RSA Labs FAQ 4.0


385 14 909KB

English Pages 216 Year 1998

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Table of Contents......Page 3
Foreword......Page 8
Question 1.1. What is the RSA Laboratories' Frequently Asked Questions About Today's Cryptography?......Page 9
Question 1.2. What is cryptography?......Page 10
Question 1.3. What are some of the more popular techniques in cryptography?......Page 11
Question 1.4. How is cryptography applied?......Page 12
Question 1.5. What are cryptography standards?......Page 14
Question 1.6. What is the role of the United States government in cryptography?......Page 15
Question 1.7. Why is cryptography important?......Page 16
Question 2.1.1. What is public-key cryptography?......Page 18
Question 2.1.2. What is secret-key cryptography?......Page 19
Question 2.1.3. What are the advantages and disadvantages of public-key cryptography compared with secret-key cryptography?......Page 20
Question 2.1.4. What is a block cipher?......Page 21
Question 2.1.5. What is a stream cipher?......Page 25
Question 2.1.6. What is a hash function?......Page 27
Question 2.1.7. What are Message Authentication Codes (MACs)?......Page 28
Question 2.1.8. What are interactive proofs and zero-knowledge proofs?......Page 29
Question 2.1.9. What are secret sharing schemes?......Page 30
Question 2.2.1. What is privacy?......Page 31
Question 2.2.2. What is a digital signature and what is authentication?......Page 32
Question 2.2.3. What is a key agreement protocol?......Page 33
Question 2.2.4. What is a digital envelope?......Page 34
Question 2.2.5. What is identification?......Page 35
Question 2.3.1. What is a hard problem?......Page 36
Question 2.3.2. What is a one-way function?......Page 37
Question 2.3.3. What is the factoring problem?......Page 38
Question 2.3.4. What are the best factoring methods in use today?......Page 39
Question 2.3.5. What improvements are likely in factoring capability?......Page 40
Question 2.3.7. What is the discrete logarithm problem?......Page 42
Question 2.3.8. What are the best discrete logarithm methods in use today?......Page 43
Question 2.3.9. What are the prospects for a theoretical breakthrough in the discrete log problem?......Page 44
Question 2.3.10. What are elliptic curves?......Page 45
Question 2.3.11. What are lattice-based cryptosystems?......Page 46
Question 2.3.12. What are some other hard problems?......Page 47
Question 2.4.1. What is cryptanalysis?......Page 48
Question 2.4.2. What are some of the basic types of cryptanalytic attack?......Page 49
Question 2.4.3. What is exhaustive key search?......Page 50
Question 2.4.4. What is the RSA Secret Key Challenge?......Page 51
Question 2.4.5. What are the most important attacks on symmetric block ciphers?......Page 52
Question 2.4.7. What are the most important attacks on stream ciphers?......Page 54
Question 2.4.8. What are the most important attacks on MACs?......Page 55
Question 2.4.9. At what point does an attack become practical?......Page 56
Question 2.5.1. What is primality testing?......Page 57
Question 2.5.2. What is random number generation?......Page 58
Question 3.1.1. What is RSA?......Page 59
Question 3.1.2. How fast is RSA?......Page 60
Question 3.1.3. What would it take to break RSA?......Page 61
Question 3.1.4. What are strong primes and are they necessary for RSA?......Page 62
Question 3.1.5. How large a key should be used in RSA?......Page 63
Question 3.1.6. Could users of RSA run out of distinct primes?......Page 64
Question 3.1.7. How is RSA used for privacy in practice?......Page 65
Question 3.1.8. How is RSA used for authentication and digital signatures in practice?......Page 66
Question 3.1.9. Is RSA currently in use?......Page 67
Question 3.1.10. Is RSA an official standard today?......Page 68
Question 3.1.11. Is RSA a de facto standard?......Page 69
Question 3.2.1. What is DES?......Page 70
Question 3.2.2. Has DES been broken?......Page 71
Question 3.2.3. How does one use DES securely?......Page 72
Question 3.2.4. Should one test for weak keys in DES?......Page 73
Question 3.2.5. Is DES a group?......Page 74
Question 3.2.6. What is triple-DES?......Page 75
Question 3.2.7. What is DES-X?......Page 76
Question 3.2.8. What are some other DES variants?......Page 77
Question 3.3.1. What is the AES?......Page 78
Question 3.3.2. What are some candidates for the AES?......Page 79
Question 3.3.3. What is the schedule for the AES?......Page 80
Question 3.4.1. What are DSA and DSS?......Page 81
Question 3.4.2. Is DSA secure?......Page 82
Question 3.5.1. What are elliptic curve cryptosystems?......Page 83
Question 3.5.2. Are elliptic curve cryptosystems secure?......Page 84
Question 3.5.3. Are elliptic curve cryptosystems widely used?......Page 85
Question 3.5.4. How do elliptic curve cryptosystems compare with other cryptosystems?......Page 86
Question 3.6.1. What is Diffie-Hellman?......Page 87
Question 3.6.2. What is RC2?......Page 88
Question 3.6.3. What is RC4?......Page 89
Question 3.6.4. What is RC5?......Page 90
Question 3.6.5. What are SHA and SHA-1?......Page 91
Question 3.6.6. What are MD2, MD4, and MD5?......Page 92
Question 3.6.7. What are some other block ciphers?......Page 93
Question 3.6.8. What are some other public-key cryptosystems?......Page 95
Question 3.6.9. What are some other signature schemes?......Page 97
Question 3.6.10. What are some other stream ciphers?......Page 98
Question 3.6.11. What other hash functions are there?......Page 99
Question 3.6.12. What are some secret sharing schemes?......Page 100
