Adam Adler: "The Kerckhoffs's Principle" by DigitalBank Vault
Adam Adler( Miami, Florida): Kerckhoffs's principle (also called Kerckhoffs's desideratum, assumption, axiom, doctrine or law) of cryptography was stated by the Netherlands born cryptographer Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Kerckhoffs's principle was reformulated (or possibly independently formulated) by American mathematician Claude Shannon as "the enemy knows the system", "one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them". In that form, it is called Shannon's maxim. This concept is widely embraced by cryptographers, in contrast to "security through obscurity", which is not.
Kerckhoffs’s best-known publications are two journal articles published in 1883 in the French "Le Journal des Sciences Militaires" under the common title "La Cryptographie Militaire" (Military cryptography). The articles covered the solutions of military cryptography that were most up-to-date at that time. They gave a practical, experience-based approach, including six design principles for military ciphers:
The system must be practical, if not mathematically, indecipherable.
It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.
Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents.
Apparatus and documents must be portable, and its usage and function must not require the concourse of several people.
Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
The second axiom is currently known as Kerckhoffs's principle.
Kerckhoffs's principle today
Kerckhoffs's principle is applied in virtually all contemporary encryption algorithms (DES, AES, etc.). These algorithms are considered to be secure and thoroughly investigated. The security of the encrypted message depends solely on the security of the secret encryption key (it's quality).
Keeping algorithms secret may act as a significant barrier to cryptanalysis, but only if such algorithms are used in a strictly limited circle, which protects the algorithm from being revealed. Most government ciphers are kept secret. Commercial encryption algorithms, released to the market, have mostly been broken quite swiftly.
Kerckhoffs’ known-design principle
The confidentiality of keyless ciphers is completely based on the secrecy of the
scheme itself, since it is enough to know the decryption process in order to
decrypt - no key is required. However, even for keyed cryptosystems, it seems
harder to attack without knowing the design. Therefore, in
‘classical’ cryptography, cryptosystems were kept secret and not published, to
make cryptanalysis harder.
Need more information? Contact us at email@example.com
Did the knowledge of the cipher significantly ease the cryptanalysis
One of the recent and quite famous examples of this policy is the encryption algorithms in the GSM network, which were kept secret - until they
were eventually leaked. Indeed, soon after this leakage, multiple attacks were
published; possibly the most important and interesting being a practical ciphertext only (CTO) attack.
One may conclude from this that, indeed, ciphers should remain secret; however, most experts believe that the opposite is true, i.e., that GSM designers should have used a published cryptosystem.
In fact, newer cellular networks indeed use cryptosystems with published specifications. The idea that ciphers should be designed for security even when known to attackers was presented already in 1883, by the Dutch cryptographer Auguste Kerckhoffs.
This is now known as Kerckhoffs’ principle and considered one of the basic principles of cryptography:
When designing or evaluating the security of (cryptographic) systems, assume the adversary knows the design – everything except the secret keys.
We intentionally put the word ‘cryptographic’ in parenthesis; this is since
the principle is mostly accepted today also with regard to non-cryptographic
security systems such as operating systems and network security devices.
There are several reasons why DigitalBank Vault adopted Kerckhoffs’ principle. Kerckhoffs’ original motivation was apparently the realization that cryptographic devices are likely to be captured by the enemy, and if the secrecy of the design is assumed, this renders them inoperable - exactly in conflict situations, when they are most needed.
The GSM scenario, as described above, fits this motivation; indeed,
GSM designers did not even plan a proper ‘migration plan’ for changing from
the exposed ciphers to new, hopefully, secure ciphers.
Indeed, it appears that one reason to adopt Kerckhoffs’ principle when designing a system is simply that this makes the designers more aware of possible
attacks - and usually, results in more secure systems.
Contemporary Applications for Kerckhoff’s Principle
In practice, Kerckhoff’s principle has been applied to virtually all the encryption algorithms in use today. Under systems like AES or RSA (which are publicly distributed standards), the security lies in the complexity of the algorithm itself, rather than in keeping it secret. The same holds true for internet communication and security standards like HTTPS, SSL, and TLS.
Any secrecy required involves the encryption key which is used in transmission/reception. For internet purposes, this key may be generated randomly by your web browser and the remote server, each time you connect to a secure site.
The actual principles that underlie these standards for good cryptographic system design will probably prove timeless, however. All it takes is a little bit of updating of the terminology, especially to avoid tying these principles too strongly to a particular period in history:
The system should be, if not theoretically unbreakable, unbreakable in practice. As the practical possibility of breaking the system looms, the system should be replaced. The second sentence is not strictly necessary but helps to make the core point more clear. Security technology cannot, in practice, remain both static and effective. It must stay ahead of the "competition" -- those who would seek to crack security.
The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents. You might notice that this principle doesn't actually require any updating to remain relevant or tease out the actual underlying idea. This may be why it has become one of the most highly regarded and well-known ideas in cryptographic theory in particular, and for security policy in general. It is important to note that the individual key required to use the system (so long as it is not statically designed into the system) is not part of the design of the system, and is necessarily not covered by this rule.
A necessary element of using the system, known only to one person, should be memorable without notes and easily changeable. The actual cryptographic key used with a cryptographic system must often be well beyond the realm of easy memorability or changeability for the majority of people who will use it. A key for the key, however -- such as the passphrase used to employ the private key in an OpenPGP system -- should exist in such cases, so that an individual can hold a necessary part of the operation of the system in his or her head, reasonably protected against the possibility of being intercepted, guessed, or cracked by unauthorized people.
The cryptograms should be transmittable by both common and state of the art communications technology, and easily adapted to new means of communication, including stenographic communication. Specialized cryptographic systems may be limited to communication media particular to their specialized purposes, but should not be limited to their particular moment in time. The telegraph is neither state of the art nor common as a means of communication these days. The real purpose of that statement at the time Kerckhoffs initially stated it was to ensure the practical usefulness of a cryptographic system under prevailing conditions for military use. Because we should be concerned with more than merely prevailing conditions at this time, the requirement for use across various communications media must be unshackled from their time period as much as possible.
The tools of the system should be not only portable and operable by a single person, but usable under unpredictable circumstances. For purposes of practicality, it is unreasonable to expect all users of a given, general-purpose cryptographic system to rely on a secret, physically secured apparatus accessible only via sneakernet for the system to remain sufficiently secured. Times have changed, and they will continue to change. If the conditions of use of a given cryptographic system are always assumed to conform to particular, restricted circumstances, that cryptographic system simply will not stand the test of time.
The system should be easy to use, neither requiring knowledge of a long list of rules nor involving mental strain. Aside from the addition of the words "to use", distinguishing between what the user must do and what is done behind the scenes by the tools employed in the use of the cryptographic system, nothing needs to be changed here. The actual operation of the cryptographic system itself by its human operators should not be so complicated in day to day use that having detailed documentation on hand is necessary to avoid doing it wrong. Basic familiarity, good habits, and the memorized secret key to the system should be the totality of the knowledge and skills necessary to use the system.
The best, most widely used cryptographic systems in the world today largely conform to these principles, though many of them are getting a bit long in the tooth and brush up against some of the limits of these principles. When selecting a new cryptographic system to use, you should always check it against these principles to determine if it will serve your needs not only today but in the future as well.