HOME

TheInfoList




In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia ''-logy'' is a suffix in the English language, used with words originally adapted from Ancient Greek ending in (''- ...

cryptography
, encryption is the process of
encoding In communication Communication (from Latin Latin (, or , ) is a classical language A classical language is a language A language is a structured system of communication Communication (from Latin ''communicare'', mean ...

encoding
information. This process converts the original representation of the information, known as
plaintext In cryptography, plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphe ...
, into an alternative form known as
ciphertext In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia ''-logy'' is a suffix in the English language, used with words originally adapted from Ancient G ...
. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor. For technical reasons, an encryption scheme usually uses a
pseudo-random A pseudorandom sequence of numbers is one that appears to be statistically randomA numeric sequence is said to be statistically random when it contains no recognizable patterns or regularities; sequences such as the results of an ideal dice, dice ...
encryption
key Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map) ...
generated by an
algorithm In and , an algorithm () is a finite sequence of , computer-implementable instructions, typically to solve a class of problems or to perform a computation. Algorithms are always and are used as specifications for performing s, , , and other ...

algorithm
. It is possible to decrypt the message without possessing the key but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users. Historically, various forms of encryption have been used to aid in cryptography. Early encryption techniques were often used in military messaging. Since then, new techniques have emerged and become commonplace in all areas of modern computing. Modern encryption schemes use the concepts of
public-key File:Private key signing.svg, 250px, In this example the message is digital signature, digitally signed, but not encrypted. 1) Alice signs a message with her private key. 2) Bob can verify that Alice sent the message and that the message has ...
and symmetric-key. Modern encryption techniques ensure security because modern computers are inefficient at cracking the encryption.


History


Ancient

One of the earliest forms of encryption is symbol replacement, which was first found in the tomb of Khnumhotep II, who lived in 1900 BC Egypt. Symbol replacement encryption is “non-standard,” which means that the symbols require a cipher or key to understand. This type of early encryption was used throughout Ancient Greece and Rome for military purposes. One of the most famous military encryption developments was the
Caesar Cipher In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the ...
, which was a system in which a letter in normal text is shifted down a fixed number of positions down the alphabet to get the encoded letter. A message encoded with this type of encryption could be decoded with the fixed number on the Caesar Cipher. Around 800 AD, Arab mathematician
Al-Kindi Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī (; ar, أبو يوسف يعقوب بن إسحاق الصبّاح الكندي; la, Alkindus; c. 801–873 AD) was an Arab The Arabs (singular Arab ; singular ar, عَرَب ...
developed the technique of frequency analysis – which was an attempt to systematically crack Caesar ciphers. This technique looked at the frequency of letters in the encrypted message to determine the appropriate shift. This technique was rendered ineffective after the creation of the Polyalphabetic cipher by Leone Alberti in 1465, which incorporated different sets of languages. In order for frequency analysis to be useful, the person trying to decrypt the message would need to know which language the sender chose.


19th–20th century

Around 1790,
Thomas Jefferson Thomas Jefferson (April 13, 1743 – July 4, 1826) was an American statesman, diplomat, lawyer, architect, philosopher, and Founding Father The following list of national founding figures is a record, by country, of people who were cr ...

Thomas Jefferson
theorised a cipher to encode and decode messages in order to provide a more secure way of military correspondence. The cipher, known today as the Wheel Cipher or the
Jefferson Disk thumbnail, 320px, Jefferson's disk cipher The Jefferson disk, or wheel cypher as Thomas Jefferson named it, also known as the Bazeries Cylinder, is a cipher system using a set of wheels or disks, each with the 26 letters of the alphabet arranged a ...
, although never actually built, was theorized as a spool that could jumble an English message up to 36 characters. The message could be decrypted by plugging in the jumbled message to a receiver with an identical cipher. A similar device to the Jefferson Disk, the
M-94 The M-94 was a piece of cryptographic equipment used by the United States Army The United States Army (USA) is the land Land is the solid surface of Earth that is not permanently submerged in water. Most but not all land is situated ...

M-94
, was developed in 1917 independently by US Army Major Joseph Mauborne. This device was used in U.S. military communications until 1942. In World War II, the Axis powers used a more advanced version of the M-94 called the
Enigma Machine The Enigma machine is a cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''en ...

