You are on page 1of 11

Cryptography (or cryptology; from Greek ???pt??, "hidden, secret"; and ???fe??, graphein, "writing", or -????

a, -logia, "study", respectively)[1] is the practic e and study of techniques for secure communication in the presence of third part ies (called adversaries).[2] More generally, it is about constructing and analyz ing protocols that overcome the influence of adversaries[3] and which are relate d to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation.[4] Modern cryptography intersect s the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electron ic commerce. Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The o riginator of an encrypted message shared the decoding technique needed to recove r the original information only with intended recipients, thereby precluding unw anted persons to do the same. Since World War I and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and it s application more widespread. Modern cryptography is heavily based on mathematical theory and computer science practice; cryptographic algorithms are designed around computational hardness a ssumptions, making such algorithms hard to break in practice by any adversary. I t is theoretically possible to break such a system but it is infeasible to do so by any known practical means. These schemes are therefore termed computationall y secure; theoretical advances, e.g., improvements in integer factorization algo rithms, and faster computing technology require these solutions to be continuall y adapted. There exist information-theoretically secure schemes that provably ca nnot be broken even with unlimited computing power an example is the one-time pad bu t these schemes are more difficult to implement than the best theoretically brea kable but computationally secure mechanisms. Cryptology-related technology has raised a number of legal issues. In the United Kingdom, additions to the Regulation of Investigatory Powers Act 2000 require a suspected criminal to hand over his or her decryption key if asked by law enfor cement. Otherwise the user will face a criminal charge.[5] The Electronic Fronti er Foundation (EFF) is involved in a case in the Supreme Court of the United Sta tes, which may determine whether requiring suspected criminals to provide their decryption keys to law enforcement is unconstitutional. The EFF is arguing that this is a violation of the right of not being forced to incriminate oneself, as given in the fifth amendment.[6] Contents [hide] 1 Terminology 2 History of cryptography and cryptanalysis 2.1 Classic cryptography 2.2 Computer era 3 Modern cryptography 3.1 Symmetric-key cryptography 3.2 Public-key cryptography 3.3 Cryptanalysis 3.4 Cryptographic primitives 3.5 Cryptosystems 4 Legal issues 4.1 Prohibitions 4.2 Export controls 4.3 NSA involvement 4.4 Digital rights management 5 See also 6 References 7 Further reading 8 External links Terminology[edit source | editbeta] Until modern times cryptography referred almost exclusively to encryption, which

However. It means the replacement of a unit of plaintext (i. or literate opponent s.. as ci phers without variable keys can be trivially broken with only the knowledge of t he cipher used and are therefore useless (or even counter-productive) for most p urposes. Co des are no longer used in serious cryptography except incidentally for such things as unit designations (e. This is a secret (ideally known only to the communi cants). In the English Wikipedia the ge neral term used for the entire field is cryptography (done by cryptographers). it is the study of how to crack encryption algorithms or their implementa tions. code has a more specific meaning. Some use the terms cryptography and cryptology interchangeably in English. Classic cryptography[edit source | editbeta] Reconstructed ancient Greek scytale. is called the process of converting ordinary information (called plaintext) into unint elligible text (called ciphertext). among ot hers. Encryption was used to (attempt to) ensure secr ecy in communications.[7] Decryption is the reverse. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key"... rendering it unreadable b y interceptors or eavesdroppers without secret knowledge (namely the key needed for decryption of that message).. A cipher (or cyph er) is a pair of algorithms that create the encryption and the reversing decrypt ion.e. Bronco Flight or Operation Overlord) since properly c hosen ciphers are both more practical and more secure than even the best codes a nd also are better adapted to computers. The study of characteristics of languages which have some application in cryptog raphy (or cryptology). moving from the unintelligible ciphertext back to plaintext. the term "code" is often used to mean any method of encryptio n or concealment of meaning. sender/receiver identity authent ication. the field has expanded beyond confidentiality concerns to inc lude techniques for message integrity checking. More literacy. Cryptanalysis is the term used for the study of methods for obtaining the meanin g of encrypted information without access to the key normally required to do so.. such as those of spies. In colloquial use.g. frequency data. letter combinations. usually a short string of characters. and substi tution ciphers. etc. which systematically replace letters or groups of letters with o ther letters or groups of letters (e. finite possible keys. an early cipher device The earliest forms of secret writing required little more than local pen and pap er analogs since most people could not read. required actual cryptography. interactive proofs and secure computation. in cryptography.. i. 'hello worl d' becomes 'ehlol owrdl' in a trivially simple rearrangement scheme). The main classical cipher types are transpositi on ciphers. which rearrange the order of letters in a message (e. digital signatures. 'fly at once' becomes 'gmz bu podf' by .e.g. military leaders. cryptography was concerned solely with message confidenti ality (i.g. wallaby replaces attack at dawn). and the encryption a nd decryption algorithms which correspond to each key. in other words . In recent decades. A "cryptosystem" is the ordered list of elements of finite possible pla intexts. finite possible cyphertexts. a meaningful wor d or phrase) with a code word (for example.e. History of cryptography and cryptanalysis[edit source | editbeta] Main article: History of cryptography Before the modern era. i. which is needed to decrypt the cip hertext. Keys are important. ciphers were often used directly for encryption or decryp tion without additional procedures such as authentication or integrity checks. Historically..e. encryption) conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end. and diplomats.[8][9] English is more flexible than several other languages in which cryptology (done by cryptolo gists) is always used in the second sense above. universal patte rns. while others (including US military practice generally) use cryptography to refer spe cifically to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis.

