Kerchkoff’s Principle
So we studied in the last post (https://bit.ly/3aJHwN3) how we have to make some information exclusive to intended participants for a system to be secure. But we have also seen that you can choose how much you want to conceal. This post is highly dependent on the previous one, so go back and look at those examples again. The principle which defines what a key is the Kerchkoff’s principle, as we will see in the end.
We’ve already noted in the last post why the first method of relying on hiding the communication channel isn’t so great, because Eve might be able to guess who is carrying the message and then extract the message from you. So having the communication channel be the key is a bad idea.
So fine, we don’t want to rely completely on the messenger. What else can we do? Well, we’ve already mentioned another method before, which could be to disguise the message such that even the messenger doesn’t know it. Very well, this is our first step to encryption!
Now again it’s a system and Alice has to keep something hidden for it to be useful. What can she keep hidden? Following up on the example given in the last post, she can keep the method of encryption a secret. That means she changes the text in some way such that only she and Bob know how to apply get the original back, and now neither can you nor Eve read the text.
This sounds pretty good right? Again, we can’t rely on just this. Why so?
Well, for one, both Alice and Bob are known to Eve, and so she probably knows more about them than just their names. Maybe Eve and Alice have worked on a project before, and maybe they’ve discussed these things in depth. What’s to say she wouldn’t be able to guess the algorithm based on her prior knowledge of Alice and how she thinks?
A second concern is that this might work for a one-time thing, but the more times you use something, the easier it becomes for someone to guess it. So if Alice wants to send multiple messages and uses the same key (here an algorithm) to encrypt all of her messages, at some point Eve is going to be able to compare the texts and guess what the key is. So Alice should avoid reuse of key for multiple messages, meaning that she has to use a different algorithm after every few messages. I think I don’t have to explain how difficult it would be to come up with a new algorithm every time.
So we see that letting the key be the algorithm is a bad idea. And without further ado, let’s get to the actual definition of key. Here our definition of a key collapses to the standard one, which is:
a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm
Hence what we are saying is that there should just be one input parameter to our system which should be hidden, not the entire algorithm or the communication channel.
You can think of it being the image below:
The smaller key is the one that’s more easily concealable, it can be hidden even in your shirt pocket. And that’s why we try to make the key as small as possible, and this is what Kerchkoff’s principle states:
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge
That just means that the key should be an input parameter, and your system should be designed such that it’s safe even if everything is given away except for this parameter. Now it’s getting really confusing to keep using my made-up definition for key, and so we’ll stick to the standard definition henceforth and say that a key is this input parameter.
But don’t rejoice just yet — all we’ve done is figure out what we should be keeping secret. The real challenge is of designing cryptosystems where this secret is actually hidden effectively, which we will see in further posts.
Trivia — The question of why we don’t keep the algorithm secret is actually enthralling and it got too long to put in a blog post, hence why I had to remove it. I could explain it here, but, as always, the folks at security.stackexchange have done it pretty well and I highly recommend going through this : https://security.stackexchange.com/questions/91350/why-do-we-keep-our-keys-secret-rather-than-our-algorithms
Source for definitions: Wikipedia
