Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Kerckhoffs's principle
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{short description|Cryptographic principle that states everything except the key can be public knowledge}} {{Distinguish|Kirchhoff's laws (disambiguation){{!}}Kirchhoff's laws}} [[File:Auguste_Kerckhoffs.jpg|thumb|Auguste Kerckhoffs]] '''Kerckhoffs's principle''' (also called '''Kerckhoffs's desideratum''', '''assumption''', '''axiom''', '''doctrine''' or '''law''') of [[cryptography]] was stated by [[Dutch people|Dutch-born]] cryptographer [[Auguste Kerckhoffs]] in the 19th century. The principle holds that a [[cryptosystem]] should be secure, even if everything about the system, except the [[cryptographic key|key]], is public knowledge. This concept is widely embraced by cryptographers, in contrast to [[security through obscurity]], which is not. Kerckhoffs's principle was phrased by American mathematician [[Claude E. Shannon|Claude Shannon]] as "the [[Adversary (cryptography)|enemy]] knows the system",<ref name=Shannon>{{cite journal|last1=Shannon|first1=Claude|title=Communication Theory of Secrecy Systems|journal=Bell System Technical Journal|date=4 October 1949|volume=28|issue=4|page=662|doi=10.1002/j.1538-7305.1949.tb00928.x|url=https://archive.org/stream/bstj28-4-656#page/n5/mode/2up|access-date=20 June 2014|ref=Shannon}}</ref> i.e., "one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them". In that form, it is called '''Shannon's maxim'''. Another formulation by American researcher and professor [[Steven M. Bellovin]] is: <blockquote>In other words—design your system assuming that your opponents know it in detail. (A former official at NSA's National Computer Security Center told me that the standard assumption there was that serial number 1 of any new device was delivered to the Kremlin.)<ref name="Bellovin">{{cite journal|last1=Bellovin|first1=Steve|title=Security through obscurity|journal=RISKS Digest|date=23 June 2009|volume=25|issue=71|url=http://catless.ncl.ac.uk/Risks/25.71.html#subj19|access-date=18 September 2010|archive-date=10 June 2011|archive-url=https://web.archive.org/web/20110610065131/http://catless.ncl.ac.uk/Risks/25.71.html#subj19|url-status=live}}</ref></blockquote> ==Origins== The invention of [[telegraphy]] radically changed [[military communications]] and increased the number of messages that needed to be protected from the enemy dramatically, leading to the development of field ciphers which had to be easy to use without large confidential [[codebook]]s prone to capture on the battlefield.<ref>{{Cite web |title=[3.0] The Rise Of Field Ciphers |url=https://vc.airvectors.net/ttcode_03.html |access-date=2024-01-11 |website=vc.airvectors.net |archive-date=2024-01-11 |archive-url=https://web.archive.org/web/20240111165128/https://vc.airvectors.net/ttcode_03.html |url-status=live }}</ref> It was this environment which led to the development of Kerckhoffs's requirements. Auguste Kerckhoffs was a professor of German language at [[HEC Paris|Ecole des Hautes Etudes Commerciales]] (HEC) in Paris.<ref>{{cite web |title=August Kerckhoffs: the father of computer security - History |url=https://china.exed.hec.edu/en/node/467 |website=china.exed.hec.edu |publisher=[[HEC Paris]] |access-date=26 November 2022 |language=en |archive-date=26 November 2022 |archive-url=https://web.archive.org/web/20221126024206/https://china.exed.hec.edu/en/node/467 |url-status=live }}</ref> In early 1883, Kerckhoffs's article, ''La Cryptographie Militaire'',<ref>{{citation | url = http://petitcolas.net/fabien/kerckhoffs/ | title = Electronic version and English translation of "La cryptographie militaire" | first = Fabien | last = Petitcolas | access-date = 2004-06-29 | archive-date = 2015-10-10 | archive-url = https://archive.today/20151010133258/http://www.petitcolas.net/kerckhoffs/index.html | url-status = live }}</ref> was published in two parts in the ''Journal of Military Science'', in which he stated six design rules for military [[cipher]]s.{{hsp}}<ref name="Kahn">{{citation | first = David | last = Kahn | title = The Codebreakers: the story of secret writing | year = 1996|edition=Second | publisher = Scribners}} p.235</ref> Translated from French, they are:<ref>{{cite journal |first=Auguste |last=Kerckhoffs |url=https://www.petitcolas.net/kerckhoffs/crypto_militaire_1_b.pdf |title=La cryptographie militaire |trans-title=Military cryptography |journal=Journal des sciences militaires |trans-journal=Military Science Journal |volume=IX |pages=5–83 |date=January 1883 |language=fr |access-date=2019-12-17 |archive-date=2021-02-20 |archive-url=https://web.archive.org/web/20210220151435/https://www.petitcolas.net/kerckhoffs/crypto_militaire_1_b.pdf |url-status=live }}</ref><ref>{{cite journal |first=Auguste |last=Kerckhoffs |url=https://www.petitcolas.net/kerckhoffs/crypto_militaire_2.pdf |title=La cryptographie militaire |trans-title=Military cryptography |journal=Journal des sciences militaires |trans-journal=Military Science Journal |volume=IX |pages=161–191 |date=February 1883 |language=fr |access-date=2019-12-17 |archive-date=2021-02-20 |archive-url=https://web.archive.org/web/20210220151434/https://www.petitcolas.net/kerckhoffs/crypto_militaire_2.pdf |url-status=live }}</ref> # The system must be practically, if not mathematically, indecipherable; # It should not require secrecy, and it should not be a problem if it falls into enemy hands; # It must be possible to communicate and remember the key without using written notes, and correspondents must be able to change or modify it at will; # It must be applicable to telegraph communications; # It must be portable, and should not require several persons to handle or operate; # Lastly, given the circumstances in which it is to be used, the system must be easy to use and should not be stressful to use or require its users to know and comply with a long list of rules. Some are no longer relevant given the ability of computers to perform complex encryption. The second rule, now known as '''Kerckhoffs's principle''', is still critically important.<ref name="cryptocom" /> ==Explanation of the principle== Kerckhoffs viewed cryptography as a rival to, and a better alternative than, [[steganographic]] encoding, which was common in the nineteenth century for hiding the meaning of military messages. One problem with encoding schemes is that they rely on humanly-held secrets such as "dictionaries" which disclose for example, the secret meaning of words. Steganographic-like dictionaries, once revealed, permanently compromise a corresponding encoding system. Another problem is that the risk of exposure increases as the number of users holding the secrets increases. Nineteenth century cryptography, in contrast, used simple tables which provided for the transposition of alphanumeric characters, generally given row-column intersections which could be modified by keys which were generally short, numeric, and could be committed to human memory. The system was considered "indecipherable" because tables and keys do not convey meaning by themselves. Secret messages can be compromised only if a matching set of table, key, and message falls into enemy hands in a relevant time frame. Kerckhoffs viewed tactical messages as only having a few hours of relevance. Systems are not necessarily compromised, because their components (i.e. alphanumeric character tables and keys) can be easily changed. === Advantage of secret keys === Using secure cryptography is supposed to replace the difficult problem of keeping messages secure with a much more manageable one, keeping relatively small keys secure. A system that requires long-term secrecy for something as large and complex as the whole design of a cryptographic system obviously cannot achieve that goal. It only replaces one hard problem with another. However, if a system is secure even when the enemy knows everything except the key, then all that is needed is to manage keeping the keys secret.<ref>{{cite book |last1=Massey |first1=James L. |title=Cryptography: Fundamentals and Applications |date=1993 |page=2.5 |chapter=Course Notes}}</ref> There are a large number of ways the internal details of a widely used system could be discovered. The most obvious is that someone could bribe, blackmail, or otherwise threaten staff or customers into explaining the system. In war, for example, one side will probably capture some equipment and people from the other side. Each side will also use spies to gather information. If a method involves software, someone could do [[memory dump]]s or run the software under the control of a debugger in order to understand the method. If hardware is being used, someone could buy or steal some of the hardware and build whatever programs or gadgets needed to test it. Hardware can also be dismantled so that the chip details can be examined under the microscope. === Maintaining security === A generalization some make from Kerckhoffs's principle is: "The fewer and simpler the secrets that one must keep to ensure system security, the easier it is to maintain system security." [[Bruce Schneier]] ties it in with a belief that all security systems must be designed to [[graceful exit|fail as gracefully]] as possible: {{quotation|Kerckhoffs's principle applies beyond codes and ciphers to security systems in general: every secret creates a potential [[single point of failure|failure point]]. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility.<ref name="HomelandInsecurity">{{Citation | author = Mann, Charles C. | date = September 2002 | title = Homeland Insecurity | journal = [[The Atlantic Monthly]] | volume = 290 | issue = 2 | url = https://www.theatlantic.com/issues/2002/09/mann.htm | postscript = . | access-date = 2017-03-08 | archive-date = 2008-07-07 | archive-url = https://web.archive.org/web/20080707082724/http://www.theatlantic.com/issues/2002/09/mann.htm | url-status = live }}</ref>}} Any security system depends crucially on keeping some things secret. However, Kerckhoffs's principle points out that the things kept secret ought to be those least costly to change if inadvertently disclosed.