Question 4.1.1. What is key management?......Page 102
Question 4.1.2.1. What key size should be used?......Page 103
Question 4.1.2.2. How does one find random numbers for keys?......Page 104
Question 4.1.2.3. What is the life cycle of a key?......Page 105
Question 4.1.3.1. What is a PKI?......Page 106
Question 4.1.3.2. Who needs a key pair?......Page 107
Question 4.1.3.3. How does one get a key pair?......Page 108
Question 4.1.3.4. Should a key pair be shared among users?......Page 109
Question 4.1.3.5. What happens when a key expires?......Page 110
Question 4.1.3.6. What happens if my key is lost?......Page 111
Question 4.1.3.7. What happens if my private key is compromised?......Page 112
Question 4.1.3.8. How should I store my private key?......Page 113
Question 4.1.3.9. How do I find someone else's public key?......Page 114
Question 4.1.3.10. What are certificates?......Page 115
Question 4.1.3.11. How are certificates used?......Page 116
Question 4.1.3.12. Who issues certificates and how?......Page 117
Question 4.1.3.13. How do certifying authorities store their private keys?......Page 118
Question 4.1.3.14. How are certifying authorities susceptible to attack?......Page 119
Question 4.1.3.15. What if a certifying authority's key is lost or compromised?......Page 120
Question 4.1.3.16. What are Certificate Revocation Lists (CRLs)?......Page 121
Question 4.2.1. What is electronic money?......Page 122
Question 4.2.2. What is iKP?......Page 123
Question 4.2.3. What is SET?......Page 124
Question 4.2.4. What is Mondex?......Page 125
Question 4.2.5. What are micropayments?......Page 126
Question 5.1.1. What is S/MIME?......Page 127
Question 5.1.2. What is SSL?......Page 128
Question 5.1.3. What is S/WAN?......Page 129
Question 5.1.4. What is IPSec?......Page 130
Question 5.1.5. What is SSH?......Page 131
Question 5.1.6. What is Kerberos?......Page 132
Question 5.2.1. What are CAPIs?......Page 133
Question 5.2.2. What is the GSS-API?......Page 134
Question 5.2.3. What are RSA BSAFE CRYPTO-C and RSA BSAFE CRYPTO-J?......Page 135
Question 5.2.4. What is SecurPC?......Page 136
Question 5.2.5. What is SecurID?......Page 137
Question 5.2.6. What is PGP?......Page 138
Question 5.3.1. What are ANSI X9 standards?......Page 139
Question 5.3.2. What are the ITU-T (CCITT) Standards?......Page 141
Question 5.3.3. What is PKCS?......Page 143
Question 5.3.4. What are ISO standards?......Page 144
Question 5.3.5. What is IEEE P1363?......Page 145
Question 5.3.6. What are some other cryptography specifications?......Page 146
Section 6.1. Legal Disclaimer.......Page 147
Question 6.2.1. What is NIST?......Page 148
Question 6.2.2. What is the NSA?......Page 149
Question 6.2.3. What is Capstone?......Page 150
Question 6.2.4. What is Clipper?......Page 151
Question 6.2.5. What is the Current Status of Clipper?......Page 152
Question 6.2.6. What is Fortezza?......Page 153
Question 6.3.1. Is RSA patented?......Page 154
Question 6.3.2. Is DSA patented?......Page 155
Question 6.3.3. Is DES patented?......Page 156
Question 6.3.4. Are elliptic curve cryptosystems patented?......Page 157
Question 6.3.5. What are the important patents in cryptography?......Page 158
Question 6.4.1. Can RSA be exported from the United States?......Page 159
Question 6.4.2. Can DES be exported from the United States?......Page 160
Question 6.4.3. Why is cryptography export-controlled?......Page 161
Question 6.4.4. Are digital signature applications exportable from the United States?......Page 162
Question 6.5.1. Which major countries have import restrictions on cryptography?......Page 163
Question 7.1. What is probabilistic encryption?......Page 164
Question 7.2. What are special signature schemes?......Page 165
Question 7.3. What is a blind signature scheme?......Page 166
Question 7.4. What is a designated confirmer signature?......Page 167
Question 7.5. What is a fail-stop signature scheme?......Page 168
Question 7.6. What is a group signature?......Page 169
Question 7.7. What is a one-time signature scheme?......Page 170
Question 7.8. What is an undeniable signature scheme?......Page 171
Question 7.9. What are on-line/off-line signatures?......Page 172
Question 7.10. What is OAEP?......Page 173
Question 7.11. What is digital timestamping?......Page 174
Question 7.12. What is key recovery?......Page 176
Question 7.13. What are LEAFs?......Page 177
Question 7.14. What is PSS/PSS-R?......Page 178
Question 7.15. What are covert channels?......Page 179
Question 7.16. What are proactive security techniques?......Page 180
Question 7.17. What is quantum computing?......Page 181
Question 7.18. What is quantum cryptography?......Page 182
Question 7.19. What is DNA computing?......Page 183
Question 7.20. What are biometric techniques?......Page 184
Question 7.21. What is tamper-resistant hardware?......Page 185
Question 7.22. How are hardware devices made tamper-resistant?......Page 186
Question 8.1. Where can I learn more about cryptography?......Page 187
Question 8.2. Where can I learn more about cryptographic protocols and architecture?......Page 188
Question 8.3. Where can I learn more about recent advances in cryptography?......Page 189
Question 8.4. Where can I learn more about electronic commerce?......Page 190
Question 8.5. Where can I learn more about cryptography standards?......Page 191
Question 8.6. Where can I learn more about laws concerning cryptography?......Page 192
Glossary......Page 193
References......Page 203
Recommend Papers

