Cryptography Reference
In-Depth Information
and distributed on mere sheets of paper, and keys renewed with relative
ease.
20
The strategic importance of ciphers also invigorated attempts to
defeat them, and the 1863 break of the Vigenère signaled the onset of the
race between cryptographers and cryptanalysts.
Perhaps the most significant theoretical development to emerge
from such widespread fielding of cryptographic technologies is Auguste
Kerckhoffs's desiderata listed in his 1883
Cryptographie militaire.
In a paper
whose genre oscillates between the survey, the pamphlet, and the text-
book, Kerckhoffs lists six desirable design criteria that cryptographic
systems designers should bear in mind:
(1) the system must be practically, if not mathematically, unbreakable; (2) its com-
promise at the hands of the enemy must not be cause of inconvenience; (3) it must
be possible to communicate and remember the key without the help of written
notes, and to change or modify it depending on the communicating parties; (4) it
must be applicable to telegraphic communications; (5) it must be portable, and its
operation must not require the help of several people; and (6) it is necessary, given
the circumstances which dictate its application, that the system be of easy use,
requiring neither tension of the mind nor knowledge of a long series of rules to
observe.
21
As we shall observe throughout this topic, Kerckhoffs's desiderata would
lose little of their relevance over the years. Principle 1 stems from Kerck-
hoffs's impatience with claims of mathematically “unbreakable” ciphers,
and the importance of submitting proposed systems to sustained cryptana-
lytic attack by the community.
22
Principle 2 is usually cited as Kerckhoffs's
major contribution to cryptographic design: the idea that effective security
must depend on confidentiality of the key only, rather than on keeping
secret the characteristics of the system itself. The principle articulates what
is perhaps the earliest critique of “security through obscurity,” an approach
routinely decried in modern cryptographic practice. Taken together
however, the six principles offer a holistic view of the technical, organiza-
tional, and human-factor issues encountered in the large-scale deployment
and operation of cryptographic systems, issues with the potential to nega-
tively impact security if not properly addressed by systems designers.
Indeed, Kerckhoffs suggests somewhat sarcastically that the task of design-
ing a cryptosystem both “easy and secure” may resemble “the philosophi-
cal stone of ancient chemists.”
23
