Cryptographic primitive

Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build computer security systems. These routines include, but are not limited to, one-way hash functions and encryption functions.

Contents

Rationale

When creating cryptographic systems, designers use cryptographic primitives as their most basic building blocks. Because of this, cryptographic primitives are designed to do one very specific task in a highly reliable fashion. They include encryption schemes, hash functions and digital signatures schemes.

Since cryptographic primitives are used as building blocks, they must be very reliable, i.e. perform according to their specification. E.g. if an encryption routine claims to be only breakable with X number of computer operations, then if it can be broken with significantly less than X operations, that cryptographic primitive is said to fail. If a cryptographic primitive is found to fail, almost every protocol that uses it becomes vulnerable. Since creating cryptographic routines is very hard, and testing them to be reliable takes a long time, it is essentially never sensible (nor secure) to design a new cryptographic primitive to suit the needs of a new cryptographic system. The reasons include:

  • The designer might not be competent in the mathematical and practical considerations involved in cryptographic primitives
  • Designing a new cryptographic primitive is very time-consuming and very error prone, even for those expert in the field
  • Since algorithms in this field are not only required to be designed well, but also need to be tested well by the cryptologist community, even if a cryptographic routine looks good from a design point of view it might still contain errors. Successfully withstanding such scrutiny gives some confidence (in fact, so far, the only confidence) that the algorithm is indeed secure enough to use; security proofs for cryptographic primitives are generally not available.

Cryptographic primitives are similar in some ways to programming languages. A computer programmer rarely invents a new programming language while writing a new program; instead, he or she will use one of the already established programming languages to program in.

Cryptographic primitives are one of the building block of every crypto system, e.g., TLS, SSL, SSH, etc. Crypto system designers, not being in a position to definitively prove their security, must take the primitives they use as secure. Choosing the best primitive available for use in a protocol usually provides the best available security. However, compositional weaknesses are possible in any crypto system and it is the responsibility of the designer(s) to avoid them.

Combining cryptographic primitives

Cryptographic primitives, on their own, are quite limited. They cannot be considered, properly, to be a cryptographic system. For instance, a bare encryption algorithm will provide no authentication mechanism, nor any explicit message integrity checking. Only when combined in security protocols, can more than one security requirement be addressed. For example, to transmit a message that is not only encoded but also protected from tinkering (i.e. it is confidential and integrity-protected), an encoding routine, such as DES, and a hash-routine such as SHA-1 can be used in combination. If the attacker does not know the encryption key, he can not modify the message so that message digest values can't be successfully faked.

Combining cryptographic primitives to make a protocol is itself an entire specialization. Most exploitable errors (i.e., insecurities in crypto systems) are due not to design errors in the primitives (assuming always that they were chosen with care), but to the way they are used, i.e. bad protocol design and buggy or not careful enough implementation. Mathematical analysis of protocols is, at the time of this writing, not mature. There are some basic properties that can be verified with automated methods, such as BAN logic. There are even methods for full verification (e.g. the SPI calculus) but they are extremely cumbersome and cannot be automated. Protocol design is an art requiring deep knowledge and much practice; even then mistakes are common. An illustrative example, for a real system, can be seen on the OpenSSL vulnerability news page at [1].

A List of cryptographic primitives: Category:Cryptographic primitives

See also

References

  • Levente Buttyán, István Vajda : Kriptográfia és alkalmazásai (Cryptography and its applications), Typotex 2004, ISBN 963-9548-13-8
  • Menezes, Alfred J : Handbook of applied cryptography, CRC Press, ISBN 0-8493-8523-7, October 1996, 816 pages.

External links



Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Primitive — is a subjective label used to imply that one thing is less sophisticated or less advanced than some other thing. Being a comparative word it is also relative in nature.Indigenous peoples and their beliefs and practices are sometimes described as… …   Wikipedia

  • Cryptanalysis of TIA's Common Cryptographic Algorithms — In 1992, the TR 45 working group within the Telecommunications Industry Association (TIA) developed a standard for integration of cryptographic technology into tomorrow s digital cellular systems [TIA92] , which has been updated at least once… …   Wikipedia

  • Block cipher modes of operation — This article is about cryptography. For method of operating , see modus operandi. In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.[1][2] A block cipher by itself… …   Wikipedia

  • Digital credential — Digital credentials are the digital equivalent of paper based credentials. Just as a paper based credential could be a passport, a Driver s license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket… …   Wikipedia

  • Рэймен, Винсент — Винсент Рэймен Vincent Rijmen …   Википедия

  • Phelix — – высокоскоростной поточный шифр, использующий одноразовый код аутентичности сообщения. Шифр был представлен на конкурсе eSTREAM в 2004 году. Авторами являются Брюс Шнайер, Дуг Уитинг, Стефан Люкс и Фредерик Мюллер. Агоритм содержит операции… …   Википедия

  • One-way function — Unsolved problems in computer science Do one way functions exist? In computer science, a one way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here easy and hard are to be… …   Wikipedia

  • Келси, Джон — В Википедии есть статьи о других людях с такой фамилией, см. Келси. Джон Келси англ. Kelsy,John Место рождения: США Научная сфера: криптография Место работы …   Википедия

  • Phelix — is a high speed stream cipher with a built in single pass message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller. The cipher uses only the… …   Wikipedia

  • Public key infrastructure — In cryptography, a public key infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique for each CA. The binding is established through …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.