Key (cryptography)

Encyclopedia

In cryptography

, a

) that determines the functional output of a cryptographic algorithm

or cipher

. Without a key, the algorithm would produce no useful result. In encryption

, a key specifies the particular transformation of plaintext

into ciphertext

, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature

schemes and message authentication code

s.

— "

provides evidence that it can be difficult to keep the details of a widely-used algorithm secret (see security through obscurity

). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.

Keeping keys secret is one of the most difficult problems in practical cryptography; see key management

. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving

or social engineering) can recover the original message from the encrypted data.

Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms.

A newer class of "public key" cryptographic algorithms was invented in the 1970s which uses a pair of keys, one to encrypt and one to decrypt. These asymmetric key algorithms allow one key to be made public while retaining the private key in only one location. They are designed so that finding out the private key is extremely difficult, even if the corresponding public key is known. A user of public key technology can publish their public key, while keeping their private key secret, allowing anyone to send them an encrypted message.

system the key must be at least as long as the message. In encryption systems that use a cipher

algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.

A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size

article for a fuller discussion.

The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring

and integer discrete logarithm

s which aim to have security equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography

may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As of 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force. The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad

, the security of these systems has not been proven mathematically, so a theoretical breakthrough could make everything one has encrypted an open book. This is another reason to err on the side of choosing longer keys.

provide a good source of high quality randomness.

When a password

(or passphrase

) is used as an encryption key, well-designed cryptosystems first run it through a key derivation function

which adds a salt

and compresses or expands it to the key length desired, for example by compressing a long phrase into a 128-bit value suitable for use in a block cipher

.

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

, a

**key**is a piece of information (a parameterParameter

Parameter from Ancient Greek παρά also “para” meaning “beside, subsidiary” and μέτρον also “metron” meaning “measure”, can be interpreted in mathematics, logic, linguistics, environmental science and other disciplines....

) that determines the functional output of a cryptographic algorithm

Algorithm

In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...

or cipher

Cipher

In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...

. Without a key, the algorithm would produce no useful result. In encryption

Encryption

In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

, a key specifies the particular transformation of plaintext

Plaintext

In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....

into ciphertext

Ciphertext

In cryptography, ciphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher...

, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature

Digital signature

A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...

schemes and message authentication code

Message authentication code

In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...

s.

## Need for secrecy

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This principle is known as Kerckhoffs' principleKerckhoffs' principle

In cryptography, Kerckhoffs's principle was stated by Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.Kerckhoffs's principle was reformulated by Claude Shannon as...

— "

*only secrecy of the key provides security*", or, reformulated as Shannon's maxim, "*the enemy knows the system*". The history of cryptographyHistory of cryptography

The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids...

provides evidence that it can be difficult to keep the details of a widely-used algorithm secret (see security through obscurity

Security through obscurity

Security through obscurity is a pejorative referring to a principle in security engineering, which attempts to use secrecy of design or implementation to provide security...

). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.

Keeping keys secret is one of the most difficult problems in practical cryptography; see key management

Key management

Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...

. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving

Dumpster diving

Dumpster diving is the practice of sifting through commercial or residential trash to find items that have been discarded by their owners, but that may be useful to the dumpster diver.-Etymology and alternate names:...

or social engineering) can recover the original message from the encrypted data.

Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms.

A newer class of "public key" cryptographic algorithms was invented in the 1970s which uses a pair of keys, one to encrypt and one to decrypt. These asymmetric key algorithms allow one key to be made public while retaining the private key in only one location. They are designed so that finding out the private key is extremely difficult, even if the corresponding public key is known. A user of public key technology can publish their public key, while keeping their private key secret, allowing anyone to send them an encrypted message.

## Key sizes

For the one-time padOne-time pad

In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...

system the key must be at least as long as the message. In encryption systems that use a cipher

Cipher

In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...

algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.

A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size

Key size

In cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...

article for a fuller discussion.

The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring

Factorization

In mathematics, factorization or factoring is the decomposition of an object into a product of other objects, or factors, which when multiplied together give the original...

and integer discrete logarithm

Discrete logarithm

In mathematics, specifically in abstract algebra and its applications, discrete logarithms are group-theoretic analogues of ordinary logarithms. In particular, an ordinary logarithm loga is a solution of the equation ax = b over the real or complex numbers...

s which aim to have security equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography

Elliptic curve cryptography

Elliptic curve cryptography is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz and Victor S...

may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As of 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force. The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad

One-time pad

In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...