encryption has still often been effective in practice.. in fact. Ciphertexts produced by a classical cipher (and some modern ciphers) always reve al statistical information about the plaintext. but this was first publi shed about ten years later by Friedrich Kasiski. He also invented wha t was probably the first automatic cipher device.[13][14] 16th-century book-shaped French cipher machine. in which each letter in the plaintext was replaced by a letter some fixed number of positions further down the alphabet. with arms of Henri II of France Enciphered letter from Gabriel de Luetz d'Aramon. which controls letter substitution depending on which lette r of the key word is used. as many a would-be cryptanalyst was unaware of the technique. Suetonius reports that Julius Caesar used it with a shift of three to communicate with his generals. bribery.. thus making espionage. a wheel which implemented a pa rtial realization of his invention. French Ambassador to the Ottom an Empire. defection. microdots. Al-Kindi wrote a book on cryptography entitled Ri salah fi Istikhraj al-Mu'amma (Manuscript for the Deciphering Cryptographic Mess ages).[11] Steganography (i. etc. the scyta le transposition cipher claimed to have been used by the Spartan military).[citation n eeded] nearly all such ciphers became more or less readily breakable by any info rmed attacker. which described the first cryptanalysis techniques. Cryptography is r ecommended in the Kama Sutra (ca 400 BCE) as a way for lovers to communicate wit hout inconvenient discovery. though mostl y as puzzles (see cryptogram). It was finally expl icitly recognized in the 19th century that secrecy of a cipher's algorithm is no t a sensible nor practical safeguard of message security. Breaking a message without using freq uency analysis essentially required knowledge of the cipher used and perhaps of the key involved. hiding even the existence of a message so as to keep it con fidential) was also first developed in ancient times. This fundamental principle was first explicit ly stated in 1883 by Auguste Kerckhoffs and is generally called Kerckhoffs's Pri .. Such classical ciphers still enjoy popularity today. though there is some indicat ion that it was already known to Al-Kindi. After the discovery of frequency analysis perhaps by the Arab mathematici an and polymath Al-Kindi (also known as Alkindus) in the 9th century.. burglary. In the polyalphabetic Vigenère cipher. An early substitution cipher was the Caesar cipher.e. In the mid-19th century Charles Babbage showed that t he Vigenère cipher was vulnerable to Kasiski examination. Simple v ersions of either have never offered much confidentiality from enterprising oppo nents.[12] More modern examples of steganography include the use of invisible i nk. encrypt ion uses a key word. from Her odotus. it was furthe r realized that any adequate cryptographic scheme (including ciphers) should rem ain secure even if the adversary fully understands the cipher algorithm itself. concealed a message a tattoo on a slave's shaved head under the regrown hair . Security of the key used should alone be sufficient for a good cipher to maintai n confidentiality under an attack.[14] Alberti's innovation was to use d ifferent ciphers (i. most cle arly by Leon Battista Alberti around the year 1467.[15] Although frequency analysis is a powerful and general technique against many cip hers. An early example. but this may have been done for the amusement of lite rate observers rather than as a way of concealing information.g.replacing each letter with the one following it in the Latin alphabet).[10] The Greeks of Classical times are said to have known of ciphers (e. with partial decipherment Essentially all ciphers remained vulnerable to cryptanalysis using the frequency analysis technique until the development of the polyalphabetic cipher.e. and digital watermarks to conceal information. substitution alphabets) for various parts of a message ( perhaps for each successive plaintext letter at the limit). The earliest known use of cryptography is some carved ciphertext on sto ne in Egypt (ca 1900 BCE). after 1546. Atbash is an example of an early Hebrew cipher. which can often be used to break them.[7] Another Greek method was developed by Polybius (now called the "Polybius Sq uare"). mor e attractive approaches to the cryptanalytically uninformed.

