Cryptography Terminology

Last Updated: 24 February 2001


Asymmetric Algorithm
An algorithm in which the key used for encryption is different from that used for decryption. Also known as public key cryptography.

Block Cipher
An algorithm that encrypts data in blocks, commonly of 64 bits each.

CAST
A 64-bit block cipher, developed in Canada by Carlisle Adams and Stafford Tavares.

Cipher
A cryptographic algorithm, i.e. a mathematical function used for encryption and decryption.

Clipper
Originally the name for a tamper-resistant encryption chip designed by the U.S. National Security Agency for voice encryption. The chip has built-in key escrow features to facilitate wire-tapping. The term has subsequently been applied to further attempts by the US government to introduce key escrow provisions, the latest variation being the key recovery plan of October 1996, dubbed Clipper 4.

DES
Digital Encryption Standard. A symmetric block cipher using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. In 1999, the Electronic Frontier Foundation (USA) developed a machine to demonstrate that DES could be broken in a few hours with a brute-force attack. Encryption using single DES is generally no longer considered to be secure. (See Triple DES)

Diffie-Hellman
A public-key algorithm, invented in 1976.

DH/DSS
A type of key used in PGP since version 5.0. Contains a Diffie-Hellman key of between 1024 and 4096 bits for encryption and a 1024-bit DSS key for digital signatures.

DSS
Digital Signature Standard. A proposed standard for digital signatures using Digital Signature Algorithm.

Digital Signature
An encrypted message digest which is appended to a plaintext or encrypted message to verify the identity of the sender. The signature is encrypted with the user's private key and can only be decrypted with the corresponding public key. The same key pairs may be used for signature and encryption purposes but separate key pairs for each purpose are usually recommended.

IDEA
International Data Encryption Algorithm. It was introduced in 1992 as a potential alternative to DES and is regarded as very secure. It is a block cipher using a symmetric algorithm based on a 128 bit key. IDEA is the data encryption algorithm used in PGP.

Key
A value that is used to encrypt or decrypt a message.

Key Escrow
A concept that originated with the Clipper Chip program, by which a secret or private key is split and the two parts held by escrow agencies against the possibility that the key may be required for law enforcement surveillance or national security purposes.

Key Recovery
A key escrow system which relies on a trusted party to recover a user's confidential keys for use by law enforcement or national security agencies acting under "proper authority". The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. Key recovery is central to the US government's new encryption policy announced in October 1996.

PGP
A complete public-key cryptosystem for electronic messaging that has been released to the public domain. It was originally designed by Phil Zimmerman. It uses IDEA, CAST or Triple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.

PKAF
Public Key Authentication Framework. A system for authenticating digital signatures based on a hierarchy of trusted signatures.

Private Key
The secret part of a a private key/public key pair used in public key cryptography. The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and decrypted using the Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key.

Public Key Cryptography
A concept first proposed by Diffie and Hellman in 1975 that has been largely responsible for opening up the science of cryptography for commercial use. The encryption key is made public but only the person who holds the corresponding private key can decrypt the message.

RSA
The best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers. The algorithm is best known for its application in PGP. It is patented in the USA only.

Steganography
A method of hiding a secret message in another message, e.g. within a graphic image.

Symmetric Algorithm
An encryption algorithm where the encryption key is the same as the decryption key, or where one key is easily calculated from the other. The sender and receiver have to agree on a key before they can communicate securely.

Triple DES
A method of vastly increasing the security of DES by encrypting 3 times with different keys.