RSA Labs FAQ 4.0

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Citation preview

Copyright © 1996, 1998 RSA Data Security, Inc. All rights reserved. RSA BSAFE Crypto-C, RSA BSAFE Crypto-J, PKCS, S/WAN, RC2, RC4, RC5, MD2, MD4, and MD5 are trademarks or registered trademarks of RSA Data Security, Inc. Other products and names are trademarks or registered trademarks of their respective owners. For permission to reprint or redistribute in part or in whole, send e-mail to [email protected] or contact your RSA representative.

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

2

Table of Contents Table of Contents............................................................................................ 3 Foreword......................................................................................................... 8 Section 1: Introduction .................................................................................... 9 Question 1.1. What is the RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography? ................................................................................................................ 9 Question 1.2. What is cryptography? ............................................................................................ 10 Question 1.3. What are some of the more popular techniques in cryptography? ................... 11 Question 1.4. How is cryptography applied? ............................................................................... 12 Question 1.5. What are cryptography standards? ....................................................................... 14 Question 1.6. What is the role of the United States government in cryptography? ............... 15 Question 1.7. Why is cryptography important? ........................................................................... 16

Section 2: Cryptography................................................................................ 18 Section 2.1: Cryptographic Tools ..................................................................................................... 18 Question 2.1.1. What is public-key cryptography?...................................................................... 18 Question 2.1.2. What is secret-key cryptography? ....................................................................... 19 Question 2.1.3. What are the advantages and disadvantages of public-key cryptography compared with secret-key cryptography? ...................................................... 20 Question 2.1.4. What is a block cipher? ......................................................................................... 21 Question 2.1.5. What is a stream cipher? ...................................................................................... 25 Question 2.1.6. What is a hash function? ...................................................................................... 27 Question 2.1.7. What are Message Authentication Codes (MACs)? ......................................... 28 Question 2.1.8. What are interactive proofs and zero-knowledge proofs? .............................. 29 Question 2.1.9. What are secret sharing schemes? ....................................................................... 30

Section 2.2: Simple Applications of Cryptography ........................................................................... 31 Question 2.2.1. Question 2.2.2. Question 2.2.3. Question 2.2.4. Question 2.2.5.