<ref name="cryptocom">{{cite web |last1=Savard |first1=John J. G. |title=A Cryptographic Compendium: The Ideal Cipher |url=http://www.quadibloc.com/crypto/mi0611.htm |website=www.quadibloc.com |access-date=26 November 2022 |date=2003 |archive-date=26 June 2020 |archive-url=https://web.archive.org/web/20200626220139/http://www.quadibloc.com/crypto/mi0611.htm |url-status=live }}</ref> For example, a cryptographic algorithm may be implemented by hardware and software that is widely distributed among users. If security depends on keeping that secret, then disclosure leads to major logistic difficulties in developing, testing, and distributing implementations of a new algorithm – it is "brittle". On the other hand, if keeping the algorithm secret is not important, but only the ''keys'' used with the algorithm must be secret, then disclosure of the keys simply requires the simpler, less costly process of generating and distributing new keys.<ref>{{cite web |title=A Modern Interpretation of Kerckhoff |url=https://www.rambus.com/blogs/a-modern-interpretation-of-kerckhoff/ |website=Rambus |access-date=26 November 2022 |date=21 September 2020 |archive-date=26 November 2022 |archive-url=https://web.archive.org/web/20221126025718/https://www.rambus.com/blogs/a-modern-interpretation-of-kerckhoff/ |url-status=live }}</ref> ==Applications== In accordance with Kerckhoffs's principle, the majority of civilian cryptography makes use of publicly known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see [[Type 1 encryption]]). However, it should not be assumed that government/military ciphers must be kept secret to maintain security. It is possible that they are intended to be as cryptographically sound as public algorithms, and the decision to keep them secret is in keeping with a layered security posture. ==Security through obscurity== {{Main|Security through obscurity}} It is moderately common for companies, and sometimes even standards bodies as in the case of the [[Content Scramble System|CSS encryption on DVDs]], to keep the inner workings of a system secret. Some{{who|date=April 2023}} argue this "security by obscurity" makes the product safer and less vulnerable to attack. A counter-argument is that keeping the innards secret may improve security in the short term, but in the long run, only systems that have been published and analyzed should be trusted. [[Steven M. Bellovin|Steven Bellovin]] and [[Randy Bush (scientist)|Randy Bush]] commented:<ref name="draft-ymbk-obscurity-00">{{citation | url = https://www.cs.columbia.edu/~smb/papers/draft-ymbk-obscurity-00.txt | title = Security Through Obscurity Considered Dangerous | first1 = Steven | last1 = Bellovin | first2 = Randy | last2 = Bush | publisher = [[Internet Engineering Task Force]] (IETF) | date = February 2002 | access-date = December 1, 2018 | archive-date = February 1, 2021 | archive-url = https://web.archive.org/web/20210201025046/https://www.cs.columbia.edu/~smb/papers/draft-ymbk-obscurity-00.txt | url-status = live }}</ref> {{quotation | '''Security Through Obscurity Considered Dangerous''' Hiding security vulnerabilities in algorithms, software, and/or hardware decreases the likelihood they will be repaired and increases the likelihood that they can and will be exploited. Discouraging or outlawing discussion of weaknesses and vulnerabilities is extremely dangerous and deleterious to the security of computer systems, the network, and its citizens. '''Open Discussion Encourages Better Security''' The long history of cryptography and cryptoanalysis has shown time and time again that open discussion and analysis of algorithms exposes weaknesses not thought of by the original authors, and thereby leads to better and more secure algorithms. As Kerckhoffs noted about cipher systems in 1883 [Kerc83], "Il faut qu'il n'exige pas le secret, et qu'il puisse sans inconvénient tomber entre les mains de l'ennemi." (Roughly, "the system must not require secrecy and must be able to be stolen by the enemy without causing trouble.") }} ==References== {{reflist|30em}} ==Notes== :{{citizendium|title=Kerckhoffs' Principle}} == External links == * [http://petitcolas.net/fabien/kerckhoffs/ Reference to Kerckhoffs's original paper, with scanned original text] * {{cite journal |last1=Caraco |first1=Jean-Claude |last2=Géraud-Stewart |first2=Rémi |last3=Naccache |first3=David |title=Kerckhoffs' Legacy |journal=Cryptology ePrint Archive |date=2020 |url=https://eprint.iacr.org/2020/556 |access-date=26 November 2022 |language=en |id=Paper 2020/556}} [[Category:Computer architecture statements]] [[Category:Cryptography]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Citation
(
edit
)
Template:Cite book
(
edit
)
Template:Cite journal
(
edit
)
Template:Cite web
(
edit
)
Template:Citizendium
(
edit
)
Template:Distinguish
(
edit
)
Template:Hsp
(
edit
)
Template:Main
(
edit
)
Template:Quotation
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Who
(
edit
)