Kerckhoffs's Desiderata
   HOME

TheInfoList



OR:

Kerckhoffs's principle (also called Kerckhoffs's desideratum, assumption, axiom, doctrine or law) of cryptography was stated by Dutch-born cryptographer
Auguste Kerckhoffs Auguste Kerckhoffs (19 January 1835 – 9 August 1903) was a Dutch linguistics, linguist and cryptographer in the late 19th century. Biography Kerckhoffs was born in Nuth, the Netherlands, as Jean Guillaume Auguste Victor François Huber ...
in the 19th century. The principle holds that a
cryptosystem In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for ...
should be secure, even if everything about the system, except the
key Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...
, is public knowledge. This concept is widely embraced by cryptographers, in contrast to
security through obscurity Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component. History An early opponent of security through ob ...
, which is not. Kerckhoffs's principle was phrased by American mathematician Claude Shannon as "the enemy knows the system", i.e., "one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them". In that form, it is called Shannon's maxim. Another formulation by American researcher and professor
Steven M. Bellovin Steven M. Bellovin is a researcher on computer networking and computer security, security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Flo ...
is:
In other words — design your system assuming that your opponents know it in detail. (A former official at NSA's National Computer Security Center told me that the standard assumption there was that serial number 1 of any new device was delivered to the Kremlin.)


Origins

Auguste Kerckhoffs was a professor of German language at
Ecole des Hautes Etudes Commerciales HEC Paris (french: École des hautes études commerciales de Paris) is a business school, and one of the most prestigious and selective grandes écoles, located in Jouy-en-Josas, France. HEC offers Master in Management, MSc International Fi ...
(HEC) in Paris. In early 1883, Kerckhoffs' article, ''La Cryptographie Militaire'', was published in two parts in the Journal of Military Science, in which he stated six design rules for military
cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...
s. p.235 Translated from French, they are: # The system must be practically, if not mathematically, indecipherable; # It should not require secrecy, and it should not be a problem if it falls into enemy hands; # It must be possible to communicate and remember the key without using written notes, and correspondents must be able to change or modify it at will; # It must be applicable to telegraph communications; # It must be portable, and should not require several persons to handle or operate; # Lastly, given the circumstances in which it is to be used, the system must be easy to use and should not be stressful to use or require its users to know and comply with a long list of rules. Some are no longer relevant given the ability of computers to perform complex encryption. The second rule, now known as Kerckhoffs's principle, is still critically important.


Explanation of the principle

Kerckhoffs viewed cryptography as a rival to, and a better alternative than, steganographic encoding, which was common in the nineteenth century for hiding the meaning of military messages. One problem with encoding schemes is that they rely on humanly-held secrets such as "dictionaries" which disclose for example, the secret meaning of words. Steganographic-like dictionaries, once revealed, permanently compromise a corresponding encoding system. Another problem is that the risk of exposure increases as the number of users holding the secrets increases. Nineteenth century cryptography, in contrast, used simple tables which provided for the transposition of alphanumeric characters, generally given row-column intersections which could be modified by keys which were generally short, numeric, and could be committed to human memory. The system was considered "indecipherable" because tables and keys do not convey meaning by themselves. Secret messages can be compromised only if a matching set of table, key, and message falls into enemy hands in a relevant time frame. Kerckhoffs viewed tactical messages as only having a few hours of relevance. Systems are not necessarily compromised, because their components (i.e. alphanumeric character tables and keys) can be easily changed.


Advantage of secret keys

Using secure cryptography is supposed to replace the difficult problem of keeping messages secure with a much more manageable one, keeping relatively small keys secure. A system that requires long-term secrecy for something as large and complex as the whole design of a cryptographic system obviously cannot achieve that goal. It only replaces one hard problem with another. However, if a system is secure even when the enemy knows everything except the key, then all that is needed is to manage keeping the keys secret. There are a large number of ways the internal details of a widely used system could be discovered. The most obvious is that someone could bribe, blackmail, or otherwise threaten staff or customers into explaining the system. In war, for example, one side will probably capture some equipment and people from the other side. Each side will also use spies to gather information. If a method involves software, someone could do memory dumps or run the software under the control of a debugger in order to understand the method. If hardware is being used, someone could buy or steal some of the hardware and build whatever programs or gadgets needed to test it. Hardware can also be dismantled so that the chip details can be examined under the microscope.


Maintaining security

A generalization some make from Kerckhoffs's principle is: "The fewer and simpler the secrets that one must keep to ensure system security, the easier it is to maintain system security." Bruce Schneier ties it in with a belief that all security systems must be designed to fail as gracefully as possible: Any security system depends crucially on keeping some things secret. However, Kerckhoffs's principle points out that the things kept secret ought to be those least costly to change if inadvertently disclosed. For example, a cryptographic algorithm may be implemented by hardware and software that is widely distributed among users. If security depends on keeping that secret, then disclosure leads to major logistic difficulties in developing, testing, and distributing implementations of a new algorithm – it is "brittle". On the other hand, if keeping the algorithm secret is not important, but only the ''keys'' used with the algorithm must be secret, then disclosure of the keys simply requires the simpler, less costly process of generating and distributing new keys.


Applications

In accordance with Kerckhoffs's principle, the majority of civilian cryptography makes use of publicly known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see
Type 1 encryption The U.S. National Security Agency (NSA) used to rank cryptographic products or algorithms by a certification called product types. Product types were defined in the National Information Assurance Glossary (CNSSI No. 4009, 2010) which used to define ...
). However, it should not be assumed that government/military ciphers must be kept secret to maintain security. It is possible that they are intended to be as cryptographically sound as public algorithms, and the decision to keep them secret is in keeping with a layered security posture.


Security through obscurity

It is moderately common for companies, and sometimes even standards bodies as in the case of the CSS encryption on DVDs, to keep the inner workings of a system secret. Some argue this "security by obscurity" makes the product safer and less vulnerable to attack. A counter-argument is that keeping the innards secret may improve security in the short term, but in the long run, only systems that have been published and analyzed should be trusted.
Steven Bellovin Steven M. Bellovin is a researcher on computer networking and security. He has been a professor in the Computer Science department at Columbia University since 2005. Previously, Bellovin was a Fellow at AT&T Labs Research in Florham Park, New Jers ...
and Randy Bush commented:


References


Notes

:


External links


Reference to Kerckhoffs's original paper, with scanned original text
* {{cite journal , last1=Caraco , first1=Jean-Claude , last2=Géraud-Stewart , first2=Rémi , last3=Naccache , first3=David , title=Kerckhoffs' Legacy , journal=Cryptology ePrint Archive , date=2020 , url=https://eprint.iacr.org/2020/556 , access-date=26 November 2022 , language=en , id=Paper 2020/556 Computer architecture statements Cryptography