What is privacy? .................................................................................................... 31 What is a digital signature and what is authentication? ................................. 32 What is a key agreement protocol? ..................................................................... 33 What is a digital envelope? .................................................................................. 34 What is identification? .......................................................................................... 35

Section 2.3: Hard Problems ............................................................................................................. 36 Question 2.3.1. What is a hard problem? ...................................................................................... 36 Question 2.3.2. What is a one-way function? ............................................................................... 37 Question 2.3.3. What is the factoring problem? ........................................................................... 38 Question 2.3.4. What are the best factoring methods in use today? ......................................... 39 Question 2.3.5. What improvements are likely in factoring capability?................................... 40 Question 2.3.7. What is the discrete logarithm problem? ........................................................... 42 Question 2.3.8. What are the best discrete logarithm methods in use today? ......................... 43 Question 2.3.9. What are the prospects for a theoretical breakthrough in the discrete log problem? ................................................................................................................. 44 Question 2.3.10. What are elliptic curves? .................................................................................... 45 Question 2.3.11. What are lattice-based cryptosystems? ............................................................ 46 Question 2.3.12. What are some other hard problems?............................................................... 47

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

3

Section 2.4: Cryptanalysis .............................................................................................................. 48 Question 2.4.1. Question 2.4.2. Question 2.4.3. Question 2.4.4. Question 2.4.5. Question 2.4.7. Question 2.4.8. Question 2.4.9.

What is cryptanalysis? .......................................................................................... 48 What are some of the basic types of cryptanalytic attack? .............................. 49 What is exhaustive key search? ........................................................................... 50 What is the RSA Secret Key Challenge? ............................................................. 51 What are the most important attacks on symmetric block ciphers? .............. 52 What are the most important attacks on stream ciphers? ............................... 54 What are the most important attacks on MACs? .............................................. 55 At what point does an attack become practical? ............................................... 56

Section 2.5: Supporting Tools in Cryptography ............................................................................... 57 Question 2.5.1. What is primality testing? ................................................................................... 57 Question 2.5.2. What is random number generation? ................................................................. 58

Section 3.1: RSA ............................................................................................................................ 59 Question 3.1.1. What is RSA? .......................................................................................................... 59

Section 3: Techniques in Cryptography.......................................................... 60 Question 3.1.2. How fast is RSA? .................................................................................................... 60 Question 3.1.3. What would it take to break RSA? ...................................................................... 61 Question 3.1.4. What are strong primes and are they necessary for RSA?............................... 62 Question 3.1.5. How large a key should be used in RSA? .......................................................... 63 Question 3.1.6. Could users of RSA run out of distinct primes? ............................................... 64 Question 3.1.7. How is RSA used for privacy in practice? ......................................................... 65 Question 3.1.8. How is RSA used for authentication and digital signatures in practice? ...... 66 Question 3.1.9. Is RSA currently in use? ........................................................................................ 67 Question 3.1.10. Is RSA an official standard today? .................................................................... 68 Question 3.1.11. Is RSA a de facto standard? ................................................................................ 69

Section 3.2: DES ............................................................................................................................ 70 Question 3.2.1. Question 3.2.2. Question 3.2.3. Question 3.2.4. Question 3.2.5. Question 3.2.6. Question 3.2.7. Question 3.2.8.

What is DES? .......................................................................................................... 70 Has DES been broken? .......................................................................................... 71 How does one use DES securely? ....................................................................... 72 Should one test for weak keys in DES? .............................................................. 73 Is DES a group? ...................................................................................................... 74 What is triple-DES? ............................................................................................... 75 What is DES-X? ...................................................................................................... 76 What are some other DES variants? ................................................................... 77

Section 3.3: AES ............................................................................................................................. 78 Question 3.3.1. What is the AES? .................................................................................................... 78 Question 3.3.2. What are some candidates for the AES? ............................................................ 79 Question 3.3.3. What is the schedule for the AES? ...................................................................... 80

Section 3.4: DSA ............................................................................................................................ 81 Question 3.4.1. What are DSA and DSS? ....................................................................................... 81 Question 3.4.2. Is DSA secure? ........................................................................................................ 82

Section 3.5: Elliptic Curve Cryptosystems ....................................................................................... 83 Question 3.5.1. Question 3.5.2. Question 3.5.3. Question 3.5.4.

