## Encryption Glossary

**AES encryption**

AES stands for Advanced Encryption Standard. AES is a symmetric key encryption algorithm which replaces the commonly used Data Encryption Standard (DES). AES provides strong encryption and was selected by NIST as a Federal Information Processing Standard in November 2001 (FIPS-197). The AES algorithm uses three key sizes: a 128-, 192-, or 256-bit encryption key. Each encryption key size causes the algorithm to behave slightly differently, so the increasing key sizes not only offer a larger number of bits with which you can scramble the data, but also increase the complexity of the cipher algorithm. AES was developed by two Belgian cryptologists, Vincent Rijmen and Joan Daemen.

**Algebraic attack**

A method of cryptanalytic attack used against block ciphers that exhibit a significant amount of mathematical structure.

**Algorithm**

Algorithm is a process for completing a task. An encryption algorithm is a mathematical process (mathematical formula), to encrypt and decrypt messages. It typically has two elements: data (for example, plaintext or email message that you want to encrypt or decrypt) and a key. Also see Asymmetric Algorithm and Symmetric Algorithm

**Asymmetric Algorithm**

Asymmetric Algorithm (also known as public key cryptography) uses two different keys for encryption and decryption. Keys for encryption and decryption are mathematically related, but it is very hard or even impossible to deduce one key from the other. Asymmetric Algorithm is called “public key” because the encryption key can be made public. Anyone can use the public key to encrypt a message, but only the owner of the corresponding private key can decrypt it.

**Asymmetric Cryptography**

Asymmetric Cryptography (also known as public key cryptography) is encryption software that requires two keys: a public key and a private key. Encryption software users distribute their public key, but keep their private key to themselves. When someone wants to send an encrypted message, the sender uses the recipient’s public key to encrypt the message, which can only be decrypted by the person who holds the corresponding private key.

**Asymmetric Encryption**

Asymmetric encryption (Asymmetric Cipher) uses a seperate key for encryption and decryption. The decryption key is very hard or even impossible to derive from the encryption key. The encryption key is public so that anyone can encrypt a message. However, the decryption key is private, so that only the receiver is able to decrypt the message. It is common to set up a pair of keys within a network so that each user has a public key and a private key. The public key is made available to everyone so that they can send messages, but the private key is only made available to the person it belongs to.

**Asymmetric Cipher**

Cipher that uses different (not trivially related) keys for encryption and decryption. Also see Asymmetric Encryption

**Attack**

Either a successful or unsuccessful attempt at breaking part or all of a cryptosystem. Also see algebraic attack, birthday attack, brute force attack, chosen ciphertext attack, chosen plaintext attack, differential cryptanalysis, known plaintext attack, linear cryptanalysis, middleperson attack.

**Authentication**

Authentication is the process of verifying that a file or message has not been modified in transit from the sender to the recipient(s) or while stored on a computer.

**Back door**

A “back door” is an alternate, usually secret, method to decrypt an encrypted file or message without the key. This method is usually only known to a few people, such as the author of the program. Software that has a back door is not secure as “back door” greatly reduces the reliability of the implementation of an encryption algorithm.

**Birthday attack**

A brute-force attack used to find collisions. It gets its name from the surprising result that the probability of two or more people in a group of 23 sharing the same birthday is greater than 1/2.

**Block**

A fixed-length group of bits

**Block Cipher**

Block cipher (method for encrypting data in blocks) is a symmetric cipher which encrypts a message by breaking it down into blocks (commonly of 64 bits) and encrypting data in each block. Block Cipher is opposite to encoding bit-by-bit like stream cipher.

**Blowfish**

Blowfish is a symmetric encryption algorithm – 64-bit block cipher that employs the asymmetric key model. Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Blowfish has a variable key length – from 32 bits to 448 bits. Since then Blowfish has been analyzed considerably, and is gaining acceptance as a strong encryption algorithm.

**Brute Force Attack**

Brute Force Attack is a form of attack in which each possibility is tried until success is obtained. Typically, a ciphertext is deciphered under different keys until plaintext is recognized.

**CAST**

CAST is a popular 64-bit block cipher allowing key sizes up to 128 bits. The name CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST.

**Certificate**

A certificate is a data file that identifies an individual, organization, or business. Certificates are obtained from specialized certificate-issuing companies, and can be used to encrypt data and/or confirm the certificate owner’s identity.

**Chosen ciphertext attack**

An attack where the cryptanalyst may choose the ciphertext to be decrypted.

