The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

Summary

Key takeaways

1. 1.

   Every encryption method has been broken eventually. The history of cryptography is a continuous arms race between encryption and cryptanalysis, not a story of permanent solutions.

2. 2.

   Frequency analysis — counting how often each letter appears in ciphertext — defeated monoalphabetic substitution ciphers and was developed by Arab scholars in the ninth century, centuries before European cryptography.

3. 3.

   The Vigenère cipher resisted cryptanalysis for 300 years before Babbage and Kasiski independently identified its vulnerability: repeated key patterns produce statistical regularities detectable by frequency analysis.

4. 4.

   Enigma was broken not despite but because of its structural constraints. The machine's design rule that no letter could encrypt to itself was the flaw that allowed Turing and Rejewski to attack it systematically.

5. 5.

   Public-key cryptography solved the key-exchange problem: two parties can establish a shared secret over an insecure channel without prior contact. The mathematics depends on the practical difficulty of factoring large numbers.

6. 6.

   RSA security rests on a believed-hard problem, not a proven-hard one. If efficient factoring algorithms or quantum computers break RSA, the security of most internet communication collapses.

7. 7.

   Quantum key distribution uses physics — specifically, the impossibility of measuring quantum states without disturbing them — to detect eavesdropping. It is the first cryptographic system where security follows from physical laws rather than mathematical assumptions.

8. 8.

   The politics of strong encryption — governments wanting backdoors, privacy advocates defending end-to-end security — were already a live policy debate in the 1990s and have intensified since.

Discussion questions

Use these on your own, with a book club, or as chat starters in Superbook.

1. 1.

   Singh describes cryptography as a perpetual arms race between encryption and cryptanalysis. Does that framing suggest that truly unbreakable encryption is impossible in principle, or just difficult in practice?

2. 2.

   The Arab mathematicians who invented frequency analysis did so in the context of Quran scholarship — analyzing letter patterns to date manuscripts. What does it tell us about the sources of scientific discovery that this method came from religious philology?

3. 3.

   The Vigenère cipher was considered unbreakable for three centuries. How does knowing that affect your confidence in any current security system that is described as unbreakable?

4. 4.

   Bletchley Park's work shortened the war but required keeping Ultra completely secret, which meant allowing some attacks to succeed that could have been prevented. How do you think about the ethics of that tradeoff?

5. 5.

   Public-key cryptography depends on the assumed difficulty of factoring large numbers. What does it mean to build global communications security on a mathematical conjecture rather than a proven theorem?

6. 6.

   The PGP chapter shows a private citizen deploying military-grade encryption in defiance of US export law. How do you think about the ethical dimensions of cryptographic freedom versus national security concerns today?

7. 7.

   Quantum cryptography uses physical laws to guarantee security rather than mathematical hardness. Does that feel like a qualitatively different kind of guarantee to you, or is it still an assumption that the underlying physics is correct?

8. 8.

   The book ends with the threat that quantum computers could break RSA. We are now in 2025 and quantum computing has advanced significantly. How has that threat materialized, and what has been done about it?

9. 9.

   Singh gives you enough mathematics to actually understand why RSA works. Did you engage with those sections, and if not, what was the barrier — the mathematics itself or the feeling that you didn't need it?

10. 10.

    Cryptography is increasingly invisible infrastructure — it runs beneath every secure website, every encrypted message, every payment. Does that invisibility make you more or less interested in understanding how it works?

11. 11.

    The history of broken ciphers shows that every system eventually falls. What should that history tell policymakers who are currently making decisions about encryption standards for the next twenty years?

12. 12.

    Singh weaves historical narrative with technical explanation throughout. When the technical sections appear, do they deepen the story for you or interrupt it?

Themes

Frequently asked questions

• What is The Code Book about?

  The history of cryptography from ancient substitution ciphers through the breaking of Enigma to modern public-key encryption and quantum cryptography. Singh weaves technical explanation into historical narrative so you understand not just what happened but how the mathematics works.

• Do I need to know mathematics to read it?

  Some comfort with logical reasoning helps, but not formal mathematics. Singh explains number theory and modular arithmetic from scratch when he needs them. Readers who engaged with the Enigma and public-key sections of the book said they were among the most satisfying explanations they had encountered.

• Is The Code Book still relevant now that RSA might be breakable by quantum computers?

  More relevant than ever. The final chapter's concern about quantum computing breaking RSA was prescient. Understanding the mathematical foundations Singh describes is the prerequisite for following the post-quantum cryptography debate that has accelerated since the book was written.

• How long does it take to read?

  Around eight hours at measured pace. Some of the mathematical sections reward slow reading; the historical narrative sections move quickly.

• What is the most surprising fact in the book?

  Most readers find the Enigma chapter most surprising — specifically that the machine's own design rule (no letter encrypts to itself) was the flaw that made systematic breaking possible. The machine's security depended on a guarantee that turned out to be a vulnerability.

About Simon Singh

Simon Singh is a British science writer with a PhD in particle physics from Cambridge. His other books include Fermat's Last Theorem, which traces the 350-year proof of the problem and became a bestseller, and The Big Bang, a history of cosmological science. Singh writes with the conviction that non-specialists can understand difficult mathematics if it is explained with sufficient care and context. He has also written for The Sunday Times and produced documentary films for the BBC. The Code Book, published in 1999, has sold over a million copies and is considered one of the best popular treatments of cryptography.