Enigma Machine
. The Enigma Machine was more complex because unlike the Jefferson Wheel and the M-94, each day the jumble of letters switched to a completely new combination. Each day's combination was only known by the Axis, so many thought the only way to break the code would be to try over 17,000 combinations within 24 hours. The Allies used computing power to severely limit the number of reasonable combinations they needed to check every day, leading to the breaking of the Enigma Machine.


Modern

Today, encryption is used in the transfer of communication over the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consist ...

Internet
for security and commerce. As computing power continues to increase, computer encryption is constantly evolving to prevent attacks.


Encryption in cryptography

In the context of cryptography, encryption serves as a mechanism to ensure
confidentiality Confidentiality involves a set of rules or a promise usually executed through Non-disclosure agreement, confidentiality agreements that limits access or places restrictions on certain types of information. Legal confidentiality Lawyers are o ...

confidentiality
. Since data may be visible on the Internet, sensitive information such as
password A password, sometimes called a passcode (for example in Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown specie ...

password
s and personal communication may be exposed to potential
interceptors An interceptor aircraft, or simply interceptor, is a type of fighter aircraft designed specifically for the defensive interception role against an attacking enemy aircraft, particularly bombers and reconnaissance aircraft. Aircraft that are cap ...
. The process of encrypting and decrypting messages involves
keys KEYS (1440 AM broadcasting, AM) is a radio station serving the Corpus Christi, Texas, Corpus Christi, Texas area with a talk radio, talk format. It broadcasts on AM broadcasting, AM frequency 1440 kHz and is licensed to Malkan AM Associates, L. ...
. The two main types of keys in cryptographic systems are symmetric-key and public-key (also known as asymmetric-key). Many complex cryptographic algorithms often use simple
modular arithmetic #REDIRECT Modular arithmetic #REDIRECT Modular arithmetic#REDIRECT Modular arithmetic In mathematics Mathematics (from Ancient Greek, Greek: ) includes the study of such topics as quantity (number theory), mathematical structure, structure ( ...
in their implementations.


Types


Symmetric key

In symmetric-key schemes, the encryption and decryption keys are the same. Communicating parties must have the same key in order to achieve secure communication. The German Enigma Machine utilized a new symmetric-key each day for encoding and decoding messages.


Public key

In
public-key encryption 250px, In this example the message is digitally signed, but not encrypted. 1) Alice signs a message with her private key. 2) Bob can verify that Alice sent the message and that the message has not been modified. Public-key cryptography, or ...
schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read. Public-key encryption was first described in a secret document in 1973; beforehand, all encryption schemes were symmetric-key (also called private-key). Foundations of Cryptography: Volume 2, Basic Applications. Vol. 2. Cambridge university press, 2004. Although published subsequently, the work of Diffie and Hellman was published in a journal with a large readership, and the value of the methodology was explicitly described. The method became known as the Diffie-Hellman key exchange. RSA (Rivest–Shamir–Adleman) is another notable public-key
cryptosystem In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in t ...

cryptosystem
. Created in 1978, it is still used today for applications involving
digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was ...

digital signature
s. Using
number theory Number theory (or arithmetic or higher arithmetic in older usage) is a branch of devoted primarily to the study of the s and . German mathematician (1777–1855) said, "Mathematics is the queen of the sciences—and number theory is the queen ...

number theory
, the RSA algorithm selects two
prime number A prime number (or a prime) is a natural number greater than 1 that is not a Product (mathematics), product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime ...
s, which help generate both the encryption and decryption keys. A publicly available public-key encryption application called
Pretty Good Privacy Pretty Good Privacy (PGP) is an encryption program that provides cryptographic Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the ...
(PGP) was written in 1991 by
Phil Zimmermann Philip R. Zimmermann (born 1954) is an American computer scientist A computer scientist is a person who has acquired the knowledge of computer science, the study of the theoretical foundations of information and computation and their applic ...
, and distributed free of charge with source code. PGP was purchased by Symantec in 2010 and is regularly updated.