**Chosen plaintext attack**

A form of cryptanalysis where the cryptanalyst may choose the plaintext to be encrypted

**Cipher**

Cipher is a cryptographic algorithm used to encrypt and decrypt files and message (encryption algorithm).

Also see Block cipher and Stream cipher

**Ciphertext**

This is the encrypted message produced by applying the algorithm to the plaintext message using the secret key.

**Ciphertext-only attack**

A form of cryptanalysis where the cryptanalyst has some ciphertext but nothing else.

**Cleartext**

Unencrypted text, a.k.a. plaintext.

**Clipper**

Clipper is an encryption chip developed and sponsored by the U.S. government as part of the Capstone project.

**Cracker**

Cracker is someone who attempts to gain unauthorized access to a computer system.

**Cryptanalysis**

Cryptanalysis is an algorithm or program for testing cryptography for vulnerabilities.

**Cryptography**

Cryptography is a field of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication.

**Cryptography algorithm**

A cryptographic algorithm, also known as a cipher, is a mathematical function which uses plaintext as the input and produces ciphertext as the output and vice versa.

**Cryptology**

Cryptology is the study of both cryptography and cryptanalysis.

**Cryptosystem**

An encryption decryption algorithm (cipher), together with all possible plaintexts, ciphertexts and keys.

**Decryption**

Decryption is a process to convert ciphertext back into plaintext.

**DES Digital Encryption Standard.**

Digital Encryption Standard (DES) is a symmetric block cipher with 64-bit block size that uses using a 56-bit key which was originally developed by the US National Institute of Standards and Technology (NIST) in 1977 as a standard encryption algorithm. Due to recent advances in computer technology, some experts no longer consider DES secure against all attacks; since then Triple-DES (3DES) has emerged as a stronger method. Using standard DES encryption, Triple-DES encrypts data three times and uses a different key for at least one of the three passes giving it a cumulative key size of 112-168 bits. Also see Triple DES

**Dictionary attack**

A brute force attack that tries passwords and or keys from a precompiled list of values. This is often done as a precomputation attack.

**Differential cryptanalysis**

A chosen plaintext attack relying on the analysis of the evolution of the differences between two plaintexts.

**Diffie-Hellman**

Diffie-Hellman is the first public encryption key algorithm (public-key algorithm), invented in 1976, using discrete logarithms in a finite field. Allows two users to exchange a secret key over an insecure medium without any prior secrets.

**Digital Signature**

A small piece of code that is used to authenticate the sender of data. Digital signatures are created with encryption software for verification purposes. The signature is encrypted with the user’s private key and can only be decrypted with the corresponding public key to verify that the signature was really generated by the holder of the private key. See Asymmetric cryptography.

**Digital Signature Standard (DSS)**

Digital Signature Standard (DSS) is the U.S. government’s standard for authenticating a digital signature.

**FTP (File Transfer Protocol)**

FTP (File Transfer Protocol) – is an old but still widely used method for sending data across the Internet. The protocol itself has no security, so any login and password information is sent as plaintext. This means that if the login/password transmission is intercepted the security of any data stored on the FTP server may be compromised.

**Feistel Cipher**

The Feistel cipher is a basic block cipher, which was developed by Horst Feistel at IBM. Its particular structure forms the bases of many modern block ciphers. The first Feistel cipher patented was the Lucifer Cipher in 1971.

A Feistel cipher is a product cipher in that it applies the same basic encryption scheme iteratively for several rounds. It works on a block of bits of a set size and applies in each iteration a so called round function, i.e. an encryption function parameterised by a round key. Round keys are often derived from a general key and therefore called sub-keys. They are invoked in the encryption scheme by some function called a Feistel function.

**Feistel function**

Function applying the round key in the Feistel cipher, thereby effectively parameterising the round function.

**Feistel networks**

Feistel network is a general way of constructing block ciphers from simple functions. The original idea was used in the block cipher Lucifer, invented by Horst Feistel. Several variations have been devised from the original version. The standard Feistel network takes a function from n bits to n bits and produces an invertible function from 2n bits to 2n bits. The basic function upon which the structure is based is often called the round function. The essential property of Feistel networks that makes them so useful in cipher design is that the round function need not be invertible, but the resulting function always is. If the round function depends on, say, k bits of a key, then the Feistel cipher requires rk bits of the key where r is the number of rounds used. The security of the Feistel structure is not obvious, but analysis of DES has shown that it is a good way to construct ciphers. It is compulsory that a Feistel cipher has enough rounds, but just adding more rounds does not always guarantee security. Encryption

Encryption is the transformation of plaintext into ciphertext through a mathematical process.

**Encryption Algorithm**

Series of steps that mathematically transforms plaintext or other readable information into unintelligible ciphertext.

**International Data Encryption Algorithm (IDEA)**

IDEA stands for International Data Encryption Algorithm. IDEA is a block cipher using a symmetric algorithm based on a 128 bit key. This key length makes it impossible to break by simply trying every key. International Data Encryption Algorithm (IDEA) was introduced in 1992 as a potential alternative to DES. IDEA is the data encryption algorithm used in PGP.

**DSA**

The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS).

**Key**

Key is a collection of bits which is used to encrypt or decrypt messages, documents or other types of electronic data. The more numbers of bits the key has, the stronger it is to break because there are more possible permutations of data bits. Since bits are binary, the number of possible permutations for a key of is 2 x number of bits. The specific way a key is used depends on whether it’s used with asymmetric or symmetric cryptography. See also distributed key, private key, public key, secret key, symmetric key, weak key.

**Key Escrow**

Key Escrow is a process that requires a copy of all decryption keys be placed into escrow so that encrypted messages may be decrypted as required by a law enforcement agency.

**Key exchange**

A process used by two or more parties to exchange keys in cryptosystems.

**Key management**

The various processes that deal with the creation, distribution, authentication, and storage of keys.

**Key pair**

The full key information in a public-key cryptosystem, consisting of the public key and private key.

**Key Schedule**

A function to generate round keys from one input key.

**Known plaintext attack**

A form of cryptanalysis where the cryptanalyst knows both the plaintext and the associated ciphertext.

**Linear cryptanalysis**

A known plaintext attack that uses linear approximations to describe the behavior of the block cipher. See known plaintext attack.

**Lucifer**

First simple Feistel cipher.

**Meet-in-the-middle attack**

A known plaintext attack against double encryption with two separated keys where the attacker encrypts a plaintext with a key and “decrypts” the original ciphertext with another key and hopes to get the same value.

**Middleperson attack**

A person who intercepts keys and impersonates the intended recipients.

**Password**

Passwords are keys you use to access personal information you store on your PC and in your accounts. Passwords help to ensure that only authorized users access PC and accounts. Passwords protect personal information we don’t want anyone knows.

**Permutation Box (P-Box)**

An operation that takes a set of input blocks, combines them and applies a permutation.

**PGP (Pretty Good Privacy)**

PGP (Pretty Good Privacy) – is a public-private key cryptography system which allows for users to more easily integrate the use of encryption in their daily tasks, such as electronic mail protection and authentication, and protecting files stored on a computer. PGP is available for free to individual home users. It was originally designed by Phil Zimmerman. It uses IDEA, CAST or Triple DES for actual data encryption and RSA (with up to 2048-bit key) or DH/DSS (with 1024-bit signature key and 4096-bit encryption key) for key management and digital signatures. The RSA or DH public key is used to encrypt the IDEA secret key as part of the message.

**PKAF**

Public Key Authentication Framework (PKAF) is a system for authenticating digital signatures based on a hierarchy of trusted signatures.

**Plaintext**

Plaintext is unencrypted text (cleartext), the original message or filet o which an encryption algorithm is applied.

**Precomputation attack**

An attack where the adversary precomputes a look-up table of values used to crack encryption or passwords. See also dictionary attack.

**Prime number**

Any integer greater than 1 that is divisible only by 1 and itself.

**Private Key**

Private key is a secret key of a public-private key cryptography system (it is used in asymmetric cryptography). The Private Key is normally known only to the key owner. Messages are encrypted using the Public Key and can be decrypted by the owner of the corresponding Private Key. For digital signatures, however, a document is signed with a Private Key and authenticated with the corresponding Public Key. Private keys should not be distributed. Also see Asymmetric cryptography.

**Product cipher**

Cipher that applies the same basic encryption scheme iteratively forseveral rounds.

**Public Key**

Public keys is the public key of a public-private key cryptography system. Public key is used in asymmetric cryptography. Public keys are used to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message. Also see Asymmetric cryptography.

**Public-key Cryptography**

Cryptography based on methods involving a public key and a private key.

**Public-key algorithms**

Public-key algorithms (also known as Asymmetric algorithms) use two different keys (a key pair) for encryption and decryption: a public key and a private key. Encryption software users distribute their public key, but keep their private key to themselves. When someone wants to send an encrypted message, the sender uses the recipient’s public key to encrypt the message, which can only be decrypted by the person who holds the corresponding private key.

