Cryptographic primitive
Encyclopedia
Cryptographic primitives are well-established, low-level cryptographic
algorithms that are frequently used to build computer security
systems. These routines include, but are not limited to, one-way hash functions and encryption function
s.
s, designers use cryptographic primitives as their most basic building blocks. Because of this, cryptographic primitives are designed to do one very specific task in a highly reliable fashion. They include encryption schemes, hash functions and digital signatures schemes.
Since cryptographic primitives are used as building blocks, they must be very reliable, i.e. perform according to their specification. E.g. if an encryption routine claims to be only breakable with X number of computer operations, then if it can be broken with significantly less than X operations, that cryptographic primitive is said to fail. If a cryptographic primitive is found to fail, almost every protocol that uses it becomes vulnerable. Since creating cryptographic routines is very hard, and testing them to be reliable takes a long time, it is essentially never sensible (nor secure) to design a new cryptographic primitive to suit the needs of a new cryptographic system. The reasons include:
Cryptographic primitives are similar in some ways to programming language
s. A computer programmer rarely invents a new programming language while writing a new program; instead, he or she will use one of the already established programming languages to program in.
Cryptographic primitives are one of the building block of every crypto system, e.g., TLS
, SSL, SSH
, etc. Crypto system designers, not being in a position to definitively prove their security, must take the primitives they use as secure. Choosing the best primitive available for use in a protocol usually provides the best available security. However, compositional weaknesses are possible in any crypto system and it is the responsibility of the designer(s) to avoid them.
and integrity-protected), an encoding routine, such as DES
, and a hash-routine such as SHA-1 can be used in combination. If the attacker does not know the encryption key, he can not modify the message so that message digest values can't be successfully faked.
Combining cryptographic primitives to make a protocol is itself an entire specialization. Most exploitable errors (i.e., insecurities in crypto systems) are due not to design errors in the primitives (assuming always that they were chosen with care), but to the way they are used, i.e. bad protocol design and buggy or not careful enough implementation. Mathematical analysis of protocols is, at the time of this writing, not mature. There are some basic properties that can be verified with automated methods, such as BAN logic. There are even methods for full verification (e.g. the SPI calculus) but they are extremely cumbersome and cannot be automated. Protocol design is an art requiring deep knowledge and much practice; even then mistakes are common. An illustrative example, for a real system, can be seen on the OpenSSL
vulnerability news page at http://www.openssl.org/news/.
A List of cryptographic primitives: :Category:Cryptographic primitives
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
algorithms that are frequently used to build computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
systems. These routines include, but are not limited to, one-way hash functions and encryption function
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
s.
Rationale
When creating cryptographic systemCryptosystem
There are two different meanings of the word cryptosystem. One is used by the cryptographic community, while the other is the meaning understood by the public.- General meaning :...
s, designers use cryptographic primitives as their most basic building blocks. Because of this, cryptographic primitives are designed to do one very specific task in a highly reliable fashion. They include encryption schemes, hash functions and digital signatures schemes.
Since cryptographic primitives are used as building blocks, they must be very reliable, i.e. perform according to their specification. E.g. if an encryption routine claims to be only breakable with X number of computer operations, then if it can be broken with significantly less than X operations, that cryptographic primitive is said to fail. If a cryptographic primitive is found to fail, almost every protocol that uses it becomes vulnerable. Since creating cryptographic routines is very hard, and testing them to be reliable takes a long time, it is essentially never sensible (nor secure) to design a new cryptographic primitive to suit the needs of a new cryptographic system. The reasons include:
- The designer might not be competent in the mathematical and practical considerations involved in cryptographic primitives
- Designing a new cryptographic primitive is very time-consuming and very error prone, even for those expert in the field
- Since algorithms in this field are not only required to be designed well, but also need to be tested well by the cryptologist community, even if a cryptographic routine looks good from a design point of view it might still contain errors. Successfully withstanding such scrutiny gives some confidence (in fact, so far, the only confidence) that the algorithm is indeed secure enough to use; security proofs for cryptographic primitives are generally not available.
Cryptographic primitives are similar in some ways to programming language
Programming language
A programming language is an artificial language designed to communicate instructions to a machine, particularly a computer. Programming languages can be used to create programs that control the behavior of a machine and/or to express algorithms precisely....
s. A computer programmer rarely invents a new programming language while writing a new program; instead, he or she will use one of the already established programming languages to program in.
Cryptographic primitives are one of the building block of every crypto system, e.g., TLS
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
, SSL, SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
, etc. Crypto system designers, not being in a position to definitively prove their security, must take the primitives they use as secure. Choosing the best primitive available for use in a protocol usually provides the best available security. However, compositional weaknesses are possible in any crypto system and it is the responsibility of the designer(s) to avoid them.
Combining cryptographic primitives
Cryptographic primitives, on their own, are quite limited. They cannot be considered, properly, to be a cryptographic system. For instance, a bare encryption algorithm will provide no authentication mechanism, nor any explicit message integrity checking. Only when combined in security protocols, can more than one security requirement be addressed. For example, to transmit a message that is not only encoded but also protected from tinkering (i.e. it is confidentialConfidentiality
Confidentiality is an ethical principle associated with several professions . In ethics, and in law and alternative forms of legal resolution such as mediation, some types of communication between a person and one of these professionals are "privileged" and may not be discussed or divulged to...
and integrity-protected), an encoding routine, such as DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, and a hash-routine such as SHA-1 can be used in combination. If the attacker does not know the encryption key, he can not modify the message so that message digest values can't be successfully faked.
Combining cryptographic primitives to make a protocol is itself an entire specialization. Most exploitable errors (i.e., insecurities in crypto systems) are due not to design errors in the primitives (assuming always that they were chosen with care), but to the way they are used, i.e. bad protocol design and buggy or not careful enough implementation. Mathematical analysis of protocols is, at the time of this writing, not mature. There are some basic properties that can be verified with automated methods, such as BAN logic. There are even methods for full verification (e.g. the SPI calculus) but they are extremely cumbersome and cannot be automated. Protocol design is an art requiring deep knowledge and much practice; even then mistakes are common. An illustrative example, for a real system, can be seen on the OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
vulnerability news page at http://www.openssl.org/news/.
A List of cryptographic primitives: :Category:Cryptographic primitives
See also
- Data Encryption StandardData Encryption StandardThe Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
- Advanced Encryption StandardAdvanced Encryption StandardAdvanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
- SHA-1
- RSA algorithm
External links
- Budapest University of Technology and EconomicsBudapest University of Technology and EconomicsThe Budapest University of Technology and Economics , in hungarian abbreviated as BME, English official abbreviation BUTE, is the most significant University of Technology in Hungary and is also one of the oldest Institutes of Technology in the world, having been founded in 1782.-History:BME is...
's cryptographic laboratory http://www.crysys.hit.bme.hu/