Cryptography provides the mechanisms we need to operate securely in cyberspace. Before we explore these, it’s necessary to understand the basic anatomy of a cryptographic security mechanism. Two critical components—keys and algorithms—form the entire basis for cryptography.
The Critical Role of a Key
Let’s revisit, once again, your typical day in the physical world and reconsider the purpose of some of the featured security mechanisms.
The purpose of the envelope containing the bill was to make sure only you and the energy company knew the details of the bill. The front-door lock and key made sure only you could enter your house. The pharmacist behaved in a way only a genuine pharmacist should be able to do. The private conversation ensured that only you and the pharmacist could hear the details. The cash had physical features only found on genuine currency.
Only, only . . . the essence of any security mechanism is to allow something to happen only in certain circumstances. A security mechanism can be used to keep out the rabble or distinguish a particular item from a crowd. A security mechanism enables some special capability. The front-door lock and key of your house provide you with the special capability to enter the house. A whispered conversation grants those in earshot the special capability of being able to hear the details. A banknote’s security features provide it with the special capability to serve as legal tender.
In the physical world, special security capabilities are facilitated in various ways. The most obvious means is something you have, such as a door key, a badge, a ticket, or a letter of introduction.1 It can be somewhere you are, such as being close enough to hear a private conversation, or being inside a concert hall for an event you purchased a ticket to. It can be something you are, such as a fingerprint or an iris scan. It can also be something you know, such as a friend’s voice or the fact that you have to say “Open sesame” to enter a cave of treasure.2 A special capability can also be facilitated through a mixture of different approaches. Your pharmacist potentially had something special (a badge), was standing somewhere special (behind the counter of the pharmacy), was something special (maybe someone you recognized), and knew special things (how to talk pharmacology to you).
The method of providing a special security capability that translates most readily to cyberspace is the last one: something you know. In cryptography, this special information is referred to as a key. The terminology is no coincidence, since a cryptographic key plays a role similar to that of a front-door key. Only someone knowing a cryptographic key will be able to do some particular thing, just as only the holder of a front-door key can unlock the door and enter a particular house. In most cases, a key is a secret piece of information, knowledge of which is used to separate one person from another in cyberspace. Notice that I used the phrase “in most cases.” Let’s assume for now that keys are secrets, but this is not always true.
Here I have to confess that I’ve been a little lax in my use of language. In most situations in cyberspace it is computers, not people, who are communicating. It’s not even always true that a person is actively operating these computers. It might thus be more accurate to regard the function of a cryptographic key as not ensuring that “knowledge” of the key distinguishes one “person” from another, but ensuring that only an entity (could be a human, could be a computer) who has access to the key will be able to perform certain tasks in cyberspace.
The most important thing to realize about keys is this: you don’t have the special capability to enter your own home; this capability belongs to whoever has a copy of your front-door key. It’s the same for cryptographic keys. Access to the appropriate cryptographic key is all that’s required to charge mobile calls to your account, make bank card payments, download movies, open your car door, and so on.
Bits and Bytes
We use cryptography every day, and on most such occasions we use keys. Although we often use cryptography unconsciously and never see our keys, it’s worth considering what cryptographic keys look like.
First let’s consider how computers represent information. Just as our brains convert information into things such as language, computers convert information into numbers. All the information we store, send, and process in cyberspace is represented in computers as numbers. When we type text into a computer, it first translates this text into numbers before doing whatever it has been tasked to do. When we want information back, the computer converts these numbers back into text so that we can make sense of them. A similar process takes place when we upload images. These are made up of tiny pixels, each of which is translated by a computer into a number that specifies the precise pixel color.
The numbers that computers use are not the decimal numbers that we are most familiar with. Computers operate on binary numbers, which consist only of the digits 0 and 1. Binary is simply a different way of writing numbers. Every decimal number has a binary representation, and vice versa. For example, the decimal number 17 is written as 10001 (“one zero zero zero one,” not “ten thousand and one”) in binary, and the binary number 1101 is written as 13 in decimal. Each digit of a binary number is referred to as a bit. These bits form the atomic units of digital information. Four bits are referred to as a nibble, and two nibbles form a byte. (Don’t ever think computer scientists lack a sense of humor!)
