Cryptography Reference
In-Depth Information
primitives are the basic generic tools in that kit. Examples of cryptographic
primitives that we will later discuss are block ciphers, stream ciphers, message
authentication codes, hash functions and digital signature schemes.
A
cryptographic algorithm
is the particular specification of a cryptographic
primitive. A cryptographic algorithm is essentially a 'recipe' of computational
steps (rules such as 'add these two values together' or 'replace this value by an
entry from this table'). An algorithm is a sufficiently detailed specification
that a computer programmer could implement it. For example, AES is a
cryptographic algorithm that specifies a block cipher. The term
cipher
is
sometimes associated with a cryptographic algorithm, particularly historical
algorithms such as those that we discuss in Chapter 2.
A
cryptographic protocol
is a sequence of message exchanges and operations
between one or more parties, at the end of which a series of security goals
should have been achieved. Examples of cryptographic protocols that we
will discuss include the STS protocol (see Section 9.4.2) and SSL/TLS (see
Section 12.1). Cryptographic protocols typically employ a number of different
cryptographic primitives at various stages. If cryptographic primitives are tools
in the cryptography toolkit, then a cryptographic protocol is a way of taking a
number of these tools and using them in a specific way in order to achieve more
complex security goals. We discuss cryptographic protocols in Chapter 9.
A
cryptosystem
(or
cryptographic scheme
) is often used rather generically to refer to
the implementation of some cryptographic primitives and their accompanying
infrastructure. Thus, while a cryptosystem that is being used to provide data
confidentiality might use a block cipher, the 'cryptosystem' may also include
the users, the keys, the key management, etc. This term is most often used
in association with cryptographic primitives that provide data confidentiality.
A cryptosystem is sometimes also referred to as a
cipher system
.
1.4.2
Cryptographic primitives for security services
Having introduced the notion of a cryptographic primitive, we now indicate which
common cryptographic primitives can be used to implement the various security
services defined in Section 1.3.1. Table 1.1 provides a mapping from our list of
security services onto some of the cryptographic primitives that we will encounter
in the remainder of the topic. It shows the commonuse of cryptographic primitives
used on their own
to achieve security services. Note that we use the generic
term 'encryption' in Table 1.1 to represent a range of cryptographic primitives,
including block ciphers, stream ciphers and public-key encryption.
The immediately striking aspect of Table 1.1 is its sparseness with respect to
'Yes' entries. In particular, none of these primitives provides entity authentication
when used on their own. However, if we relax the requirement
used on their own
and replace this with
can be used to help provide
then we obtain the much more
'positive' Table 1.2.