**RC2**

RC2 is a variable-key-length cipher. It was invented by Ron Rivest for RSA Data Security, Inc. Its details have not been published.

**RC4**

RC4 was developed by Ron Rivest in 1987. It is a variable-key-size stream cipher. It is a cipher with a key size of up to 2048 bits (256 bytes).

**RC6**

RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard (AES) competition. RC6 encryption algorithm was selected among the other finalists to become the new federal Advanced Encryption Standard (AES).

**Round function**

The parameterised encryption function applied during one round of Feistel cipher.

**RSA**

RSA is the best known public key algorithm, named after its inventors: Rivest, Shamir and Adleman. RSA uses public and private keys that are functions of a pair of large prime numbers. Its security is based on the difficulty of factoring large integers. The RSA algorithm can be used for both public key encryption and digital signatures. The keys used for encryption and decryption in RSA algorithm, are generated using random data. The key used for encryption is a public key and the key used for decryption is a private key. Public keys are stored anywhere publicly accessible. The sender of message encrypts the data using public key, and the receiver decrypts it using his/her own private key. That way, no one else can intercept the data except receiver.

Encryption is done with a public key(or private key for signature). Decryption is done with a private key (or public key to verify signature).

**Salt**

A string of random (or pseudorandom) bits concatenated with a key or password to foil precomputation attacks.

**Secret Key**

Secret Key is the the input for the algorithm. A secret key can be a number, a word, or just a string of random letters. Secret key is applied to the information to change the content in a particular way.

**Signature**

See Digital Signature

**Symmetric algorithms**

Symmetric algorithms use the same key for Encryption and Decryption. Symmetric algorithms require that both the sender and the receiver agree on a key before they can exchange messages securely. Some symmetric algorithms (Stream Ciphers) operate on 1 bit (or sometimes 1 byte) of plaintext at a time (encrypt data bit-by-bit). Other symmetric algorithms (Block Ciphers) operate on blocks of bits at a time – encrypts a message by breaking it down into blocks (commonly of 64 bits) and encrypting data in each block.

**Symmetric Cryptography**

Symmetric Cryptography is a method of encryption in which the same key is used for Encryption and Decryption. The sender and receiver have to agree on a key before they can communicate securely.

**Symmetric Encryption**

Symmetric encryption uses a secret key value to encrypt and decrypt data. Both the sender and receiver need the same key to encrypt or decrypt. There are two types of symmetric algorithms: stream algorithms and block algorithms. The stream algorithm works on one bit or byte at a time, whereas the block algorithm works on larger blocks of data (typically 64 bits). The drawback to this type of system is that if the key is discovered, all messages can be decrypted.

**Symmetric Key**

Symmetric Key is the key that is used to for both encrypting and decrypting a file or a message.

**SSH (Secure Shell)**

SSH (Secure Shell) is a protocol that allows someone using one computer to remotely operate another computer. Unlike Telnet, however, it uses secure (encrypted) transmissions.

**Steganography**

Steganography is the process of hiding data inside other data. For example, a text file could be hidden “inside” an image or a sound file. By looking at the image, or listening to the sound, you would not know that there is extra information present.

**Stream Cipher**

Stream cipher is a symmetric cipher which encrypts data bit-by-bit. Stream Cipher is opposite to a block cipher.

**Substitution**

Substitution means replacing symbols or group of symbols by other symbols or groups of symbols. Substitution without transposition doesn’t provide sufficient security, but strong ciphers can be built by combining them.

**Substitution Box**

Substitution Box (S-Box) is a lookup table that substitutes n-bit block for m-bit block.

**Substitution-Permutation Network (SPN)**

Substitution-Permutation Network (SPN) is a cipher composed of a number of stages, each involving substitutions and permutations. Well known examples of SPNs are DES and CAST-128.

**Telnet**

Telnet is a protocol that allows someone using one computer to remotely operate another computer. Telnet, like FTP, is not secure. Security is possible by using special Telnet server/client software or an alternative protocol (like SSH).

**Transposition**

Transposition, on the other hand, means permuting the symbols in a block. Transposition without substitution doesn’t provide sufficient security, but strong ciphers can be built by combining them.

**Triple DES**

Triple DES is a method of improving the strength of the DES algorithm by using it three times in sequence with different keys. Triple DES uses a 64-bit key consisting of 56 effective key bits and 8 parity bits. The size of the block for Triple DES is 8 bytes. Triple-DES encrypts the data in 8-byte chunks.