Uses

Encryption has long been used by
militaries A military, also known collectively as armed forces, is a heavily armed, highly organized force primarily intended for warfare War is an intense armed conflict between states, government A government is the system or gro ...

militaries
and
government A government is the system or group of people governing an organized community, generally a state State may refer to: Arts, entertainment, and media Literature * ''State Magazine'', a monthly magazine published by the U.S. Departmen ...

government
s to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the
Computer Security InstituteImage:Csi logo.jpeg, 75px The Computer Security Institute (CSI) was a Professional body, professional membership organization serving practitioners of information, Computer networking, network, and computer-enabled physical security, from the level ...
reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage. Encryption can be used to protect data "at rest", such as information stored on computers and storage devices (e.g.
USB flash drives A USB flash drive is a data storage device File:Reel-to-reel recorder tc-630.jpg, On a reel-to-reel tape recorder (Sony TC-630), the recorder is data storage equipment and the magnetic tape is a data storage medium. Data storage is the re ...

USB flash drives
). In recent years, there have been numerous reports of confidential data, such as customers' personal records, being exposed through loss or theft of laptops or backup drives; encrypting such files at rest helps protect them if physical security measures fail.
Digital rights management Digital rights management (DRM) tools or technological protection measures (TPM) are a set of access control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place ...
systems, which prevent unauthorized use or reproduction of copyrighted material and protect software against
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through the application of which one attempts to understand through deductive reasoning Deductive reasoning, also deductive logic, is the process ...

reverse engineering
(see also
copy protection Copy protection, also known as content protection, copy prevention and copy restriction, describes measures to enforce copyright Copyright is a type of intellectual property Intellectual property (IP) is a category of property that in ...
), is another somewhat different example of using encryption on data at rest. Encryption is also used to protect data in transit, for example data being transferred via
networks Network and networking may refer to: Arts, entertainment, and media * Network (1976 film), ''Network'' (1976 film), a 1976 American film * Network (2019 film), ''Network'' (2019 film), an Indian film * Network (album), ''Network'' (album), a 2004 ...
(e.g. the Internet,
e-commerce E-commerce (electronic commerce) is the activity of electronically buying or selling of Product (business), products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, su ...

e-commerce
),
mobile telephone A mobile phone, cellular phone, cell phone, cellphone, handphone, or hand phone, sometimes shortened to simply mobile, cell or just phone, is a portable telephone A telephone is a telecommunications Appliance (disambiguation), devic ...
s,
wireless microphone A wireless microphone, or cordless microphone, is a microphone A microphone, colloquially called a mic or mike (), is a device – a transducer A transducer is a device that energy from one form to another. Usually a transducer convert ...
s,
wireless intercomA wireless intercom is a telecommunications Telecommunication is the transmission of information Information can be thought of as the resolution of uncertainty; it answers the question of "What an entity is" and thus defines both its essen ...
systems,
Bluetooth Bluetooth is a short-range wireless Wireless communication (or just wireless, when the context allows) is the telecommunication, transfer of information between two or more points that do not use an electrical conductor as a medium by which ...

Bluetooth
devices and bank
automatic teller machine An automated teller machine (ATM) or cash machine (in British English British English (BrE) is the standard dialect A standard language (also standard variety, standard dialect, and standard) is a language variety that has undergo ...
s. There have been numerous reports of data in transit being intercepted in recent years. Data should also be encrypted when transmitted across networks in order to protect against
eavesdropping Eavesdropping is the act of secretly or stealthily listening to the private conversation or communications of others without their consent in order to gather information. Etymology The verb ''eavesdrop'' is a back-formation from the noun ''eave ...
of network traffic by unauthorized users.


Data erasure

Conventional methods for permanently deleting data from a storage device involve overwriting the device's whole content with zeros, ones, or other patterns – a process which can take a significant amount of time, depending on the capacity and the type of storage medium. Cryptography offers a way of making the erasure almost instantaneous. This method is called
crypto-shreddingCrypto-shredding is the practice of 'deleting' data by deliberately deleting or overwriting the encryption keys. This requires that the data have been encrypted. Data comes in these three states: data at rest, data in transit and data in use. I ...
. An example implementation of this method can be found on
iOS iOS (formerly iPhone OS) is a mobile operating system A mobile operating system is an operating system An operating system (OS) is system software System software is software designed to provide a platform for other software. Examples o ...

iOS
devices, where the cryptographic key is kept in a dedicated ' effaceable storage'. Because the key is stored on the same device, this setup on its own does not offer full privacy or security protection if an unauthorized person gains physical access to the device.