What are elliptic curve cryptosystems? ............................................................. 83 Are elliptic curve cryptosystems secure? ........................................................... 84 Are elliptic curve cryptosystems widely used? ................................................ 85 How do elliptic curve cryptosystems compare with other cryptosystems? . 86

Section 3.6: Other Cryptographic Techniques ................................................................................. 87 Question 3.6.1. What is Diffie-Hellman? ....................................................................................... 87

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

4

Question 3.6.2. What is RC2? .......................................................................................................... 88 Question 3.6.3. What is RC4? .......................................................................................................... 89 Question 3.6.4. What is RC5? .......................................................................................................... 90 Question 3.6.5. What are SHA and SHA-1? .................................................................................. 91 Question 3.6.6. What are MD2, MD4, and MD5? ......................................................................... 92 Question 3.6.7. What are some other block ciphers? ................................................................... 93 Question 3.6.8. What are some other public-key cryptosystems? ............................................. 95 Question 3.6.9. What are some other signature schemes? .......................................................... 97 Question 3.6.10. What are some other stream ciphers? ............................................................... 98 Question 3.6.11. What other hash functions are there? ............................................................... 99 Question 3.6.12. What are some secret sharing schemes? ........................................................ 100

Section 4: Applications of Cryptography...................................................... 102 Section 4.1: Key Management ...................................................................................................... 102 Question 4.1.1. What is key management? ................................................................................. 102

Section 4.1.2: General .................................................................................................................. 103 Question 4.1.2.1. What key size should be used? ...................................................................... 103 Question 4.1.2.2. How does one find random numbers for keys?........................................... 104 Question 4.1.2.3. What is the life cycle of a key? ........................................................................ 105

Section 4.1.3: Public Key Issues ................................................................................................... 106 Question 4.1.3.1. What is a PKI? ................................................................................................... 106 Question 4.1.3.2. Who needs a key pair? ..................................................................................... 107 Question 4.1.3.3. How does one get a key pair? ......................................................................... 108 Question 4.1.3.4. Should a key pair be shared among users? .................................................. 109 Question 4.1.3.5. What happens when a key expires? .............................................................. 110 Question 4.1.3.6. What happens if my key is lost? .................................................................... 111 Question 4.1.3.7. What happens if my private key is compromised? ..................................... 112 Question 4.1.3.8. How should I store my private key? ............................................................. 113 Question 4.1.3.9. How do I find someone else’s public key? ................................................... 114 Question 4.1.3.10. What are certificates? ..................................................................................... 115 Question 4.1.3.11. How are certificates used? ............................................................................. 116 Question 4.1.3.12. Who issues certificates and how? ................................................................ 117 Question 4.1.3.13. How do certifying authorities store their private keys? ........................... 118 Question 4.1.3.14. How are certifying authorities susceptible to attack? ............................... 119 Question 4.1.3.15. What if a certifying authority’s key is lost or compromised? .................. 120 Question 4.1.3.16. What are Certificate Revocation Lists (CRLs)? .......................................... 121

Section 4.2: Electronic Commerce ................................................................................................ 122 Question 4.2.1. What is electronic money? .................................................................................. 122 Question 4.2.2. What is iKP? ......................................................................................................... 123 Question 4.2.3. What is SET? ......................................................................................................... 124 Question 4.2.4. What is Mondex? ................................................................................................. 125 Question 4.2.5. What are micropayments? ................................................................................. 126

Section 5: Cryptography in the Real World .................................................. 127 Section 5.1: Security on the Internet ............................................................................................ 127 Question 5.1.1. Question 5.1.2. Question 5.1.3. Question 5.1.4. Question 5.1.5.

What is S/MIME? ................................................................................................ 127 What is SSL? ......................................................................................................... 128 What is S/WAN? ................................................................................................. 129 What is IPSec? ...................................................................................................... 130 What is SSH? ........................................................................................................ 131

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

5

Question 5.1.6. What is Kerberos? ................................................................................................ 132

Section 5.2: Development Security Products................................................................................. 133 Question 5.2.1. Question 5.2.2. Question 5.2.3. Question 5.2.4. Question 5.2.5. Question 5.2.6.

What are CAPIs? .................................................................................................. 133 What is the GSS-API? .......................................................................................... 134 What are RSA BSAFE CRYPTO-C and RSA BSAFE CRYPTO-J? .................. 135 What is SecurPC? ................................................................................................. 136 What is SecurID? ................................................................................................. 137 What is PGP? ........................................................................................................ 138

Section 5.3: Cryptography Standards ...........................................................................................139 Question 5.3.1. Question 5.3.2. Question 5.3.3. Question 5.3.4. Question 5.3.5. Question 5.3.6.