the required key lengths are similarly advancing. and several pa tented. As well as being aware of cryptographic history. continuous improvements in computer process ing power have increased the scope of brute-force attacks. Computer use has thus supplanted linguistic cryptography. good modern ciphers have stayed ahead of cryptanalysis. unli ke classical ciphers which only encrypted written language texts. Since then. it is typically the case that use of a quality cipher is very efficient (i. Extensive open academic research into cryptography is relatively recent. the announced imminence of small implementations of these mac . In med ieval times. such as memory or CPU capability). the i nventor of information theory and the fundamentals of theoretical cryptography. there are proofs tha t some techniques are secure if some computational problem is difficult to solve . so there are deep co nnections with abstract mathematics. With the invention of polyalphabetic ciphers c ame more sophisticated aids such as Alberti's own cipher disk. alternatively and more bluntly. and vastly larger than that required for any classical cipher. while breaking it requires an effort many orders of magnitude larger. computers have also assisted cryptanalysis. such as th e integer factorization or the discrete logarithm problems. fast a nd requiring few resources. which has compensated to some extent for increased cipher comple xity. letters and digits) directly. at best. cry ptography has become a widely used tool in communications. the world's first full y electronic. or this or that assumption about implementation or practical use is met. In recent times. One o f the earliest may have been the scytale of ancient Greece.e.[19] The potential effects of quantum computing are already being considered by some cryptographic system designers. digital. it made possible much more complex ciphers. this was new a nd significant..[17] Computer era[edit source | editbeta] Cryptanalysis of the new mechanical devices proved to be both difficult and labo rious.[16 ] The ciphers implemented by better quality examples of these machine designs br ought about a substantial increase in cryptanalytic difficulty after WWI. However. unlik e classical and mechanical schemes. computers allowed for the encryption of any kind of data representable in any binary format. Different physical devices and aids have been used to assist with ciphers. an d computer security generally. IBM personnel designed the algorithm t hat became the Federal (i. and reinvented independently by Bazeries around 1900). making cryptanalysis so inefficient and impr actical as to be effectively impossible. it bega n only in the mid-1970s. Whitfield Diffie and Martin Hellman published their key agreement algorithm. thus when specifying key lengths. Nonetheless. computer networks. which was also used for a kind of steganography.e. Furthermore.nciple. Many mechanical encry ption/decryption devices were invented early in the 20th century. For instance. US) Data Encryption Standard. Just as the development of digital computers and electronics helped in cryptanal ysis. This culminated in the development of the Colossus. it was restated by Claude Shannon. Johannes Trithemi us' tabula recta scheme.. and Thomas Jefferson's multi cylinder (not publicly kno wn. other aids were invented such as the cipher grille. programmable computer. cryptographic algorithm and sys tem designers must also sensibly consider probable future developments while wor king on their designs. as Shannon's Maxim 'the enemy knows the system'. which assisted in the decryption o f ciphers generated by the German Army's Lorenz SZ40/42 machine. a rod supposedly use d by the Spartans as an aid for a transposition cipher (see image above). In the United Kingdom.e. both f or cipher design and cryptanalysis.[18] and the RSA algorit hm was published in Martin Gardner's Scientific American column. Some modern cryptographic techniques can only kee p their keys secret if certain mathematical problems are intractable. Many computer ciphers can be characterized b y their operation on binary bit sequences (sometimes in groups or blocks). which generally manipulate traditional chara cters (i. There are no absolute proofs that a cryptog raphic technique is secure (but see one-time pad). among them rotor machines famously including the Enigma machine used by th e German government and military from the late 1920s and during World War II. cryptanalytic efforts at Bletchley Park during WWI I spurred the development of more efficient means for carrying out repetitious t asks..

prior to the early 20th century. the SHA-2 family im proves on SHA-1. for instance. in contrast to the 'block' type.hines may be making the need for this preemptive caution rather more than merely speculative.[4] Essentially.[23] Many other block ciphers have been designed and released. Cryptographic hash functions are a third type of cryptographic algorithm. but an unusual one as it deals with active. number theory. The competition ended on October . combinatorics. There is also active research examining th e relationship between cryptographic problems and quantum physics (see quantum c ryptography and quantum computer). fixed length hash whic h can be used in (for example) a digital signature.g.S. statistics. Symmetric-key cryptography[edit source | editbeta] Main article: Symmetric-key algorithm Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or. create an arbitrarily long stre am of key material. SHA-1 is widely deployed and more secure tha n MD5. cryptography was chiefly concerned with linguistic and lexicographic patterns. The U. and finite mathematics generally. with considerable variation in quality.S. For good hash functions. In a stream cipher. the output st ream is created based on a hidden internal state which changes as the cipher ope rates. and malevolent opposition (see cryptographic engineering and security engin eering). Many have been t horoughly broken. The chief ones are discussed here. This was the only kind of encr yption publicly known until June 1976. and cryptography now makes extensive use of mathematics. MD5. National Security Agency developed the Secure Hash Algorithm series of MD5-like hash functions: SHA-0 was a flawed algorithm that the agency withdrew. The Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) ar e block cipher designs which have been designated cryptography standards by the US government (though DES's designation was finally withdrawn after the AES was adopted).[18] One round (out of 8. including aspects of information theory.5) of the patented IDEA cipher. the input form used by a stream cipher. abstrac t algebra. intellig ent. by 2012. in which their keys are dif ferent. see Block cipher modes of operation. such as FEAL. standards author ity thought it "prudent" from a security perspective to develop a new standard t o "significantly improve the robustness of NIST's overall hash algorithm toolkit . Modern cryptography[edit source | editbeta] The modern field of cryptography can be divided into several areas of study. somewhat like the one-time pad. a hash function design competition was meant to select a new U. see Topics in Cryptography for more. it is used across a wide range of applications.[20] Despite its deprecation as an official standard. Cryptography is. is also widely used but broken in practice. and output a short. als o. but related in an easily computable way). less commonly.[4] Block ciphers can be used as stream ciphers. That internal state is initially set up using the secret key material. from ATM encryption[21] to e-m ail privacy[22] and secure remote access. computational complexity. but cryptanalysts have identified attacks against it. Since then the emphasis has shifted .. to be called SHA-3. and the U. see Category:Stream ciphers. other kinds of engineering (e. civil or chemical engineering) need d eal only with neutral natural forces. which is combined with the plaintext bit-by-bit or character -by-character. but it isn't yet widely deployed."[25] Thus. a branch of engineering. DES (especially i ts still-approved and much more secure triple-DES variant) remains quite popular . RC 4 is a widely used stream cipher. A block cipher enciphers input in blocks of plaintext as opposed to individual characters. e-mail Symmetric key ciphers are implemented as either block ciphers or stream ciphers. MD4 is a long-used hash function which is now broken. used in some versions of PGP for high-speed encryption of. an attacker cannot find two messages that produce the same hash. n ational standard. a strengthened variant of MD4.[4][24] Stream ciphers.S. They t ake a message of any length as input.

though a message or group of messages may have a different key than oth ers. have been among the most wide ly used. and var ious elliptic curve techniques. also presents a chicken-and-egg problem which is a considerable practical obstacle for cryptography users in the real world.[28] The historian David Kahn described p ublic-key cryptography as "the most revolutionary new concept in the field since polyalphabetic substitution emerged in the Renaissance".[33] Padlock icon from the Firefox Web browser. Ellis had conceived the principles of asymmetric key cryptog raphy. While Diffie and Hellman could not find such a system. James H.[30] The Diffie Hellman and RSA algorithms. A significant disadvantage of symmetric ciphers is the key management neces sary to use them securely. both keys are gener ated secretly. Instead. even though they are necessarily related. The difficulty of securely establishing a secret key between two communicating parties. ide ally.[26] Message authentication codes (MACs) are much like cryptographic hash functions. share a different key. Adi Shamir. a British intelligence organization. See Category:Asymmetric-key cryptosystems. ElGamal encryption. when a secure channel does not already exist between them. In a public-key encryption system. Whitfield Diffie and Martin Hellman proposed the notion of public-key (also. Clifford Cocks invented a solution that essentially resembles th e RSA algorithm. authors of the first published paper on pub lic-key cryptography In a groundbreaking 1976 paper. the p ublic key is used for encryption. a document published in 1997 by the Government Communications Headquarters (GCHQ).2. except that a secret key can be used to authenticate the hash value[4] upon rece ipt. and perhaps each ciphertext exchanged as well. In 1973.[29] In public-key cryptosystems. a solution that is now widely used in secure communications to allow two parties to secretly agree on a shared encryption key. Malcolm J. and Len Adleman. they showed tha t public-key cryptography was indeed possible by presenting the Diffie Hellman key exchange protocol. Each distinct pair of communicating parties must.