, the security of these systems has not been proven mathematically, so a theoretical breakthrough could make everything one has encrypted an open book. This is another reason to err on the side of choosing longer keys.

## Key choice

To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a RFC on generating randomness (RFC 1750,*Randomness Recommendations for Security*). Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary diceDice

A die is a small throwable object with multiple resting positions, used for generating random numbers...

provide a good source of high quality randomness.

When a password

Password

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....

(or passphrase

Passphrase

A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...

) is used as an encryption key, well-designed cryptosystems first run it through a key derivation function

Key derivation function

In cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...

which adds a salt

Salt (cryptography)

In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored rather than the password, and still be used for authenticating users. The one-way function...

and compresses or expands it to the key length desired, for example by compressing a long phrase into a 128-bit value suitable for use in a block cipher

Block cipher

In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...

.

## See also

- Coinware is a variant of diceware using coins instead of dice. It allows generation of multilingual passphrases, especially from the readily made wordlists of Unicode for CJK languages.
- Cryptographic key typesCryptographic key typesOne of the most important aspects of any cryptographic system is key management; it is also the aspect which is most often neglected. A very common mistake is mixing different key types and reusing the same key for different purposes...

classification according to their usage - DicewareDicewareDiceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g....

describes a method of generating fairly easy-to-remember, yet fairly secure, passphrases, using only dice and a pencil. - EKMSEKMSThe Electronic Key Management System system is a United States National Security Agency led program responsible for Communications Security key management, accounting and distribution...
- Keyed hash algorithmHMACIn cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
- Key authenticationKey authenticationKey authentication is a problem that arises when using public key cryptography. It is the process of assuring that the public key of "person A" held by "person B" does in fact belong to "person A"....
- Key derivation functionKey derivation functionIn cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...
- Key distribution centerKey distribution centerIn cryptography, a key distribution center is part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others.-Security overview:For instance, an...
- Key escrowKey escrowKey escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys...
- Key exchangeKey exchangeKey exchange is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm....
- Key generationKey generationKey generation is the process of generating keys for cryptography. A key is used to encrypt and decrypt whatever data is being encrypted/decrypted....
- Key insulated cryptography
- Key managementKey managementKey management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
- Key scheduleKey schedule[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES [[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("[[Image:DES-key-schedule.png|thumbnail|220px|The key schedule of DES ("...
- Key serverKey server (cryptographic)In computer security, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be working on the same network as the key server or on another networked computer....
- Key signature (cryptography)Key signature (cryptography)In cryptography, a key signature is the result of applying a hash function on a key, for the purpose of simplifying operations on keys.For example, cryptographic keys are often quite large and cumbersome to compare, so a user who...
- Key signing partyKey signing partyIn cryptography, a key signing party is an event at which people present their PGP-compatible keys to others in person, who, if they are confident the key actually belongs to the person who claims it, digitally sign the PGP certificate containing that public key and the person's name, etc...
- Key stretching
- Key-agreement protocolKey-agreement protocolIn cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third-parties from forcing a key choice on the agreeing parties...
- glossary of concepts related to keys
- Password psychologyPassword psychologyLiving on the intersection of cryptography and psychology, password psychology is the study of what makes passwords or cryptographic keys easy to remember or guess.- See also :*Password strength*Password policy*Password cracking*Passphrase----...
- Public key fingerprintPublic key fingerprintIn public-key cryptography, a public key fingerprint is a short sequence of bytes used to authenticate or look up a longer public key. Fingerprints are created by applying a cryptographic hash function to a public key...
- Random number generator
- Self-certifying keySelf-certifying keyIn cryptography a self-certifying key system is one in which both the public key and the certificate are combined as one piece of information. The primary advantage of this system is that it reduces the overhead of having a separate public key andcertificate sent with each message....
- Session keySession keyA session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is traffic encryption key or TEK, which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys .Session keys can introduce...
- TripcodeTripcodeA tripcode is a means of telecommunication authentication that does not require registration. Tripcodes are most often used in 2channel-style message boards or Futaba Channel-style imageboards...
- Machine-readable paper keyTrusted paper keyA paper key is a machine-readable print of a cryptographic key. The printed key can be used to decrypt data, e.g. archives or backup data. A paper key can be the result of an offline private key protocol...
- Weak keyWeak keyIn cryptography, a weak key is a key, which, used with a specific cipher, makes the cipher behave in some undesirable way. Weak keys usually represent a very small fraction of the overall keyspace, which usually means that, if one generates a random key to encrypt a message, weak keys are very...