What are ANSI X9 standards? ........................................................................... 139 What are the ITU-T (CCITT) Standards? ......................................................... 141 What is PKCS? ..................................................................................................... 143 What are ISO standards? .................................................................................... 144 What is IEEE P1363?............................................................................................ 145 What are some other cryptography specifications? ....................................... 146

Section 6: Laws Concerning Cryptography .................................................. 147 Section 6.1. Legal Disclaimer. ....................................................................................................... 147 Section 6.2: Government Involvement ...........................................................................................148 Question 6.2.1. Question 6.2.2. Question 6.2.3. Question 6.2.4. Question 6.2.5. Question 6.2.6.

What is NIST? ...................................................................................................... 148 What is the NSA?................................................................................................. 149 What is Capstone? ............................................................................................... 150 What is Clipper? .................................................................................................. 151 What is the Current Status of Clipper? ............................................................ 152 What is Fortezza? ................................................................................................ 153

Section 6.3: Patents on Cryptography ..........................................................................................154 Question 6.3.1. Question 6.3.2. Question 6.3.3. Question 6.3.4. Question 6.3.5.

Is RSA patented? .................................................................................................. 154 Is DSA patented? ................................................................................................. 155 Is DES patented? .................................................................................................. 156 Are elliptic curve cryptosystems patented? .................................................... 157 What are the important patents in cryptography? ......................................... 158

Section 6.4: United States Cryptography Export/Import Laws ....................................................... 159 Question 6.4.1. Question 6.4.2. Question 6.4.3. Question 6.4.4.

Can RSA be exported from the United States? ................................................ 159 Can DES be exported from the United States? ................................................ 160 Why is cryptography export-controlled? ......................................................... 161 Are digital signature applications exportable from the United States? ....... 162

Section 6.5: Cryptography Export/Import Laws in Other Countries ................................................ 163 Question 6.5.1. Which major countries have import restrictions on cryptography? ............ 163

Section 7: Miscellaneous Topics .................................................................. 164 Question 7.1. What is probabilistic encryption? ........................................................................ 164 Question 7.2. What are special signature schemes? .................................................................. 165 Question 7.3. What is a blind signature scheme?....................................................................... 166 Question 7.4. What is a designated confirmer signature? ........................................................ 167 Question 7.5. What is a fail-stop signature scheme? ................................................................. 168 Question 7.6. What is a group signature? ................................................................................... 169 Question 7.7. What is a one-time signature scheme? ................................................................ 170 Question 7.8. What is an undeniable signature scheme? .......................................................... 171 Question 7.9. What are on-line/off-line signatures? ................................................................. 172 Question 7.10. What is OAEP? ..................................................................................................... 173 RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

6

Question 7.11. What is digital timestamping? ............................................................................ 174 Question 7.12. What is key recovery? .......................................................................................... 176 Question 7.13. What are LEAFs? .................................................................................................. 177 Question 7.14. What is PSS/PSS-R? ............................................................................................. 178 Question 7.15. What are covert channels? .................................................................................. 179 Question 7.16. What are proactive security techniques? .......................................................... 180 Question 7.17. What is quantum computing? ............................................................................ 181 Question 7.18. What is quantum cryptography? ........................................................................ 182 Question 7.19. What is DNA computing? ................................................................................... 183 Question 7.20. What are biometric techniques? ......................................................................... 184 Question 7.21. What is tamper-resistant hardware? .................................................................. 185 Question 7.22. How are hardware devices made tamper-resistant? ....................................... 186

Section 8: Further Reading .......................................................................... 187 Question 8.1. Question 8.2. Question 8.3. Question 8.4. Question 8.5. Question 8.6.

Where can I learn more about cryptography? .................................................... 187 Where can I learn more about cryptographic protocols and architecture? .... 188 Where can I learn more about recent advances in cryptography? .................. 189 Where can I learn more about electronic commerce? ........................................ 190 Where can I learn more about cryptography standards? ................................. 191 Where can I learn more about laws concerning cryptography? ...................... 192

Glossary ...................................................................................................... 193 References .................................................................................................. 203