Limitations

Encryption is used in the 21st century to protect digital data and information systems. As computing power increased over the years, encryption technology has only become more advanced and secure. However, this advancement in technology has also exposed a potential limitation of today's encryption methods. The length of the encryption key is an indicator of the strength of the encryption method. For example, the original encryption key, DES (Data Encryption Standard), was 56 bits, meaning it had 2^56 combination possibilities. With today's computing power, a 56-bit key is no longer secure, being vulnerable to hacking by
brute force attack Brute or The Brute may refer to: People * Brute, a pseudonym of English commercial artist Aidan HughesAidan Hughes is a commercial artist. He was born in 1956 in Merseyside, England, and was trained as an artist by his father, himself a lands ...
. Today the standard of modern encryption keys is up to 2048 bit with the RSA system. Decrypting a 2048 bit encryption key is nearly impossible in light of the number of possible combinations. However, quantum computing is threatening to change this secure nature.
Quantum computing Quantum computing is a type of computation Computation is any type of that includes both al and non-arithmetical steps and which follows a well-defined model (e.g. an ). Mechanical or electronic devices (or, , people) that perform computatio ...
utilizes properties of
quantum mechanics Quantum mechanics is a fundamental theory A theory is a reason, rational type of abstraction, abstract thinking about a phenomenon, or the results of such thinking. The process of contemplative and rational thinking is often associated with ...
in order to process large amounts of data simultaneously. Quantum computing has been found to achieve computing speeds thousands of times faster than today's supercomputers. This computing power presents a challenge to today's encryption technology. For example, RSA encryption utilizes the multiplication of very large prime numbers to create a semiprime number for its public key. Decoding this key without its private key requires this semiprime number to be factored in, which can take a very long time to do with modern computers. It would take a supercomputer anywhere between weeks to months to factor in this key. However, quantum computing can use
quantum algorithm In quantum computing, a quantum algorithm is an algorithm which runs on a realistic model of quantum computation, the most commonly used model being the quantum circuit model of computation. A classical (or non-quantum) algorithm is a finite seque ...
s to factor this semiprime number in the same amount of time it takes for normal computers to generate it. This would make all data protected by current public-key encryption vulnerable to quantum computing attacks. Other encryption techniques like
elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Finite field, Galois fields) ...
and symmetric key encryption are also vulnerable to quantum computing. While quantum computing could be a threat to encryption security in the future, quantum computing as it currently stands is still very limited. Quantum computing currently is not commercially available, cannot handle large amounts of code, and only exists as computational devices, not computers. Furthermore, quantum computing advancements will be able to be utilized in favor of encryption as well. The
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, ...

National Security Agency
(NSA) is currently preparing post-quantum encryption standards for the future. Quantum encryption promises a level of security that will be able to counter the threat of quantum computing.


Attacks and countermeasures

Encryption is an important tool but is not sufficient alone to ensure the
security Security is freedom from, or resilience against, potential Potential generally refers to a currently unrealized ability. The term is used in a wide variety of fields, from physics Physics is the natural science that studies matter, its El ...

security
or
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. When something is private to a person, it usually means that something is inherently special ...
of sensitive information throughout its lifetime. Most applications of encryption protect information only at rest or in transit, leaving sensitive data in clear text and potentially vulnerable to improper disclosure during processing, such as by a
cloud In meteorology, a cloud is an aerosol consisting of a visible mass of minute liquid drop (liquid), droplets, ice crystals, frozen crystals, or other particulates, particles suspended in the atmosphere of a planetary body or similar space. Wate ...

cloud
service for example.
Homomorphic encryption Homomorphic encryption is a form of encryption In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice a ...
and
secure multi-party computationSecure multi-party computation (also known as secure computation, multi-party computation (MPC), or privacy-preserving computation) is a subfield of cryptography with the goal of creating methods for parties to jointly compute a function over their i ...
are emerging techniques to compute on encrypted data; these techniques are general and
Turing complete Alan Mathison Turing (; 23 June 1912 – 7 June 1954) was an English mathematician A mathematician is someone who uses an extensive knowledge of mathematics Mathematics (from Ancient Greek, Greek: ) includes the study of such to ...
but incur high computational and/or communication costs. In response to encryption of data at rest, cyber-adversaries have developed new types of attacks. These more recent threats to encryption of data at rest include cryptographic attacks, stolen ciphertext attacks, attacks on encryption keys, insider attacks, data corruption or integrity attacks, data destruction attacks, and
ransomware Ransomware is a type of malware Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server (computing), server, Client (computing), client, or computer network, leak private ...
attacks. Data fragmentation and active defense data protection technologies attempt to counter some of these attacks, by distributing, moving, or mutating ciphertext so it is more difficult to identify, steal, corrupt, or destroy.


