Recent Posts

Six principles of practical ciphers

Core ideas of a set of principles familiar to cryptographers and other security experts as Kerckhoffs' Principle, are still relevant today--more than 125 years after they were articulated.

Auguste Kerckhoffs' name is most widely known because of what we call Kerckhoffs' Principle:
"A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."
This is actually an elaboration upon the second of a set of six principles he originally articulated in La Cryptographie Militaire, an 1883 article that surveyed was was at the time the state of the art of military cryptography, and that argued for improvements in French military cryptosystems.

Auguste Kerckhoffs' six principles of practical cipher design may seem a little dated by today's standards:
  1. The system should be, if not theoretically unbreakable, unbreakable in practice.
  2. The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents (Kerckhoffs' principle).
  3. The key should be memorable without notes and should be easily changeable
  4. The cryptograms should be transmittable by telegraph
  5. The apparatus or documents should be portable and operable by a single person
  6. The system should be easy, neither requiring knowledge of a long list of rules nor involving mental strain
The actual principles that underlie these standards for good cryptographic system design will probably prove timeless, however. All it takes is a little bit of updating of the terminology, especially to avoid tying these principles too strongly to a particular period in history:
  1. The system should be, if not theoretically unbreakable, unbreakable in practice. As the practical possibility of breaking the system looms, the system should be replaced.


    The second sentence is not strictly necessary, but helps to make the core point more clear. Security technology cannot, in practice, remain both static and effective. It must stay ahead of the "competition"--those who would seek to crack security.
  2. The design of a system should not require secrecy and compromise of the system should not inconvenience the correspondents.


    You might notice that this principle doesn't actually require any updating to remain relevant or tease out the actual underlying idea. This may be why it has become one of the most highly regarded and well known ideas in cryptographic theory in particular, and for security policy in general. It is important to note that the individual key required to use the system (so long as it is not statically designed into the system) is not part of the design of the system, and is necessarily not covered by this rule.
  3. A necessary element of using the system, known only to one person, should be memorable without notes and easily changeable.
    The actual cryptographic key used with a cryptographic system must often be well beyond the realm of easy memorability or changeability for the majority of people who will use it. A key for the key, however--such as the passphrase used to employ the private key in an OpenPGP system--should exist in such cases, so that an individual can hold a necessary part of the operation of the system in his or her head, reasonably protected against the possibility of being intercepted, guessed, or cracked by unauthorized people.
  4. The cryptograms should be transmittable by both common and state of the art communications technology, and easily adapted to new means of communication, including stenographic communication. Specialized cryptographic systems may be limited to communication media particular to their specialized purposes, but should not be limited to their particular moment in time.


    The telegraph is neither state of the art nor common as a means of communication these days. The real purpose of that statement at the time Kerckhoffs initially stated it was to ensure the practical usefulness of a cryptographic system under prevailing conditions for military use. Because we should be concerned with more than merely prevailing conditions at this time, the requirement for use across various communications media must be unshackled from their time period as much as possible.
  5. The tools of the system should be not only portable and operable by a single person, but usable under unpredictable circumstances.


    For purposes of practicality, it is unreasonable to expect all users of a given, general purpose cryptographic system to rely on a secret, physically secured apparatus accessible only via sneakernet for the system to remain sufficiently secured. Times have changed, and they will continue to change. If the conditions of use of a given cryptographic system are always assumed to conform to particular, restricted circumstances, that cryptographic system simply will not stand the test of time.
  6. The system should be easy to use, neither requiring knowledge of a long list of rules nor involving mental strain.
    Aside from the addition of the words "to use", distinguishing between what the user must do and what is done behind the scenes by the tools employed in the use of the cryptographic system, nothing needs to be changed here. The actual operation of the cryptographic system itself by its human operators should not be so complicated in day to day use that having detailed documentation on hand is necessary to avoid doing it wrong.

    Basic familiarity, good habits, and the memorized secret key to the system should be the totality of the knowledge and skills necessary to use the system.
The best, most widely used cryptographic systems in the world today largely conform to these principles, though many of them are getting a bit long in the tooth and brush up against some of the limits of these principles. When selecting a new cryptographic system to use, you should always check it against these principles to determine if it will serve your needs not only today, but in the future as well.