The information we want computers to process does not normally consist only of decimal numbers. Suppose you type the characters “K9!” into a computer. In order to do anything with this data, the computer first needs to represent “K9!” as a binary number. Keyboard symbols are converted into bits (in fact, bytes) by a system called ASCII (American Standard Code for Information Interchange), which defines the rules for switching between keyboard characters and bits. In our example, the ASCII code for the character “K” is the byte 01001011, character “9” is 00111001,3 and character “!” is 00100001. A computer faced with the ASCII code 01001011 00111001 00100001 knows to reconvert the code, for our benefit, back into the character string “K9!”.
Sometimes it’s useful to talk about the size of data. Since data consists of binary numbers, the simplest measure of its size is the number of bits. The size could also be measured in bytes. For example, 1011001100001111 is 16 bits long, which is the same as saying it is 2 bytes long. When data is large, all sorts of grander terms are used, such as kilobytes (1,000 bytes), megabytes (1,000 kilobytes), gigabytes (1,000 megabytes), and terabytes (1,000 gigabytes).
Cryptographic keys are just special items of data, so a computer needs to represent a key as a binary number. Since the size of a cryptographic key is an important security measure, you will often encounter references to the key length4 of a cryptographic algorithm. A common key length for much of the cryptography we use today is 128 bits.
Where’s My Key?
If you use cryptographic keys all the time, then where are they? Let’s consider a specific example. You use cryptography every time you make a call on your mobile phone. The security of this process is based on the ability of your mobile-network operator to distinguish you from the other 5 billion phone users on the planet.5 The operator does so by giving you a secret cryptographic key, a secret number, that only you and your mobile operator “know.” Use of this number tells the operator it’s you trying to make the mobile phone call. This is only almost correct, as I will now explain.
What is the special secret number used when you make a mobile call? It’s certainly not your mobile phone number; that’s not a secret, is it? You almost certainly don’t know the cryptographic key you use on your mobile phone. There are two good reasons why, neither of which is that you’re not allowed to know it.
The first, and probably most important, reason is that cryptographic keys are big numbers. Asked to remember a number between 0 and 10, you will, in all likelihood, succeed. You are probably even capable of remembering numbers up to 10,000, even 1 million, since numbers of this length are often used as PINs, which is something I’ll return to shortly. On the cryptographic scale of things, 1 million is not a big number. Cryptographic keys are not even very big numbers. Keys are typically numbers of a size almost beyond our comprehension.
As an example, try to imagine what 40,000 times the number of stars in our universe looks like.6 Even if you can wrap your head around this number, you will still be operating at the wrong level of magnitude. While we once used cryptographic keys of this approximate size, such keys are no longer regarded as anywhere close to large enough to provide security for most modern applications of cryptography. Instead, we use keys that are 1 trillion times this number in size. If you’re now suffering from numerical vertigo, then you understand the point. No average human being can readily remember a contemporary secret cryptographic key.
The second reason you don’t know the key used by your mobile phone is that you, the person currently using the phone, are not necessarily the one who matters. What your mobile operator really cares about is not who is using your mobile phone, or even which mobile phone is being used to make the call. The operator really cares only about where to send the bill. What it needs, then, is something uniquely linked to a particular mobile phone account that is capable of “knowing” and using a spectacularly large secret number. You were given precisely such a thing when you first opened your account. It’s a very small plastic card with a tiny embedded microchip called a subscriber identity module (SIM), which is inserted into your phone. The main purpose of this SIM is to store a secret cryptographic key. Since this key is what distinguishes your account from all others on the planet, if you let someone else borrow your phone, or stick your SIM into a different phone, you will still receive the bill.
