Kerckhoffs' principle

From CryptoDox, The Online Encyclopedia on Cryptography and Information Security

In cryptography, Kerckhoffs' principle (also called Kerckhoffs' assumption, axiom or law) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. It was reformulated (perhaps independently) by Claude Shannon as "the enemy knows the system". In that form it is called Shannon's maxim. In contrast to security through obscurity, it is widely embraced by cryptographers.

In accordance with Kerckhoffs' principle, the majority of civilian cryptography makes use of publicly-known algorithms. By contrast, ciphers used to protect classified government or military information are often kept secret (see Type 1 encryption).

The law was one of six design principles laid down by Kerckhoffs for military ciphers. Translated from French, they are:^[1]

1. The system must be practically, if not mathematically, indecipherable;
2. It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
3. Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
4. It must be applicable to telegraphic correspondence;
5. It must be portable, and its usage and function must not require the concourse of several people;
6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.

Bruce Schneier ties it in with a belief that all security systems must be designed to fail as gracefully as possible:

"Kerckhoffs' principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness—and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility."^[2]

Any security system depends crucially on keeping some things secret. However, Kerckhoffs' principle points out that the things which are kept secret ought to be those which are least costly to change if inadvertently disclosed. A cryptographic algorithm may be implemented by hardware and software which is widely distributed among its users; if security depended on keeping that secret, then disclosure would lead to major logistic headaches in developing, testing and distributing implementations of a new algorithm -- it is "brittle". Whereas if the secrecy of the algorithm were not important, but only that of the keys used with the algorithm, then disclosure of the keys would require the much less arduous process of generating and distributing new keys.

Or in other words, the fewer and simpler the things one needs to keep secret in order to ensure the security of the system, the easier it is to maintain that security.

Yet another paraphrase of this principle comes from Rop Gonggrijp, who applies it to voting computers:

"The more complex and difficult-to-change the secrets are that you need to keep, the more prone your system is to catastrophic failure.

Conversely, the cheaper and easier it is to change the secrets in a system, the more robust it becomes."^[3]

Eric Raymond extends this principle in support of open source software, saying

Any security software design that doesn't assume the enemy possesses the source code is already untrustworthy; therefore, *never trust closed source*. ^[4]

The controversial idea that open-source software is inherently more secure than closed-source is promoted by the concept of security through transparency.

An example of technology which relies upon a secret cryptosystem is WLAN Authentication and Privacy Infrastructure (WAPI), the wireless LAN security standard the Chinese government has proposed to encompass civilian uses on a global scale.

References

1. ↑ Auguste Kerckhoffs, "La cryptographie militaire", Journal des sciences militaires, vol. IX, pp. 5–83, Jan. 1883, pp. 161–191, Feb. 1883. Available online
2. ↑ Mann, Charles C., The Atlantic Monthly, Homeland Insecurity
3. ↑ "Nedap/Groendaal ES3B voting computer: a security analysis" by Rop Gonggrijp, Willem-Jan Hengeveld, et. al. from the "We do not trust voting computers" foundation Wij vertrouwen stemcomputers niet.
4. ↑ If Cisco ignored Kerckhoffs's Law, users will pay the price [LWN.net]

External links

• John Savard article discussing Kerckhoffs' design goals for ciphers
• Reference to Kerckhoffs' original paper, with scanned original text