Integrity protection of ciphertexts

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a
message authentication code In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia ''-logy'' is a suffix in the English language, used with words originally adapted from Ancient Gre ...
(MAC) or a
digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was ...

digital signature
.
Authenticated encryptionAuthenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Security guarantees In addition to protecting message integrit ...
algorithms are designed to provide both encryption and integrity protection together. Standards for
cryptographic softwareEncryption software is software that uses cryptography to prevent unauthorized access to digital information. Cryptography is used to protect digital information on computers as well as the digital information that is sent to other computers over the ...
and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single error in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See for example
traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, which can be performed even when the messages are encrypted. In general, the greater the number of messages obser ...
,
TEMPESTTEMPEST (Telecommunications Electronics Materials Protected from Emanating Spurious Transmissions) is a U.S. National Security Agency specification and a NATO certification referring to spying on information systems through leaking emanations, includ ...

TEMPEST
, or
Trojan horse The Trojan Horse was the wooden horse used by the Greeks, during the Trojan War, to enter the city of Troy and win the war. There is no Trojan Horse in Homer's ''Iliad'', with the poem ending before the war is concluded. But in the ''Aeneid'' ...
. Integrity protection mechanisms such as MACs and
digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was ...

digital signature
s must be applied to the ciphertext when it is first created, typically on the same device used to compose the message, to protect a message
end-to-end End-to-end or End to End may refer to: * End-to-end auditable voting systems, a voting system * End-to-end delay, the time for a packet to be transmitted across a network from source to destination * End-to-end encryption, a cryptographic paradigm ...
along its full transmission path; otherwise, any node between the sender and the encryption agent could potentially tamper with it. Encrypting at the time of creation is only secure if the encryption device itself has correct
keys KEYS (1440 AM broadcasting, AM) is a radio station serving the Corpus Christi, Texas, Corpus Christi, Texas area with a talk radio, talk format. It broadcasts on AM broadcasting, AM frequency 1440 kHz and is licensed to Malkan AM Associates, L. ...
and has not been tampered with. If an endpoint device has been configured to trust a
root certificate In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA). Root certificates are self-signed certificate, self-signed (and it is possible for a certificate to have multi ...
that an attacker controls, for example, then the attacker can both inspect and tamper with encrypted data by performing a
man-in-the-middle attack In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia ''-logy'' is a suffix in the English language, used with words originally adapted from Ancient Gre ...
anywhere along the message's path. The common practice of TLS interception by network operators represents a controlled and institutionally sanctioned form of such an attack, but countries have also attempted to employ such attacks as a form of control and censorship.


Ciphertext length and padding

Even when encryption correctly hides a message's content and it cannot be tampered with at rest or in transit, a message's ''length'' is a form of
metadata Metadata is "data Data (; ) are individual facts, statistics, or items of information, often numeric. In a more technical sense, data are a set of values of qualitative property, qualitative or quantity, quantitative variable (research), v ...

metadata
that can still leak sensitive information about the message. For example, the well-known
CRIME In ordinary language, a crime is an unlawful act punishable by a state State may refer to: Arts, entertainment, and media Literature * ''State Magazine'', a monthly magazine published by the U.S. Department of State * The State (newspaper ...

