Security

Six principles of practical ciphers

Many cryptographers and other security experts are familiar with what has come to be known as Kerckhoffs' Principle. Many, however, do not know that there are actually six such principles. The core ideas of these principles are still relevant today, more than 125 years after he first articulated them.

Auguste Kerckhoffs' name is most widely known because of what we call Kerckhoffs' Principle:

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

This is actually an elaboration upon the second of a set of six principles he originally articulated in La Cryptographie Militaire, an 1883 article that surveyed was was at the time the state of the art of military cryptography, and that argued for improvements in French military cryptosystems. Auguste Kerckhoffs' six principles of practical cipher design may seem a little dated by today's standards:

  1. The system should be, if not theoretically unbreakable, unbreakable in practice.
  2. The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents (Kerckhoffs' principle).
  3. The key should be memorable without notes and should be easily changeable
  4. The cryptograms should be transmittable by telegraph
  5. The apparatus or documents should be portable and operable by a single person
  6. The system should be easy, neither requiring knowledge of a long list of rules nor involving mental strain

The actual principles that underlie these standards for good cryptographic system design will probably prove timeless, however. All it takes is a little bit of updating of the terminology, especially to avoid tying these principles too strongly to a particular period in history:

  1. The system should be, if not theoretically unbreakable, unbreakable in practice. As the practical possibility of breaking the system looms, the system should be replaced. The second sentence is not strictly necessary, but helps to make the core point more clear. Security technology cannot, in practice, remain both static and effective. It must stay ahead of the "competition" -- those who would seek to crack security.
  2. The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents. You might notice that this principle doesn't actually require any updating to remain relevant or tease out the actual underlying idea. This may be why it has become one of the most highly regarded and well known ideas in cryptographic theory in particular, and for security policy in general. It is important to note that the individual key required to use the system (so long as it is not statically designed into the system) is not part of the design of the system, and is necessarily not covered by this rule.
  3. A necessary element of using the system, known only to one person, should be memorable without notes and easily changeable. The actual cryptographic key used with a cryptographic system must often be well beyond the realm of easy memorability or chageability for the majority of people who will use it. A key for the key, however -- such as the passphrase used to employ the private key in an OpenPGP system -- should exist in such cases, so that an individual can hold a necessary part of the operation of the system in his or her head, reasonably protected against the possibility of being intercepted, guessed, or cracked by unauthorized people.
  4. The cryptograms should be transmittable by both common and state of the art communications technology, and easily adapted to new means of communication, including stenographic communication. Specialized cryptographic systems may be limited to communication media particular to their specialized purposes, but should not be limited to their particular moment in time. The telegraph is neither state of the art nor common as a means of communication these days. The real purpose of that statement at the time Kerckhoffs initially stated it was to ensure the practical usefulness of a cryptographic system under prevailing conditions for military use. Because we should be concerned with more than merely prevailing conditions at this time, the reuirement for use across various communications media must be unshackled from their time period as much as possible.
  5. The tools of the system should be not only portable and operable by a single person, but usable under unpredictable circumstances. For purposes of practicality, it is unreasonable to expect all users of a given, general purpose cryptographic system to rely on a secret, physically secured apparatus accessible only via sneakernet for the system to remain sufficiently secured. Times have changed, and they will continue to change. If the conditions of use of a given cryptographic system are always assumed to conform to particular, restricted circumstances, that cryptographic system simply will not stand the test of time.
  6. The system should be easy to use, neither requiring knowledge of a long list of rules nor involving mental strain. Aside from the addition of the words "to use", distinguishing between what the user must do and what is done behind the scenes by the tools employed in the use of the cryptographic system, nothing needs to be changed here. The actual operation of the cryptographic system itself by its human operators should not be so complicated in day to day use that having detailed documentation on hand is necessary to avoid doing it wrong. Basic familiarity, good habits, and the memorized secret key to the system should be the totality of the knowledge and skills necessary to use the system.

