# Glossary

**AES** Advanced Encryption Standard. The standard block cipher algorithm designated by the NIST for symmetric key cryptography (FIPS PUB 197). It is also known as Rijndael code.

**ASCII** American Standard Code for Information Interchange. The code generally used by most computer systems to translate characters into binary numbers.

**Block Cipher** A symmetric cipher which encrypt fixed-length groups of bits into fixed length group of bits. The message is broken up into substrings (called blocks) of a fixed length and encrypted block by block. The integer is called the **block-length**. NIST recognizes only 3 types of block ciphers AES, Triple-DES and Skipjack.

**Block Coding** Any encoding function that encodes a block of words instead of one word at a time.

**BSC** Binary Symmetric Channel. A communication channel transporting the binary symbols (*0, 1*) for which the probabilities *p* of receiving a *1* when 0 is transmitted is equal to the probability of receiving *0 *when *1* is transmitted the same error.

**Certificate** An electronic file it contains both an identity and a public key, Anybody can create a certificate, however for the certificate to have any degree of trust and avoid man in the middle attack it has to be signed by a third, trusted party called the Certification Authority (CA). Typically the CA issues and signs the certificate, binding the identity and the public key of the user. Certificates issued by CAs are widely used as a means of authentication over the Internet because anybody in possession of the Certification Authority’s public key can verify the signature on the certificate

**Certification Authority (CA)** The trusted party that signs and distribute certificates. This party guarantees that upon creating the digital signature it has verified the identity of the public key owner (e.g. by checking ID, address, etc) and verified that this public key owner has the corresponding private key. The public key of the CA can be signed

**Cryptanalysis** The art and science of deciphering encrypted messages.

**CRC** Cyclic Redundancy Check. A widely used error detection code.

**DES** Data Encryption Standard. The standard block cipher algorithm adopted by NIST for symmetric key cryptography in the late 70’s. It has been superseded by AES.

**Digital Signature** A protocol by which the recipient of a message can verify that the sender of the message is in possession of the private key corresponding to a given public key and that the message itself has not been tampered with. Digital signatures should be used in conjunction with certificates to avoid the possibility of impersonation.

**DSS** Digital Signature System. A protocol used to electronically sign documents.

**ECC** Elliptic Curve Cryptography. A public key cryptographic system based on the mathematical properties of elliptic curves.

**ENIGMA** The generic name given to a family of mechanical-rotor based ciphering devices utilized by the German forces during World War II.**Entropy** A measure of the amount of uncertainty. Entropy is directly related to the number of

*a priori*possible outcomes of a given event. For example, the entropy of a random binary string of length is .

**FIPS** Federal Information Processing Standards. The collective name for a series of standards related to information processing issued by NIST.

**GPG** GNU Privacy Guard. Open source, freeware version of PGP.

**GSM** Global System for Mobile telecommunications. The international standard for satellite phones.

**Hacker** Originally the terms was used for creative programmers who program in an unorthodox way but it is now used to described those who use their technical skills to gain illegal

access into computer networks to steal or vandalize information. A good hacker must have cryptanalytic skills.

**Hamming Distance** The number of characters in which two strings (words) differ, measured with the metric of the corresponding alphabet.

**Hash Function** A function that output a shorter version or digest of an input message. For cryptographic applications the hash function must be one-way (the input cannot be easily derived from the output) and has collisions-free (low probability that two different inputs will give the same output).

**Kerberos** A trusted server-based protocol that provides authentication and key exchange for symmetric encryption systems. It is the logical equivalent of PKI. Windows 2000 operative system authentication is based on Kerberos.

**Key Reconciliation** A protocol by which two communicating entities obtain the same secret string after exchanging information over a public network.

**LFSR** Linear Feed-back Shift Register. A pseudo-random sequence generator based on a recurrence relation.

**McElliece Cryptosystem** A public key cryptosystem based on linear error correcting codes.

**MD5** A Message -Digest Algorithm (hash function) used for signature schemes. Described in RFC1321, it has been compromised in 2004 and lately exploited in 2008 to create rogue certificates.

**Memoryless Source (or Channel)** A source of symbols for which the probabilities of output a given symbol does not depend on any of the previously output symbols.

**NIST** National Institute of Standards and Technologies. The United

States’ federal agency that develops and promotes measurement, standards and technology.

**NSA** National Security Agency. The United States’ intelligence agency

responsible for the security and cryptanalysis of electronic communications. It grew from a small US Navy task group in the World War II to be the largest employer of cryptographers in the

world nowadays.

**One-time pad** A perfectly secure symmetric key encryption system that uses a random, secret key of the same length of the message to transmit.

**PGP** Pretty Good Privacy. Data and message encryption computer software developed by Phil Zimmermann on the basis of standard algorithms and public key encryption.

**PKI** Public Key Infrastructure. A Public Key directory database, often associated with key-pair generation functions, that provides authentication over medium to large networks.

**Private Key** The element of an asymmetric-key system key-pair that is kept secret by each user. This part of the key-pair is used for decryption.

**Public Key** The element of an asymmetric-key system key-pair that is shared with other users. This part of the key-pair is used by senders to encrypt a message.

**Quantum cryptography** A form of cryptography that employs quantum properties of photons to exchange a random key over a public channel with perfect secrecy.

**QKD** Quantum Key Distribution. A system to generate and distribute symmetric encryption keys using a quantum channel.

**Root Certificate** X.509 certificates are predicated on a hierarchy of CA and end user certificates. The signer’s public key can be used to verify a signature on data and, as this public key is linked to the owner’s identity by a certificate, the link itself can be verified by verifying the certificate’s signature. This is done using the public key of the issuing CA, which is included in the CA certificate, one layer up in the hierarchy. This CA certificate will itself be signed by a CA another layer up in the hierarchy. At the top of the ladder there is the root certificate, that is self signed, and that has to be trusted for its own sake. Root certificates are included within web browsers upon release.

**RSA** A public-key cryptosystem patented by Rivest, Shamir, and Adleman in 1976. It is based on the computational difficulty of factoring large composite numbers. It the most widely implemented of the public key algorithms, included in applications such as PGP and SSL.

**Shannon bit** The amount of information gained (or entropy removed) upon learning the answer to a question whose two possible answers were equally likely, a priori.

**SSL** Secure Socket Layer. A widespread protocol used mainly for authentication of Internet transactions.

**Symmetric-Key Encryption** An encryption system in which both parties use the same secret key to encrypt and decrypt messages.

**TCP/IP** Transmission Control Protocol/Internet Protocol. Protocols used for the transmission of information within networks of computers. TCP/IP have became the *de facto* standard for all networks connected to the Internet.

**Triple-DES** Symmetric key encryption system based on the successive application of three DES ciphers having different keys. It is one of the 3 NIST approved block ciphers and described in NIST special publication SP800-67.

**VOIP** Voice Over IP. Any of the protocols used to digitize and pack a voice channel signal to be sent over a TCP/IP link.

**WEP** Wired Equivalent Privacy. IEEE protocol used for data encryption of wireless LANs. This protocol has been broken and should not be used for sensitive applications

**WPA** Wi-fi Protected Access. The current, and fairly secure, data encryption protocol for wireless LANs.

**X.509 Certificate** A certificate that conforms to RFC3280 rules for certificate revocation. It is the format widely for digital certificates on the Internet.

Pingback: The end of the road for MD5 signed SSL Certificates « CyptoBlog

Hello there, I discovered your blog by means of Google whilst looking for a comparable matter, your web site came up, it appears great. I’ve added to favourites|added to bookmarks.