Cryptography Reference
In-Depth Information
Some other cryptographic notions are also considered. They are dedicated to spe-
cial problems. We make here a brief list which is far from exhaustive in order to suggest
possible original problems in modern cryptography. It illustrates the rich variety of
modern cryptographic problems.
Nonrepudiation.
In the case of a dispute on the origin of the document, someone
should be able to formally prove that he is not the author. This repudiation
proof should be made impossible if he actually is the author.
Electronic payment.
The notion of electronic coin should be protected against, for
instance, double spending, because it is easy to copy digital information.
Anonymity.
Privacy protection may require anonymity enforcement.
Electronic votes.
Democracy protection requires that ballots should be anonymous,
that a single person should not vote more than once, and that people should
not be able to prove for whom they voted afterwards (otherwise they could be
subject to threats or corruption).
Zero-knowledge.
We want to make sure that no information leaks out of a security
protocol.
1.2.2 Assumptions of Modern Cryptography
Cryptography in communication systems relies on some fundamental principles.
The n
2
Problem
In a network of
n
users, there is a number of potential pairs of users within the order of
magnitude of
n
2
. Obviously we cannot make a dedicated secure channel between any
pair of users. This means that we cannot invent a new cryptosystem for every pair of
users.
We should better use a common cryptosystem, but enable the distinction between
pairs of users by making them choose their own
secret key
like in the Vigenere cipher
or the Enigma cipher. In addition, this paradigm benefits from the fact that not every
user needs to be a mathematician in order to make a new cryptosystem.
We deduce a need for the cryptosystem to be shared among a large number of
users, and a need for the cryptosystem to depend on an easily selectable parameter
called a secret key.
The Kerckhoffs Principle
Assuming the cryptosystem is designed by a third party, from a third company, in a
third country jurisdiction, since it is furthermore implemented in
n
points of a network,
security should definitely not rely on the secrecy of the cryptosystem itself. The pro-
tection of the cryptosystem structure may be considered as an extra security protection,
but should not be necessary for security.
Search WWH ::
Custom Search