The best, most widely used cryptographic systems in the world today largely conform to these principles, though many of them are getting a bit long in the tooth and brush up against some of the limits of these principles. When selecting a new cryptographic system to use, you should always check it against these principles to determine if it will serve your needs not only today, but in the future as well.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

21 comments
deepsand
deepsand

While the former are a type of the latter, not all of the latter are the former. Was Kerckhoff speaking of ciphers only, as implied by the title "Six principles of practical ciphers?" If not, then conditions nos. 3 & 6 would seem to be most difficult to be attained for other than ciphers.

BALTHOR
BALTHOR

Computers can not be broken into until the computer chips are compromised by virus.

santeewelding
santeewelding

Before I do, I applaud you for another good piece. The telegraph (was) serial. That still holds. The memorized secret key is vulnerable to one-by-one -- serial -- extraction of your teeth. And your fingernails, said key long enough.

apotheon
apotheon

Obviously, Auguste Kerckhoffs wasn't aware that top-ten lists outsell top-six lists when he came up with the original list of six principles in that 1883 article. Maybe we should come up with four more principles to add to the list.

apotheon
apotheon

He was talking about ciphers. A cipher is not a type of cryptogram. A cipher is an algorithm used to produce cryptograms. edit: At first, I didn't answer because I couldn't think of a kind way to say the above. Then, I had forgotten about your question, so I never got back to it.

apotheon
apotheon

The memorized secret key is vulnerable to one-by-one -- serial -- extraction of your teeth. And your fingernails, said key long enough. That technique is known to some as "rubber hose cryptanalysis".

bboyd
bboyd

Keep It Simple Stupid, and other variations apply. Like most things simplicity is its own benefit.

deepsand
deepsand

ci?pher also cy?pher (sfr) n. 1. The mathematical symbol (0) denoting absence of quantity; zero. 2. An Arabic numeral or figure; a number. 3. One having no influence or value; a nonentity. [b]4. a.[/b] A cryptographic [b]system[/b] in which units of plain text of regular length, usually letters, are arbitrarily transposed or substituted according to a predetermined code. [b]b.[/b] The [b]key[/b] to such a system. [b]c.[/b] A [b]message[/b] written or transmitted in such a system. 5. A design combining or interweaving letters or initials; a monogram. v. ci?phered also cy?phered, ci?pher?ing also cy?pher?ing, ci?phers also cy?phers v.intr. To solve problems in arithmetic; calculate. See Synonyms at calculate. v.tr. 1. To put in secret writing; encode. 2. To solve by means of arithmetic. I was using ciphers long before you were even morning sickness.

deepsand
deepsand

I leave it to you to decrypt that.

santeewelding
santeewelding

Signs of age and debilitation show. He and I can be excused. You can't. Who would be left to carry on outrage and the outrageous?

apotheon
apotheon

Why are you acting like I said "I don't understand what you're saying!"? I don't recall saying any such thing.

deepsand
deepsand

giving careful attention to [b]4a thru 4c[/b]? If so, then you deliberately ignored them. If not, then your comment is unfounded. Either way, you have no complaint. PS : If you did read and understand them, then you should, with a modicum of effort, be able to deduce my mention of your needing to attend the the form of your article, etal..

apotheon
apotheon

Do you know anything about modern cryptography?

apotheon
apotheon

We're speaking within the context of cryptography. Please try to keep up when we use the language of cryptography to refer to cryptography -- rather than using friggin' nontechnical slang.

deepsand
deepsand

Keep looking at your original article and title; it might come to you eventually. Not that I'd expect you to admit it, of course.

apotheon
apotheon

You still aren't vague enough to hide the fact you're making it up as you go along. Santeewelding is much better at artificial vagueness than you.

apotheon
apotheon

Without notification of new comments in a discussion, I tend to forget all about most discussions online. I'm involved in so many at any given time that it's quite difficult to keep track of what requires me to return and pick up where I left off again, if I don't get some kind of automated reminder -- so I don't bother trying to remember, generally. Debilitating effects of age haven't caught up with the lack of attention to the current state of all discussions, which is the bottleneck at present.