[Home]Cryptography/Key

HomePage | Cryptography | Recent Changes | Preferences
A cryptographic key is a small amount of information that is used by an algorithm that encrypts or decrypts a message, or "plaintext". If the decryption key is lost, encrypted data will not in practice be convertible back to its original form -- at least for high quality encryption algorithms and large enough key sizes. Most cryptographic algorithms use a single key which is used both to encrypt and decrypt the data: they are known as symmetric algorithms. An attacker who obtains the key can recover the original message from the encrypted data, since as a matter of principle the details of the cryptographic algorithm used is assumed to be already available to the attacker. This design assumption is usually known in crypto circles as Kerchoff's Law, or in more colloquial form, Shannon's Maxim.

A new class of cryptographic encryption algorithms was discovered in the 1970s which use a pair of keys, one to encrypt and one to decrypt. Some of these asymmetric key algorithms have the property that it is not possible to determine one key from the other (so far as is currently known). Such an algorithm allows one key to be made public while retaining the private key in only one location.

Typical key sizes for estimated equivalent security against a particular kind of attack (ie, brute force key space search) are 128 bits for symmetric ciphers and 2056 bits or more for public key cryptography. Elliptic curve cryptography may allow much small size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of brute force searching for their keys may not survive. In other words, a theoretical breakthrough may make everything you've encrypted an open book.

If the key size is too small, the algorithm may be vulnerable to a 'brute-force' attack in which all possible values of the key are tried one by one, or a 'birthday' attack, where the fact that probability of a collision between a large group of values goes up roughly as the square of the number of possible values. Many algorithms permit reduced effort attacks as compared to brute force search. If the effort is sufficiently reduced, the algorithm will be 'insecure' against that improved attack and should not be used. It may be expected that algorithms for which no improved attack is now known, and for which a brute force attack is impractical, will be found to be insecure when some new cryptoanalytic technique is developed. The problem of choosing a cryptographic algorithm reduces itself, in actual practice, to estimation of how likely such an advance will be over the relevant time. Personal secrets need be kept confidental for different durations than tactical deployment information in a battle, and still differently than some commercially valuable information (eg, the formula for Coke). There are no good answers to this problem. Intelligent, cryptographically informed, choosers limit their choice to publicly known and publicly unbroken but well studied algorithms. Only algorithms from this group can be credibly thought secure. All others are either not sufficiently well tested, or are from secret organizations with adequate testing resources but also with ulterior motives.

/Talk

HomePage | Cryptography | Recent Changes | Preferences
This page is read-only | View other revisions
Last edited December 18, 2001 9:57 am by Hagedis (diff)
Search: