Strong cryptography

Last updated

Strong cryptography or cryptographically strong are general terms used to designate the cryptographic algorithms that, when used correctly, provide a very high (usually insurmountable) level of protection against any eavesdropper, including the government agencies. [1] There is no precise definition of the boundary line between the strong cryptography and (breakable) weak cryptography, as this border constantly shifts due to improvements in hardware and cryptanalysis techniques. [2] These improvements eventually place the capabilities once available only to the NSA within the reach of a skilled individual, [3] so in practice there are only two levels of cryptographic security, "cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files" (Bruce Schneier). [2]

Contents

The strong cryptography algorithms have high security strength, for practical purposes usually defined as a number of bits in the key. For example, the United States government, when dealing with export control of encryption, considered as of 1999 any implementation of the symmetric encryption algorithm with the key length above 56 bits or its public key equivalent [4] to be strong and thus potentially a subject to the export licensing. [5] To be strong, an algorithm needs to have a sufficiently long key and be free of known mathematical weaknesses, as exploitation of these effectively reduces the key size. At the beginning of the 21st century, the typical security strength of the strong symmetrical encryption algorithms is 128 bits (slightly lower values still can be strong, but usually there is little technical gain in using smaller key sizes). [5] [ needs update ]

Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good algorithms and protocols are required (similarly, good materials are required to construct a strong building), but good system design and implementation is needed as well: "it is possible to build a cryptographically weak system using strong algorithms and protocols" (just like the use of good materials in construction does not guarantee a solid structure). Many real-life systems turn out to be weak when the strong cryptography is not used properly, for example, random nonces are reused [6] A successful attack might not even involve algorithm at all, for example, if the key is generated from a password, guessing a weak password is easy and does not depend on the strength of the cryptographic primitives. [7] A user can become the weakest link in the overall picture, for example, by sharing passwords and hardware tokens with the colleagues. [8]

Background

The level of expense required for strong cryptography originally restricted its use to the government and military agencies, [9] until the middle of the 20th century the process of encryption required a lot of human labor and errors (preventing the decryption) were very common, so only a small share of written information could have been encrypted. [10] US government, in particular, was able to keep a monopoly on the development and use of cryptography in the US into the 1960s. [11] In the 1970, the increased availability of powerful computers and unclassified research breakthroughs (Data Encryption Standard, the Diffie-Hellman and RSA algorithms) made strong cryptography available for civilian use. [12] Mid-1990s saw the worldwide proliferation of knowledge and tools for strong cryptography. [12] By the 21st century the technical limitations were gone, although the majority of the communication were still unencrypted. [10] At the same the cost of building and running systems with strong cryptography became roughly the same as the one for the weak cryptography. [13]

The use of computers changed the process of cryptanalysis, famously with Bletchley Park's Colossus. But just as the development of digital computers and electronics helped in cryptanalysis, it also made possible much more complex ciphers. It is typically the case that use of a quality cipher is very efficient, while breaking it requires an effort many orders of magnitude larger - making cryptanalysis so inefficient and impractical as to be effectively impossible.

Cryptographically strong algorithms

This term "cryptographically strong" is often used to describe an encryption algorithm, and implies, in comparison to some other algorithm (which is thus cryptographically weak), greater resistance to attack. But it can also be used to describe hashing and unique identifier and filename creation algorithms. See for example the description of the Microsoft .NET runtime library function Path.GetRandomFileName. [14] In this usage, the term means "difficult to guess".

An encryption algorithm is intended to be unbreakable (in which case it is as strong as it can ever be), but might be breakable (in which case it is as weak as it can ever be) so there is not, in principle, a continuum of strength as the idiom would seem to imply: Algorithm A is stronger than Algorithm B which is stronger than Algorithm C, and so on. The situation is made more complex, and less subsumable into a single strength metric, by the fact that there are many types of cryptanalytic attack and that any given algorithm is likely to force the attacker to do more work to break it when using one attack than another.

There is only one known unbreakable cryptographic system, the one-time pad, which is not generally possible to use because of the difficulties involved in exchanging one-time pads without their being compromised. So any encryption algorithm can be compared to the perfect algorithm, the one-time pad.

The usual sense in which this term is (loosely) used, is in reference to a particular attack, brute force key search especially in explanations for newcomers to the field. Indeed, with this attack (always assuming keys to have been randomly chosen), there is a continuum of resistance depending on the length of the key used. But even so there are two major problems: many algorithms allow use of different length keys at different times, and any algorithm can forgo use of the full key length possible. Thus, Blowfish and RC5 are block cipher algorithms whose design specifically allowed for several key lengths, and who cannot therefore be said to have any particular strength with respect to brute force key search. Furthermore, US export regulations restrict key length for exportable cryptographic products and in several cases in the 1980s and 1990s (e.g., famously in the case of Lotus Notes' export approval) only partial keys were used, decreasing 'strength' against brute force attack for those (export) versions. More or less the same thing happened outside the US as well, as for example in the case of more than one of the cryptographic algorithms in the GSM cellular telephone standard.

The term is commonly used to convey that some algorithm is suitable for some task in cryptography or information security, but also resists cryptanalysis and has no, or fewer, security weaknesses. Tasks are varied, and might include:

Cryptographically strong would seem to mean that the described method has some kind of maturity, perhaps even approved for use against different kinds of systematic attacks in theory and/or practice. Indeed, that the method may resist those attacks long enough to protect the information carried (and what stands behind the information) for a useful length of time. But due to the complexity and subtlety of the field, neither is almost ever the case. Since such assurances are not actually available in real practice, sleight of hand in language which implies that they are will generally be misleading.

There will always be uncertainty as advances (e.g., in cryptanalytic theory or merely affordable computer capacity) may reduce the effort needed to successfully use some attack method against an algorithm.

In addition, actual use of cryptographic algorithms requires their encapsulation in a cryptosystem, and doing so often introduces vulnerabilities which are not due to faults in an algorithm. For example, essentially all algorithms require random choice of keys, and any cryptosystem which does not provide such keys will be subject to attack regardless of any attack resistant qualities of the encryption algorithm(s) used.

Widespread use of encryption increases the costs of surveillance, so the government policies aim to regulate the use of the strong cryptography. [15] In the 2000s, the effect of encryption on the surveillance capabilities was limited by the ever-increasing share of communications going through the global social media platforms, that did not use the strong encryption and provided governments with the requested data. [16] Murphy talks about a legislative balance that needs to be struck between the power of the government that are broad enough to be able to follow the quickly-evolving technology, yet sufficiently narrow for the public and overseeing agencies to understand the future use of the legislation. [17]

USA

The initial response of the US government to the expanded availability of cryptography was to treat the cryptographic research in the same way the atomic energy research is, i.e., "born classified", with the government exercising the legal control of dissemination of research results. This had quickly found to be impossible, and the efforts were switched to the control over deployment (export, as prohibition on the deployment of cryptography within the US was not seriously considered). [18]

The export control in the US historically uses two tracks: [19]

Since the original applications of cryptography were almost exclusively military, it was placed on the munitions list. With the growth of the civilian uses, the dual-use cryptography was defined by cryptographic strength, with the strong encryption remaining a munition in a similar way to the guns (small arms are dual-use while artillery is of purely military value). [20] This classification had its obvious drawbacks: a major bank is arguably just as systemically important as a military installation, [20] and restriction on publishing the strong cryptography code run against the First Amendment, so after experimenting in 1993 with the Clipper chip (where the US government kept special decryption keys in escrow), in 1996 almost all cryptographic items were transferred to the Department of Commerce. [21]

EU

The position of the EU, in comparison to the US, had always been tilting more towards privacy. In particular, EU had rejected the key escrow idea as early as 1997. European Union Agency for Cybersecurity (ENISA) holds the opinion that the backdoors are not efficient for the legitimate surveillance, yet pose great danger to the general digital security. [15]

Five Eyes

The Five Eyes (post-Brexit) represent a group of states with similar views one the issues of security and privacy. The group might have enough heft to drive the global agenda on the lawful interception. The efforts of this group are not entirely coordinated: for example, the 2019 demand for Facebook not to implement end-to-end encryption was not supported by either Canada or New Zealand, and did not result in a regulation. [17]

Russia

President and government of Russia in 90s has issued a few decrees formally banning uncertified cryptosystems from use by government agencies. Presidential decree of 1995 also attempted to ban individuals from producing and selling cryptography systems without having appropriate license, but it wasn't enforced in any way as it was suspected to be contradictory the Russian Constitution of 1993 and wasn't a law per se. [22] [23] [24] [note 1] The decree of No.313 issued in 2012 further amended previous ones allowing to produce and distribute products with embedded cryptosystems and requiring no license as such, even though it declares some restrictions. [25] [26] France had quite strict regulations in this field, but has relaxed them in recent years.[ citation needed ]

Examples

Strong

Weak

Examples that are not considered cryptographically strong include:

Notes

  1. The sources provided here are in Russian. To alleviate the problem of lack of English-written ones the sources are cited by using official government documents.

Related Research Articles

<span class="mw-page-title-main">Cryptanalysis</span> Study of analyzing information systems in order to discover their hidden aspects

Cryptanalysis refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

In cryptography, key size or key length refers to the number of bits in a key used by a cryptographic algorithm.

<span class="mw-page-title-main">Data Encryption Standard</span> Early unclassified symmetric-key block cipher

The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

<span class="mw-page-title-main">International Data Encryption Algorithm</span> Symmetric-key block cipher

In cryptography, the International Data Encryption Algorithm (IDEA), originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher, the Proposed Encryption Standard (PES).

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

Articles related to cryptography include:

Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classical cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper.

In cryptography, Camellia is a symmetric key block cipher with a block size of 128 bits and key sizes of 128, 192 and 256 bits. It was jointly developed by Mitsubishi Electric and NTT of Japan. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project. The cipher has security levels and processing abilities comparable to the Advanced Encryption Standard.

<span class="mw-page-title-main">MacGuffin (cipher)</span> Block cipher

In cryptography, MacGuffin is a block cipher created in 1994 by Bruce Schneier and Matt Blaze at a Fast Software Encryption workshop. It was intended as a catalyst for analysis of a new cipher structure, known as Generalized Unbalanced Feistel Networks (GUFNs). The cryptanalysis proceeded very quickly, so quickly that the cipher was broken at the same workshop by Vincent Rijmen and Bart Preneel.

Below is a timeline of notable events related to cryptography.

In cryptanalysis, attack models or attack types are a classification of cryptographic attacks specifying the kind of access a cryptanalyst has to a system under attack when attempting to "break" an encrypted message generated by the system. The greater the access the cryptanalyst has to the system, the more useful information they can get to utilize for breaking the cypher.

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit the export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The following outline is provided as an overview of and topical guide to cryptography:

<span class="mw-page-title-main">Twofish</span> Block cipher

In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twofish is related to the earlier block cipher Blowfish.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

In cryptography, security level is a measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Security level is usually expressed as a number of "bits of security", where n-bit security means that the attacker would have to perform 2n operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link. For example, AES-128 is designed to offer a 128-bit security level, which is considered roughly equivalent to a RSA using 3072-bit key.

References

  1. Vagle 2015, p. 121.
  2. 1 2 Vagle 2015, p. 113.
  3. Levy, Steven (12 July 1994). "Battle of the Clipper Chip". New York Times Magazine . pp. 44–51.
  4. "Encryption and Export Administration Regulations (EAR)". bis.doc.gov. Bureau of Industry and Security . Retrieved 24 June 2023.
  5. 1 2 Reinhold 1999, p. 3.
  6. Schneier 1998, p. 2.
  7. Schneier 1998, p. 3.
  8. Schneier 1998, p. 4.
  9. Vagle 2015, p. 110.
  10. 1 2 Diffie & Landau 2007, p. 725.
  11. Vagle 2015, p. 109.
  12. 1 2 Vagle 2015, p. 119.
  13. Diffie & Landau 2007, p. 731.
  14. Path.GetRandomFileName Method (System.IO), Microsoft
  15. 1 2 Riebe et al. 2022, p. 42.
  16. Riebe et al. 2022, p. 58.
  17. 1 2 Murphy 2020.
  18. Diffie & Landau 2007, p. 726.
  19. Diffie & Landau 2007, p. 727.
  20. 1 2 Diffie & Landau 2007, p. 728.
  21. Diffie & Landau 2007, p. 730.
  22. Farber, Dave (1995-04-06). "A ban on cryptography in Russia (fwd) [Next .. djf]" . Retrieved 2011-02-14.
  23. Antipov, Alexander (1970-01-01). "Пресловутый указ №334 о запрете криптографии". www.securitylab.ru (in Russian). Retrieved 2020-09-21.
  24. "Указ Президента Российской Федерации от 03.04.1995 г. № 334". Президент России (in Russian). Retrieved 2020-09-21.
  25. "Положение о лицензировании деятельности по разработке, производству, распространению шифровальных средств и систем". Российская газета (in Russian). Retrieved 2020-09-21.
  26. "Миф №49 "В России запрещено использовать несертифицированные средства шифрования"". bankir.ru (in Russian). Retrieved 2020-09-21.
  27. Security Bulletin: Sweet32 vulnerability that impacts Triple DES cipher. IBM Security Bulletin, 2016.

Sources

See also

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.