[31] Reportedly. the public key may be freely distributed. Public-key cryptography[edit source | editbeta] Main article: Public-key cryptography Public-key cryptography. while its paired private key must remain secret. Others include the Cramer Shoup cryptosystem. in addition to being the first publicly kno wn examples of high quality public-key algorithms. 2012 when the NIST announced that Keccak would be the new SHA-3 hash algorith m. revealed that cryptogr aphers at GCHQ had anticipated several academic developments. Whitfield Diffie and Martin Hellman. To much surprise. ar ound 1970.[27] A public key system is so constructed that calculation of one key (the 'private key') is computationally infeasible from the other (the 'publ ic key'). Williamson is claimed to have d eveloped the Diffie-Hellman key exchange. where different keys are used for encryption and decryp tion Symmetric-key cryptosystems use the same key for encryption and decryption of a message. meant to indicate a page has been sen . while the private or secret key is used for de cryption.[31][32] And in 1974. The number of keys required increases as the square of the number of network members .[18] Diffie and Hellman's publication sparked widespread academic efforts in finding a practical public-key encryption system. which very quickly requires complex key management schemes to keep them all st raight and secret. called asymmetric key) cryptography in which two different but mathematically related keys are used a public key and a private key. more generally. whose solution has since become known as the RSA algorithm. as an interrelated pair. This race was finally won in 1978 by R onald Rivest.

effective security could be achiev ed if it is proven that the effort required (i. while the rele vant symmetric key is sent with the message. seeing an icon results when c ode is intended to render it.[34] Most ciphers. but encrypted using a public-key al gorithm. provided the key material is truly random. More recently. never reus ed. for 7 years before the war. etc. as compared to the effort nee ded to make use of the cipher. and only the resulting hash is digitally signed . Dig ital signatures are central to the operation of public key infrastructures and m any network security schemes (e.[4] Cryptanalysis[edit source | editbeta] Main article: Cryptanalysis Variants of the Enigma machine. Since no such proof has been found to date. they both have the characteristic of being easy for a user to produce. and of equal or greater length than the message.e.[citation needed] Public-key cryptography can also be used for implementing digital signature sche mes. Claude Shannon proved that the one-time pad cipher is unbreakable.. while Diffie Hellman and DSA are relate d to the discrete logarithm problem. in which a cryptogr aphic hash function is computed. As a result. kept secret from all possible attackers. apart from the one-time pad. elliptic curve cryptography has developed in which security is based on number theoretic problems involving elliptic curves. It is a common misconception that every encryption method can be broken.. the cryptana lyst has access to a ciphertext and its corresponding plaintext (or to many such .g. A common distinction turns on what an attacker knows and w hat capabilities are available. which are much more computationally expensive than the techniques used i n most block ciphers. in which a secret key is used to process the message (or a hash of the message. In a ciphertext-only attack. and subsequent decryption at Bletchl ey Park. in which the matching public key is used with the message to check the validity of the s ignature. the one-t ime-pad remains the only theoretically unbreakable cipher. There are a wide variety of cryptanalytic attacks. or both). In digital signature schemes. often from number theory. but difficult for anyon e else to forge. the cryptanalyst ha s access only to the ciphertext (good modern cryptosystems are usually effective ly immune to ciphertext-only attacks). for any attempt will be detectable. they cannot then be 'moved' from one document to an other. SSL/TLS. However.[24] Public-key algorithms are most often based on the computational complexity of "h ard" problems. and one for verification. Because of the difficulty of the underlying problems. but the amount of effort need ed may be exponentially dependent on the key size. there a re two algorithms: one for signing. Digital signatures can also be permanently tied to the content of the message being signed. the hardness of RSA is rel ated to the integer factorization problem. in Shannon's t erms) is beyond the ability of any adversary. "work factor". in which a fast high-quality s ymmetric-key encryption algorithm is used for the message itself. In a known-plaintext attack. especially with typical key sizes. implemented a complex electro-mechani cal polyalphabetic cipher. RSA and DSA are two of the most popular digital signature schemes. most publ ic-key algorithms involve operations such as modular multiplication and exponent iation.[7] The goal of cryptanalysis is to find some weakness or insecurity in a cryptograp hic scheme. was important to Allied victory. used by Germany's military and civil authorities from the late 1920s through World War II.). and they can be classified in any of several ways. Breaking and reading of the Enigma cipher at Poland's Cipher Bureau. public-key cryptosystems are commonly hybrid cryptosystems. For example. hybrid signature schemes are often used. In such cases.t in SSL or TLS-encrypted protected form. Malicious code can provide the icon even when the connection is not actually being protected by SSL or TLS. thus permitting its subversion or evasion. many VPNs. This means it must be shown that n o efficient method (as opposed to the time-consuming brute force method) can be found to break the cipher. In conn ection with his WWII work at Bell Labs. can be broken with enough computational effort by brute force attack. A digital signature is reminiscent of an ordinary signature. Similarly.

wil l make any system vulnerable. used by the British during WWII. the RSA algorithm is based on a problem related to integer factoring).[35] This is a considerable improvement on brute force attacks. Thus. to reach a point at which chances are better th an even that the key sought will have been found. or some of them. For instance.. in a practical time). often overwhelmingly so.g. such as permitting too short keys. a simple brute force atta ck against DES requires one known plaintext and 255 decryptions. factoring-based encryption techniques must use l arger keys than elliptic curve techniques.g. which are us ed to develop more complex tools called cryptosystems or cryptographic protocols . regardless of other virtues. at least for problems of more o r less equivalent size. espionage. to achieve an equivalent strength of attack resistance.. Finally. For example.) may be the most productive attacks of all. But this may not be enough ass urance. Cryptographic primitives[edit source | editbeta] Much of the theoretical work in cryptography concerns cryptographic primitives alg orithms with basic cryptographic properties and their relationship to other crypto graphic problems. the amount of time the device took to encrypt a number of plaintexts or repo rt an error in a password or PIN character. etc. An attacker might a lso study the pattern and length of messages to derive valuable information.[4] Also important. efficiently (i . or cryptosystem. And.e. While pure cryptanalysis uses weaknesses in the algorithms themselves. El- .. for example. and are called side-channel attacks.. Public-key algorithms are based on the computational difficulty of various probl ems. one-way functions. altered the course of World War II Cryptanalysis of symmetric-key ciphers typically involves looking for attacks ag ainst the block ciphers or stream ciphers that are more efficient than any attac k that could be against a perfect cipher. In a chosen-plaintext attack. and sometimes a primitive. Cryptosystems (e. for examp le. torture. extortion. see Cryptanalysis of the E nigma for some historical examples of this). but the discrete logarithm problem is also important. which guarantee one or more high-level security properties. in a chosen-ciphertext attack. Note however. and other attacks against the personnel who work with cryptosyste ms or the messages they handle (e. the cryptanalyst may choose a plaintext a nd learn its corresponding ciphertext (perhaps many times). Poznan monument (center) to Polish cryptologists whose breaking of Germany's Eni gma machine ciphers.g. is quite ar bitrary. trying approxim ately half of the possible keys. These primitives provide fundamental properties. thi s is known as traffic analysis. the RSA algorithm is sometimes considered a cryptosystem. other att acks on cryptosystems are based on actual use of the algorithms in real devices. Typical examples of cryptographic primitives include pseudorandom functions. public-key cryptosys tems based on elliptic curves have become popular since their invention in the m id-1990s. bribery.pairs). Much public-key cryptanalysis concerns numerical algo rithms for solving these computational problems. More complicated cryptographic tools are then built from these basic primitives. Poor administration of a cryptosystem. socia l engineering. the best known algorithms for solving t he elliptic curve-based version of discrete logarithm are much more time-consumi ng than the best known algorithms for factoring. For this reason. that the distinction between cryptographic primitives and cryptosystems. . other things being equal. Cryptosystems[edit source | editbeta] One or more cryptographic primitives are often used to develop a more complex al gorithm. If a cryptanalyst has access to. of course. beginning in 1932. called a cryptographic system. are mistakes (generally i n the design or use of one of the protocols involved. th e cryptanalyst may be able to choose ciphertexts and learn their corresponding p laintexts. blackmail.[36] and can be quite useful to an alert adversar y. an example is garden ing. The most famous of these is integer factorization (e.. he may be able to use a timing attac k to break a cipher that is otherwise resistant to analysis. a linear cryptanalysis attack against DES requires 243 known plaintexts and approximately 243 DES operations.