CRIME
and
BREACH BREACH (a backronym A backronym, or bacronym, is an acronym An acronym is a word or name formed from the initial components of a longer name or phrase, usually using individual initial letters, as in NATO (North Atlantic Treaty Organization) ...
attacks against
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol The Hypertext Transfer Protocol (HTTP) is an application layer An application layer is an abstraction layer that specifies the shared commu ...
were
side-channel attack In computer security Computer security, cybersecurity, or information technology security (IT security) is the protection of computer system A computer is a machine that can be programmed to carry out Sequence, sequences of arithmet ...
s that relied on information leakage via the length of encrypted content.
Traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication, which can be performed even when the messages are encrypted. In general, the greater the number of messages obser ...
is a broad class of techniques that often employs message lengths to infer sensitive implementation about traffic flows by aggregating information about a large number of messages.
Padding Padding is thin cushioned material sometimes added to clothes. Padding may also be referred to as batting when used as a layer in lining quilts or as a packaging or stuffing material. When padding is used in clothes, it is often done in an attempt ...
a message's payload before encrypting it can help obscure the cleartext's true length, at the cost of increasing the ciphertext's size and introducing or increasing bandwidth overhead. Messages may be padded
randomly In common parlance, randomness is the apparent or actual lack of pattern or predictability in events. A random sequence of events, symbols or steps often has no :wikt:order, order and does not follow an intelligible pattern or combination. I ...
or deterministically, with each approach having different tradeoffs. Encrypting and padding messages to form padded uniform random blobs or PURBs is a practice guaranteeing that the cipher text leaks no
metadata Metadata is "data Data (; ) are individual facts, statistics, or items of information, often numeric. In a more technical sense, data are a set of values of qualitative property, qualitative or quantity, quantitative variable (research), v ...

metadata
about its cleartext's content, and leaks asymptotically minimal O(\log\log M)
information Information is processed, organised and structured data Data (; ) are individual facts A fact is something that is truth, true. The usual test for a statement of fact is verifiability—that is whether it can be demonstrated to c ...
via its length.


See also

*
Cryptosystem In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in t ...

Cryptosystem
*
Cold boot attack In computer security Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems and computer network, networks from information disclosure, theft of or damage to their computer h ...
*
Cyberspace Electronic Security Act The Cyberspace Electronic Security Act of 1999 (CESA) is a bill proposed by the Clinton administration The presidency of Bill Clinton began at noon Eastern Time Zone, EST (17:00 UTC) on January 20, 1993, when Bill Clinton was First inauguration ...
(US) *
Dictionary attack In cryptanalysis cipher machine Cryptanalysis (from the Greek language, Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information system An information system (IS) is a formal, sociotechnic ...
*
Disk encryption Disk encryption is a technology which protects information by converting it into unreadable code that cannot be deciphered easily by unauthorized people. Disk encryption uses disk encryption software Disk encryption software is computer security so ...
*
Encrypted functionAn encrypted function is an attempt to provide mobile code In distributed computing, code mobility is the ability for running Computer program, programs, code or objects to be data migration, migrated (or moved) from one machine or application to ano ...
*
Export of cryptography The export of cryptography is the transfer from one country to another of devices and technology related to cryptography. In the early days of the Cold War, the United States and its allies developed an elaborate series of export control regulatio ...
*
Geo-blocking Geo-blocking or geoblocking is technology that restricts access to Internet The Internet (Capitalization of Internet, or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) t ...
*
Indistinguishability obfuscation Indistinguishability obfuscation (IO) is a cryptographic primitive that provides a formal notion of program obfuscation. Informally, obfuscation hides the implementation of a program while still allowing users to run it. Candidate constructions ...
*
Key management Key management refers to management of cryptographic keys A key in cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is ...
* Multiple encryption * Physical Layer Encryption *
Rainbow table A rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function (or credit card numbers, etc.) up to a certain ...
*
Rotor machine In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia ''-logy'' is a suffix in the English language, used with words originally adapted from Ancient Gr ...
*
Substitution cipher In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia ''-logy'' is a suffix in the English language, used with words originally adapted from Ancient Gre ...
*
Television encryption Television encryption, often referred to as " scrambling", is encryption In cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectiv ...
*
Tokenization (data security) Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a Security token, token, that has no extrinsic or exploitable meaning or value. The token is a ...


References


Further reading

* * Kahn, David, ''The Codebreakers - The Story of Secret Writing'' () (1967) * Preneel, Bart, "Advances in Cryptology — EUROCRYPT 2000", Springer Berlin Heidelberg, 2000, * Sinkov, Abraham, ''Elementary Cryptanalysis: A Mathematical Approach'', Mathematical Association of America, 1966. * {{Authority control Cryptography Data protection