the logic of frequency analysis and polyalphabetic substitutions.