Principle of Kerckhoffs

For the electrical circuits, to see the Laws of Kirchhoff.

---- The principle of Kerckhoffs was stated by Auguste Kerckhoffs at the end 19th century in an article in two parts military cryptography of the Newspaper of military sciences (vol. IX, pp. 5-38, January 1883, pp. 161-191, February 1883). This principle expresses that the safety of a Cryptosystème should rest only on the secrecy of the key . In other words, all the other parameters must be supposed publicly known. He was reformulated, perhaps independently, by Claude Shannon: “the adversary knows the system”. This formulation is known under the name of the maxim of Shannon . It is the principle generally adopted by the Cryptologue S, in opposition to the Sécurité by the darkness.

The figures used by the Civil S respect the principle of Kerckhoffs in general. Those used by the Militaire S tend on the contrary to use secret systems. For example, with the the United States, coding known as Type 1 encryption is certified by NSA.

Statement

This principle is in fact one of the seven laws stated by Kerckhoffs in its treaty of military cryptography. The rules which it states to ensure a confidential communication are:

a data should not in no case to be able to be deciphered without the knowledge of its key.
the interlocutors should not undergo damage if the system of coding would be revealed.
the key must be simple and modifiable with wish.
the cryptograms must be transportable, i.e. télégraphiables.
the apparatus of coding and the documents must be transportable.
the system must be simple of use.
the system of figuring must be examined by experts as a preliminary.

Interpretations

The interpretation of this principle by Bruce Schneier milked with “elegance” in the breaking of a cryptosystème. Translated from English: “The principle of Kerckhoffs applies beyond the figures and of the codes, i.e. with the security systems in general: any secrecy is in fact a possible point of break. Consequently, the secrecy is a main cause of brittleness, therefore that even can bring a system to a catastrophic collapse. Contrary, the opening brings ductility. ”

It is useful to detail on what Bruce Schneier understands by “brittleness” since all the security systems depend because of keeping something secret. What Schneier implies it is which what is kept secret must be what is the least expensive to change if the secrecy proved revealed. For example, a cryptosystème can be implemented on computer material and software which is largely dispersed through several users. If safety depends to hold this secret distribution, then its disclosure would lead to a considerable logistic work of development, tests and of distribution of new algorithms. On the other hand, if the secrecy of the algorithm is not important, and that only that of the key is, then the disclosure of a key involves less problems: it is enough to generate a news and to distribute it of it. In short, less there are secrecies, less one must make maintenance.

Another interpretation, that of Eric Raymond, sermon in favor of the Free software. Translated from English: “Any algorithm of safety whose design rests on the insurance that the adversary does not have the source code is already not sure; therefore, one never should trust a software with closed source code. ”. The idea that the free software, therefore with opened source code, implies more safety is a subject of controversy.

References

Auguste Kerckhoffs, military cryptography , Newspaper of military sciences, vol. IX, pp. 5-83, Jan. 1883, pp. 161-191, févr. 1883.

External bonds

the original article of Kerckhoffs, digitized
Discussion of the principle of Kerckhoffs compared to the design of the figures

Random links: