# Cryptography Terminology

Last Updated: 24 February 2001

**Asymmetric Algorithm**

An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.

**Block Cipher**

An algorithm that encrypts data in blocks, commonly of 64 bits each.

**CAST**

A 64-bit block cipher, developed in Canada by Carlisle Adams and Stafford Tavares.

**Cipher**

A cryptographic algorithm, i.e. a mathematical function used for encryption
and decryption.

**Clipper**

Originally the name for a tamper-resistant encryption chip designed by
the U.S. National Security Agency for voice encryption. The chip has built-in
key escrow features to facilitate wire-tapping. The term has subsequently
been applied to further attempts by the US government to introduce key
escrow provisions, the latest variation being the key recovery plan of
October 1996, dubbed Clipper 4.

**DES**

Digital Encryption Standard. A symmetric block cipher using a 56-bit key which
was originally developed by the US National Institute of Standards and Technology
(NIST) in 1977 as a standard encryption algorithm. In 1999, the
Electronic Frontier Foundation (USA)
developed a machine to demonstrate that DES could be broken in a few hours
with a brute-force attack. Encryption using single DES
is generally no longer considered to be secure. (See Triple DES)

**Diffie-Hellman**

A public-key algorithm, invented in 1976.

**DH/DSS**

A type of key used in PGP since version 5.0. Contains a Diffie-Hellman key of
between 1024 and 4096 bits for encryption and a 1024-bit DSS key for digital
signatures.

**DSS**

Digital Signature Standard. A proposed standard for digital signatures using
Digital Signature Algorithm.

**Digital Signature**

An encrypted message digest which is appended to a plaintext or encrypted message
to verify the identity of the sender. The signature is encrypted with the user's
private key and can only be decrypted with the corresponding public key. The
same key pairs may be used for signature and encryption purposes but separate
key pairs for each purpose are usually recommended.

**IDEA**

International Data Encryption Algorithm. It was introduced in 1992 as a
potential alternative to DES and is regarded as very secure. It is a
block cipher using a symmetric algorithm based on a 128 bit key. IDEA
is the data encryption algorithm used in PGP.

**Key**

A value that is used to encrypt or decrypt a message.

**Key Escrow**

A concept that originated with the Clipper Chip program, by which a secret
or private key is split and the two parts held by escrow agencies against
the possibility that the key may be required for law enforcement surveillance
or national security purposes.

**Key Recovery**

A key escrow system which relies on a trusted party to recover a user's
confidential keys for use by law enforcement or national security agencies acting
under "proper authority". The trusted recovery party might in some cases be internal to
the user's organization, but in all cases notice to surveillance targets
that their key information had been released would be prohibited.
Key recovery is central to the US government's new encryption
policy announced in October 1996.

**PGP**

A complete public-key cryptosystem for electronic messaging that has been released
to the public domain. It was originally designed by Phil Zimmerman. It uses
IDEA, CAST or Triple DES for actual data encryption and RSA (with up to 2048-bit
key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for
key management and digital signatures. The RSA or DH public key is used to encrypt
the IDEA secret key as part of the message.

**PKAF**

Public Key Authentication Framework. A system for authenticating
digital signatures based on a hierarchy of trusted signatures.

**Private Key**

The secret part of a a private key/public key pair used in public
key cryptography. The Private Key is normally known only to the
key owner. Messages are encrypted using the Public Key and
decrypted using the Private Key. For digital signatures, however,
a document is signed with a Private Key and authenticated with
the corresponding Public Key.

**Public Key Cryptography**

A concept first proposed by Diffie and Hellman in 1975 that has been
largely responsible for opening up the science of cryptography for
commercial use. The encryption key is made public but only the person
who holds the corresponding private key can decrypt the message.

**RSA**

The best known public key algorithm, named after its inventors: Rivest,
Shamir and Adleman. RSA uses public and private keys that are functions
of a pair of large prime numbers. The algorithm is best known for its
application in PGP. It is patented in the USA only.

**Steganography**

A method of hiding a secret message in another message, e.g. within
a graphic image.

**Symmetric Algorithm**

An encryption algorithm where the encryption key is the same as the
decryption key, or where one key is easily calculated from the other.
The sender and receiver have to agree on a key before they can
communicate securely.

**Triple DES**

A method of vastly increasing the security of DES by encrypting 3 times
with different keys.