3.1 Secret keys and Kerckhoffs’s principle

Let’s assume a plaintext m is mapped onto a ciphertext c. Earlier, we formalized this situation in the equation c = fK(m). You may have wondered why there is a parameter K. In cryptography, we distinguish between the encryption algorithm f and the key K. We can think of the algorithm as some kind of general template for how to perform encryption. The key is a (secret) parameter that transforms the general template into some specific instantiation that can be used to encrypt the plaintext. It is very important to distinguish between the two and not to treat fK as a single entity, because the algorithm and the key have very different security requirements. This was realized first by the 19th-century cryptographer Auguste Kerckhoffs, who in 1883 formulated his famous principle that a cryptosystem should be secure even if everything about the system, except the key, is known to the attacker [189]. To understand the motivation behind this principle, think of some mechanical encryption devices as they were used by the military in the 19th century. These devices had to be manufactured somewhere, and many people got to see their specifications. Moreover, they could easily get lost in battle. So, it was not wise to assume that the mechanism, that is, the encryption algorithm, could be kept secret over a long period of time.

Kerckhoffs’s principle was reformulated in the 20th century by information theory pioneer Claude Shannon succinctly as the enemy knows the system [161]. In that form, it is called Shannon’s maxim [189].

Today, as encryption algorithms are implemented in software, we face the same situation: it is simply not possible to reliably hide the inner workings of an algorithm within the code implementing it. One recent example where the ”security by obscurity” approach failed is provided by the CSS algorithm for scrambling the contents of DVDs [78]. The specification of the CSS algorithm was not public. In contrast, it was provided only to manufacturers of playing devices who were willing to sign an agreement with the content owners to the effect that the devices were refusing to create copies of the DVDs. However, the algorithm could be quickly reverse-engineered by analyzing a software-based DVD player.

Modern cryptographers even take Kerckhoffs’ principle one step further by asserting that public algorithms are more secure than non-public algorithms because public algorithms can be scrutinized by an international community of experts.