export cont rols came to be seen to be an impediment to commerce and to research. Pakistan.[43] In the United States. even the domestic use of cryptography is. there has been a history of controversial legal issues surro unding cryptography. Among the more restrictive are laws in Belar us. After World War II. Until 1999. Cryptosystems use the p roperties of the underlying cryptographic primitives to support the system's sec urity properties. PGP. cryptographically protected backup data). and Vietnam. and the diminution of privacy attendant on its prohibition. Recently[tim eframe?]. a li cense is still required to use cryptography. there were several challenges to US export regulations of cryptogr . in fact.. many Western governments have. Probably because of the importance of cryptanalysis in World War II and an expectation that cryptography would continue to be important for national sec urity. as the distinction between primitives and cryptosys tems is somewhat arbitrary. Such cryptosystems are sometimes called cryptographic protocols. asymmetric key algorithms (i. this was not especially problematic. or has been.[38] (like zero-knowledge proofs). More complex cryptosystems include electronic cash[37] systems.e. etc.[44] Until the development of the personal computer. between the sender of a secure message and its receiver) or acro ss time (e.g. Some widely known cryptosystems include RSA encryption. restri cted. etc. at some point. and the Internet. Singapore. Secret communications may be criminal or even treasonous. The study of how best to implement and integrate cryptography in software applic ations is itself a distinct field. the cryptosys tem's structure involves back and forth communication among two or more parties in space (e. most security properties of most cryptosystems were demonstrated using empirical techniques. However. especially since the advent of inexpensive computers has ma de widespread access to high quality cryptography possible. it was illegal in the US to sell or distribu te encryption technology overseas.. but there has been much conflict over legal issues related to cryptography. Export controls[edit source | editbeta] Main article: Export of cryptography In the 1990s. One particularly impor tant issue has been the export of cryptography and cryptographic software and ha rdware. As a result. see: Cryptographic engineering and Security e ngineering. In many cases.[39] systems for secret sharing. strictly regulated export o f cryptography.. Legal issues[edit source | editbeta] See also: Cryptography laws in different nations Prohibitions[edit source | editbeta] Cryptography has long been of interest to intelligence gathering and law enforce ment agencies. Kazakhstan.g. high quality en cryption techniques became well-known around the globe. there has been considerable effort to develop formal techniques for es tablishing the security of cryptosystems. France significantly restricted the use of cryptography domest ically.[40][41] etc. Mongolia. a sophisticated cryptosystem can be derived from a c ombination of several more primitive cryptosystems.[42] Many countries have tight restr ictions on the use of cryptography. Some more 'theoretical' cryptosystems inclu de interactive proof systems. or using ad hoc reasoning. Tunisia. In some countries.g. The general idea of provable security is to give arguments about the computational difficulty needed to compromise some security aspect of the crypt osystem (i.Gamal encryption) are designed to provide particular functionality (e. cryptography is legal for domestic use.g. encryption was designated as auxilia ry military equipment and put on the United States Munitions List. as the Internet grew and computers became more widely available. Accordingly. cryptography is also of considerable interest to civil rights suppo rters. signcryption systems. Until recently[timeframe?]. to any adversary). chosen-plai ntext attack (CPA) security in the random oracle model). In China and Iran. this has been generally called provabl e security.e. public k ey techniques). El-Ga mal encryption. Of course. Schnorr signature. Because of its facilitation of privacy. though it has since relaxed many of these rules. public key encryption) while guaranteeing certain security properties (e..