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

7

Foreword This document is the fourth version of RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography. Completely revised, restructured, and updated, it covers many more questions than the previous version, which was published in September 1995. The FAQ represents the contributions of numerous individuals. Particular appreciation is due to Paul Fahn, who wrote the first and second versions while an RSA Laboratories research assistant in 1992 and 1993, to Sambasivam Valliappan, who drafted the third version as an RSA Laboratories research assistant in Summer 1995. Other contributors to the fourth version include Jim Bidzos, John Brainard, Victor Chang, Scott Contini, Dana Ellingen, James Gray, Ari Juels, Burt Kaliski, Patrick Lee, John Linn, Paul Livesay, Hoa Ly, Tim Matthews, Matthew Robshaw, Ray Sidney, Bob Silverman, Jessica Staddon, Jeff Stapleton, Kurt Stammberger, and Yiqun Lisa Yin from RSA Data Security, Michael Baum from VeriSign, Mathew Butler, Stuart Haber from Bellcore, Bart Preneel from Katholieke Universiteit, and Scott Stornetta from Surety Technologies. Special thanks to Patrick Lee, Eliza Sachs, Michael Girdley, Jason Gillis, and Clint Chan for carefully reading through the final draft and providing many helpful suggestions. Special thanks also to Jason Thompson and Brandon Richards for converting the FAQ to the web. Finally, special thanks to Jeff Ylvisaker, who helped with the editing throughout. The technical editors are RSA Laboratories research assistants Moses Liskov and Beverly Schmoock. Comments on the FAQ are encouraged. Address correspondence to: FAQ Editor RSA Laboratories 2955 Campus Drive, Suite 400 San Mateo, CA 94403-2507 USA Tel: 650-295-7600 Fax: 650-295-7700

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

8

Section 1: Introduction Question 1.1. What is the RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography? The RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography is a large collection of questions about modern cryptography, cryptanalysis, and issues related to them. The information is presented in question and answer form. Version 4.0 of the FAQ is markedly different from previous versions, primarily in the general structure of the document. Section 1: Introduction. This section is intended for those who are interested in learning about cryptography but don’t know very much about it. The introduction gives a brief overview of the field of cryptography and related issues. Section 2: Cryptography. This section expands on the overview of the field of cryptography and related issues, providing more detail about the concepts involved in cryptography. It lays the conceptual groundwork for the next section. Section 3: Techniques in Cryptography. Cryptographic algorithms are the basic building blocks of cryptographic applications and protocols. This section presents most of the important encryption algorithms, hash functions, stream ciphers, and other basic cryptographic algorithms. Section 4: Applications of Cryptography. This section is an overview of the most important protocols and systems made possible by cryptography. In particular, it discusses the issues involved in establishing a cryptographic infrastructure, and it gives a brief overview of some of the electronic commerce techniques available today. Section 5: Cryptography in the Real World. This section goes over some of the most important cryptographic systems in place around the world today, including secure Internet communications, and some of the more popular cryptographic products. It also gives an overview of the major groups of cryptographic standards. Section 6: Laws Concerning Cryptography. This section deals with the legal and political issues associated with cryptography, including government involvement, patent issues, and import and export regulations. Note that while this section includes legal information, it should not be used as a substitute for consulting an attorney. Section 7: Miscellaneous Topics. This section contains additional applications of cryptography, including new technologies and techniques as well as some of the more important older techniques and applications. Section 8: Further Reading. This section lists suggestions for further information about cryptography and related issues. Glossary. Contains a brief definition of most of the terms in this document. Note: We have not attempted to be, nor could we be, exhaustive in answering every possible question. We hope that this document will be both a useful introductory text and a useful reference for those interested in the field of cryptography.

