Cipher: Difference between revisions
imported>Sandy Harris |
imported>Howard C. Berkowitz (It's probably best to make stub links on things like information theoretic cryptogrphy, . Kerckhofff is the cryptologist; Kirchoff's Law deals with voltage drops around a circuit) |
||
Line 17: | Line 17: | ||
==Design criteria== | ==Design criteria== | ||
Jean-Guillame-Hubert-Victor-Francois-Alexandre-Auguste Kerckhoffs von Niewenhof, whose full name might make a start at a minimally strong polyalphabetic key, was usually known as Auguste Kerckhoffs.<ref name=Kahn>{{citation | |||
| first = David | last = Kahn | |||
| title = The Codebreakers: the story of secret writing | |||
| date = second edition, 1996 | |||
| publisher = Scribners}} p.235 </ref> In his 1883 book, ''La Cryptographie Militaire'', he stated six axioms of cryptography.<ref name=>{{citation | |||
| url = http://www.quadibloc.com/crypto/mi0611.htm | |||
| contribution = The Ideal Cipher | |||
| title = A Cryptographic Compendium | |||
| first = John J. G. | last = Savard | |||
}}</ref> Some are no longer relevant given the ability of computers to perform complex encryption, but the second is the most critical, and, perhaps, counterintuitive: | |||
{{cquote|If the '''method''' of encipherment becomes known to one's adversary, this should not prevent one from continuing to use the cipher as long as the '''key remains unknown'''}} | |||
Some of the design objectives are usually described as '''confusion''' and '''diffusion''', following a famous paper of [[Claude Shannon]]<ref name=ShannonSec>{{citation | |||
| title = Communication Theory of Secrecy Systems | |||
| first = Claude E. | last = Shannon | |||
| url = http://netlab.cs.ucla.edu/wiki/files/shannon1949.pdf}}</ref>. Very roughly, substitution provides confusion while transposition or other mixing operations provide diffusion. | |||
==Types of cipher== | ==Types of cipher== | ||
Line 39: | Line 54: | ||
| author = National Security Agency | | author = National Security Agency | ||
| title = VENONA}}</ref> The key, of course, need not be on a paper pad; dense storage such as pairs of optical disks, destroyed as soon as used, is a more practical means of one-time key distribution. | | title = VENONA}}</ref> The key, of course, need not be on a paper pad; dense storage such as pairs of optical disks, destroyed as soon as used, is a more practical means of one-time key distribution. | ||
==References== | |||
{{reflist|2}} |
Revision as of 20:46, 1 August 2008
Information can be encrypted in two basic ways, cipher and code. Ciphers apply an algorithm and a cryptographic key to plaintext in the form of bits or characters; the process of encryption is unaware of linguistic structure such as words. It would make no difference to a cipher if its inputs were the complete works of William Shakespeare, a digitized image of a toxic waste dump, the closing price of every stock on the Tokyo stock exchange, or an order to invade Vatican City.
Most often, there is a one-to-one correspondence between the elements — bits or bytes — of the plaintext, although some ciphers insert nonsense padding into the ciphertext, to lessen the statistical relationship between plaintext and ciphertext. Padding that was mistaken for plaintext has changed the course of battles.
Another technique for hiding the real message content is called masking, which is used on dedicated communications channels. On a channel where there is no cost for transmission, essentially random noise, in the form that does not appear superficially different than the encrypted messages, is transmitted whenever there is no traffic to send.
Classical cipher components
There are two fundamental operations in ciphers, which strong systems combine. Substitution exchanges ciphertext for plaintext. As a trivial example, a substitution cipher could shift letters one place in the alphabet, so ZEBRAS would become AFCSBT. The other operation, transposition, changes the order of the plaintext elements. For example, a trivial transposition exchanges the order of each pair of letters, so ZEBRAS would become EZRBSA.
In real ciphers, the operations are combined. For example, if the above substitution is followed by transposition, ZEBRAS would become FASCTB. Transposition followed by substitution would convert ZEBRAS to FASCTB.
The example above is a monoalphabetic cipher; the same transformation is applied to each symbol of plaintext. For real use, you need polyalphabetic substitution with more than one transformation in play. As a trivial example, shift the odd letters one alphabetic place and the even letters two places, so that ZEBRAS becomes AGCTBU.
Real systems are more complex in several ways. Typically they work on chunks of plaintext far longer than the single word above. A key controls at least some of the operations; for example the amount to shift might be controlled by the key.
Design criteria
Jean-Guillame-Hubert-Victor-Francois-Alexandre-Auguste Kerckhoffs von Niewenhof, whose full name might make a start at a minimally strong polyalphabetic key, was usually known as Auguste Kerckhoffs.[1] In his 1883 book, La Cryptographie Militaire, he stated six axioms of cryptography.[2] Some are no longer relevant given the ability of computers to perform complex encryption, but the second is the most critical, and, perhaps, counterintuitive:
“ | If the method of encipherment becomes known to one's adversary, this should not prevent one from continuing to use the cipher as long as the key remains unknown | ” |
Some of the design objectives are usually described as confusion and diffusion, following a famous paper of Claude Shannon[3]. Very roughly, substitution provides confusion while transposition or other mixing operations provide diffusion.
Types of cipher
Block ciphers break data up into fixed-size blocks, 128 bits for AES and 64 bits for most of the block ciphers developed before AES.
Stream ciphers generate a pseudo-random stream of data under control of the key. This is combined with the plaintext — typically using some very simple operation such as bitwise XOR or bytewise additionn — to yield the ciphertext. To decrypt, use your copy of the key to generate the same pseudo-random data stream; then simply reverse the mixing transformation.
A one-time pad, which is provably secure against cryptanalysis, has a totally random key of the same length of the message. It is not secure against theft or copying of the pad. Totally random key comes from physical phenomena, such as second by second counts of radioactive disintegrations or thermal noise; a presumed random source needs to be verified for randomness. [4]
Anyone who considers arithmetical method of producing random digits is, of course, in a state of sin — John von Neumann (1951)
A one-time pad must absolutely, positively, be used only once. Even two uses, with different plaintext, can provide a break into the messages and even the system, as the Soviet Union learned when VENONA was revealed. [5] The key, of course, need not be on a paper pad; dense storage such as pairs of optical disks, destroyed as soon as used, is a more practical means of one-time key distribution.
References
- ↑ Kahn, David (second edition, 1996), The Codebreakers: the story of secret writing, Scribners p.235
- ↑ Savard, John J. G., The Ideal Cipher, A Cryptographic Compendium
- ↑ Shannon, Claude E., Communication Theory of Secrecy Systems
- ↑ Knuth, Donald (3rd Edition, 1998), Chapter III, Random Numbers, The Art of Computer Programming, Volume II: Seminumerical Algorithms, Addison-Wesley
- ↑ National Security Agency, VENONA