American . it was released in the US. ho wever. 512-bit for RSA) would no longer be exp ort-controlled. The NSA was involved with the design of DES during its development at IBM and its co nsideration by the National Bureau of Standards as a possible Federal Standard f or cryptography. One involved Philip Zimmermann's Pretty Good Privacy (PGP) encryption prog ram. NSA involvement[edit source | editbeta] See also: Clipper chip Another contentious issue connected to cryptography in the United States is the influence of the National Security Agency on cipher development and policy. The technique became publicly kno wn only when Biham and Shamir re-discovered and announced it some years later. so even when such laws are in force. Bernstein.[48] Cryptography exports from the US are now much less strictly regulated than in the past as a consequence of a major relaxation in 2000.[45][46] Also. etc..[50] a powerful and general cryptanalytic technique known to the NSA and IBM . an arms control treaty that deals with the export of arms and "dual-use" technologies such as c ryptography. or RSADSI). everywhere in the world. e. includes US-sourced web browsers such as Firefox or Internet Explo rer. The 1995 case Bernstein v. No charges were ever filed. actual enforcement is often effectively impossible. a group of technique s for technologically controlling use of copyrighted material. IBM discovered differential cryptanalysis. a nd because almost every personal computer connected to the Internet.[49] DES was designed to be resistant to differential cryptanaly sis. when using sufficiently long keys with properly operating and unsubverted so ftware. an e ncryption microchip intended to be part of the Capstone cryptography-control ini tiative.[51 ] According to Steven Levy. since the relaxation in US export restrictions. These browsers and email pr ograms are so ubiquitous that even governments whose intent is to regulate civil ian use of cryptography generally don't find it practical to do much to control distribution or use of cryptography of this quality. Daniel J. The ci pher algorithm (called Skipjack) was then classified (declassified in 1998. long after the Clipper initiative lapsed). and can send and receive email e ncrypted with S/MIME. Another instance of the NSA's involvement was the 1993 Clipper chip affair. In practice today. as the scheme included a special escrow key held by the government for use by law enforcement.[47] In 1996. then a graduate student at UC Berkeley . Clipper was widely criticized by cryptographers for two reasons. examples are Transport Layer Security or SSL st ack. The whole initiative was also criticized based on its violation of Kerckhoffs's Principle. Zimmermann was criminally investigated by t he Customs Service and the FBI for several years.[43] t here are no longer very many restrictions on key sizes in US-exported mass-marke t software. that became publicly known only when it was rediscovered in the late 1980s.[46] Digital rights management[edit source | editbeta] Main article: Digital rights management Cryptography is central to digital rights management (DRM). The classified cipher caused concerns tha t the NSA had deliberately made the cipher weak in order to assist its intellige nce efforts. Many Internet users don't realize that their basic applica tion software contains such extensive cryptosystems.. almost every Internet user worldwide has access to quality cryptography (i. and found its way onto the Internet in June 1991. thirty-nine countries signed the Wassenaar Arrangement. for example in wiretaps. T he entire affair illustrates the difficulty of determining what resources and kn owledge an attacker might actually have. In 1998.) in their browsers. together with its source code. being widely impl emented and deployed at the behest of some copyright holders. The Mozilla Thunderbird and Microsoft Outlook E-mail client programs simila rly can connect to IMAP or POP servers via TLS. Inc. The treaty stipulated that the use of cryptography with short key-l engths (56-bit for symmetric encryption.[52] but k ept the technique secret at the NSA's request. After a complaint by RSA Security (then called RSA Data Security. United State s ultimately resulted in a 1999 decision that printed source code for cryptograp hic algorithms and systems was protected as free speech by the United States Con stitution.aphy. brought a lawsuit against the US government challenging some aspects of the re strictions based on free speech grounds.

Both Alan Cox (longtime number 2 in Linux kernel development) and Professor Edward Felten (and some of his stu dents at Princeton) have encountered problems related to the Act. remains a controv ersial one. In both cases. the MPAA sent out numerous DMCA takedown notices. the cryptographic keys responsible for Blu-ray and HD DVD content scrambling were discovered and released onto the Internet. and jailed for five months pending trial for alleged violations of the DMCA arising from work he had done i n Russia.[53] This had a noticeab le impact on the cryptography research community since an argument can be made t hat any cryptanalytic research violated. nonetheless. In 2007. or might violate. has public ly stated[54] that he will not release some of his research into an Intel securi ty design for fear of prosecution under the DMCA. specifically. the DMCA. Similar restrictions are called for by treaties signed by World Intellectual Property Organization member-states. and use of certain cryptanalytic te chniques and technology (now known or later discovered). Niels Ferguson. but the law. including the im plementation in the EU Copyright Directive. which criminalized all production. The United States Department of Justice and FBI have not enforced the DMCA as ri gorously as had been feared by some. a well-respected cryptography researcher. where the work was legal. Dmitry Sklyaro v was arrested during a visit to the US from Russia. dissemination. See also . those tha t could be used to circumvent DRM technological schemes. and t here was a massive internet backlash[55] triggered by the perceived impact of su ch notices on fair use and free speech. Similar sta tutes have since been enacted in several countries and regions.President Bill Clinton signed the Digital Millennium Copyright Act (DMCA).