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

9

Question 1.2. What is cryptography? As the field of cryptography has advanced, the dividing lines for what is and what is not cryptography have become blurred. Cryptography today might be summed up as the study of techniques and applications that depend on the existence of difficult problems. Cryptanalysis is the study of how to compromise (defeat) cryptographic mechanisms, and cryptology (from the Greek kryptós lógos, meaning “hidden word”) is the discipline of cryptography and cryptanalysis combined. To most people, cryptography is concerned with keeping communications private. Indeed, the protection of sensitive communications has been the emphasis of cryptography throughout much of its history [Kah67]. However, this is only one part of today’s cryptography. Encryption is the transformation of data into a form that is as close to impossible as possible to read with out the appropriate knowledge (a key). Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form. Encryption and decryption generally require the use of some secret information, referred to as a key. For some encryption mechanisms, the same key is used for both encryption and decryption; for other mechanisms, the keys used for encryption and decryption are different (see Question 2.1.1). Today’s cryptography is more than encryption and decryption. Authentication is as fundamentally a part of our lives as privacy. We use authentication throughout our everyday lives -when we sign our name to some document for instance and, as we move to a world where our decisions and agreements are communicated electronically, we need to have electronic techniques for providing authentication. Cryptography provides mechanisms for such procedures. A digital signature (see Question 2.2.2) binds a document to the possessor of a particular key, while a digital timestamp (see Question 7.11) binds a document to its creation at a particular time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high security installation, or a pay-per-view TV channel. The field of cryptography encompasses other uses as well. With just a few basic cryptographic tools, it is possible to build elaborate schemes and protocols that allow us to pay using electronic money (see Question 4.2.1), to prove we know certain information without revealing the information itself (see Question 2.1.8), and to share a secret quantity in such a way that a subset of the shares can reconstruct the secret (see Question 2.1.9). While modern cryptography is growing increasingly diverse, cryptography is fundamentally based on problems that are difficult to solve. A problem may be difficult because its solution requires some secret knowledge, such as decrypting an encrypted message or signing some digital document. The problem may also be hard because it is intrinsically difficult to complete, such as finding a message that produces a given hash value. Surveys by Rivest [Riv90] and Brassard [Bra88] form an excellent introduction to modern cryptography. Some textbook treatments are provided by Stinson [Sti95] and Stallings [Sta95], while Simmons provides an in-depth coverage of the technical aspects of cryptography [Sim92]. A comprehensive review of modern cryptography can also be found in Applied Cryptography [Sch96b]; Ford [For94] provides detailed coverage of issues such as cryptography standards and secure communication.

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

10

Question 1.3. What are some of the more popular techniques in cryptography? There are two types of cryptosystems: secret key and public key (see Questions 2.1.2 and 2.1.1). In secret-key cryptography, also referred to as symmetric cryptography, the same key is used for both encryption and decryption. The most popular secret-key cryptosystem in use today is known as DES, the Data Encryption Standard. IBM developed DES in the middle 1970’s and it has been a Federal Standard ever since 1976. In public-key cryptography, each user has a public key and a private key. The public key is made public while the private key remains secret. Encryption is performed with the public key while decryption is done with the private key. The RSA public-key cryptosystem is the most popular form of public-key cryptography. RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem. The Digital Signature Algorithm (DSA) is also a popular public-key technique, though it can only be used only for signatures, not encryption. Elliptic curve cryptosystems (ECCs) are cryptosystems based on mathematical objects known as Elliptic Curves (see Question 2.3.10.). Elliptic curve cryptography has been gaining in popularity recently. Lastly, the Diffie-Hellman key agreement protocol is a popular public-key technique for establishing secret keys over an insecure channel.

RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography, v4.0

11

Question 1.4. How is cryptography applied? Cryptography is extremely useful; there is a multitude of applications, many of which are currently in use. A typical application of cryptography is a system built out of the basic techniques. Such systems can be of various levels of complexity. Some of the more simple applications are secure communication, identification, authentication, and secret sharing. More complicated applications include systems for electronic commerce, certification, secure electronic mail, key recovery, and secure computer access. In general, the less complex the application, the more quickly it becomes a reality. Identification and authentication schemes exist widely, while electronic commerce systems are just beginning to be established. Secure Communication Secure communication is the most straightforward use of cryptography. Two people may communicate securely by encrypting the messages sent between them. This can be done in such a way that a third party eavesdropping may never be able to decipher the messages. While secure communication has existed for centuries, the key management problem has prevented it from becoming commonplace. Thanks to the development of public-key cryptography, the tools exist to create a large-scale network of people who can communicate securely with one another even if they had never communicated before. Identification and Authentication Identification and authentication are two widely used applications of cryptography. Identification is the process of verifying someone’s or something’s identity. For example, when withdrawing money from a bank, a teller asks to see identification (e.g. a driver’s license) to verify the identity of the owner of the account. This same process can be done electronically using cryptography. Every automatic teller machine (ATM) card is associated with a “secret” personal identification number (PIN), which binds the owner to the card and thus to the account. When the card is inserted into the ATM, the machine prompts the cardholder for the PIN. If the correct PIN is entered, the machine identifies that person as the rightful owner and grants access. Another important application of cryptography is authentication. Authentication is similar to identification, in that both allow an entity access to resources (such as an Internet account), but authentication is broader because it does not necessarily involve identifying a person or entity. Authentication merely determines whether that person or entity is authorized for whatever is in question. For more information on authentication and identification, see Question 2.2.5. Secret Sharing Another application of cryptography, called secret sharing, allows the trust of a secret to be distributed among a group of people. For example, in a (K, N)-threshold scheme, information about a secret is distributed in such a way that any K out of the N people (K