Most cryptographic keys are gigantic numbers that are directly used by computers, not people. Hence, most keys are either to be found on computers themselves, or stored on devices that connect to computers. For example, the keys that protect transactions made using your bank card are stored on the chip embedded in your card. The keys to your Wi-Fi network are stored on your router. The keys used to protect data you exchange while shopping online are in your web browser software. The cryptographic key that enables the computer in your car to release the door lock when you approach the vehicle is stored in the fob of your car key (“keyless” entry is quite the misnomer, since this process, in fact, involves two keys—one physical and one cryptographic). You, personally, don’t know what number any of these keys represent, but you have access to the places where they reside.
When a Secret Is Not a Key
Cryptographic keys, then, are secrets, knowledge of which can be used to distinguish one entity from another in cyberspace. What about secrets such as passwords and PINs?7 Are these cryptographic keys?
No, not quite, but sometimes they sort of are. Confused? Well, the distinction between these concepts is subtle.
Thinking of cryptographic keys as being a bit like passwords and PINs is the right idea, but it’s not strictly accurate. It’s certainly true that passwords and PINs are secrets used to support security in cyberspace. Whether they are actually cryptographic keys depends on how they are used.
A common use of passwords and PINs is to verify an identity. For example, a computer you are logging in to asks for your password, which you supply, and the computer then checks whether the offered password is the expected one. If it is, the computer smiles “Welcome.” This is not particularly exciting from a cryptographic perspective, because the heart of this process does not involve cryptography.8 All that’s happening during this login process is that you’re offering your password to the computer so that it can be checked.
However, the critical issue here is that, during a computer login, you submit your password to the computer. Your password is a secret that you have been trusted to guard, but during the login process you “give it away.” In a sense, you have lost control of the secret password, since you are now required to trust that the device you submitted it to, and indeed any subsequent networks and devices to which your password is forwarded, will not misuse it.
You probably don’t regard typing a password into your computer at home as a particularly reckless act, and of course it isn’t. Sometimes, however, we log in to computers that are far away—for example, when you enter a password in order to access some resources on a web page. In this case, the password might pass unprotected over computer networks on its journey from your web browser to the remote computer hosting the website (a well-designed website will use cryptography to protect it, but some websites don’t). Anyone with access to the network in between could then observe your password, and later use it to pretend to be you. Similarly, when we withdraw cash from an ATM, we “give away” our PIN to the cash machine. Once again, an important personal secret is submitted to another device.9
Cryptographic keys should never be exposed in such a way. Instead, cryptographic keys are used to demonstrate knowledge of the key without revealing the key itself. In this way, the key remains secret throughout the process, both before and after the key is used. This level of secrecy of a key is a much stronger requirement than we apply to passwords and PINs.
Sometimes, however, cryptographic keys are directly linked to passwords in order to make keys easier to use. Recall that cryptographic keys are enormous numbers that we cannot reasonably be expected to memorize. For this reason, we normally store keys on devices, but this is not always feasible. Suppose you decide to use cryptography to hide the contents of a particularly sensitive file on your computer. Let’s assume this is not something you regularly do, so you haven’t set up your computer to automatically use cryptography for file protection (you can do this, by the way). This is thus a “casual” use of cryptography, and you’ll need to create a key specifically for this occasion. Having done so, you’ll then need to have a means of remembering this key in the future.
One common technique for making an enormous cryptographic key something we can remember is to compute the key from a password. In other words, we first choose a password. This password is converted by the computer into a number (there are standard ways of doing this). This number is then put through a process that expands it into a much bigger number (there are also standard ways of doing this), which can then be used as a cryptographic key. Whenever we need this cryptographic key, we need only recall the password, from which the key can be recomputed. The password itself is not the key, but rather a “seed” from which the key is “grown.”10
Passwords and PINs are secrets we are capable of remembering. This is their greatest strength, but also their most fundamental weakness. Many people select dictionary words as passwords. The twenty volumes of the Oxford English Dictionary contain fewer than 300,000 words.11 As secrets, passwords and PINs offer relatively weak security because they do not have sufficiently many different possibilities. This limitation highlights one distinction between secrets such as passwords and PINs, and cryptographic keys: if you can remember a secret, it’s unlikely to be sufficiently large to be a good cryptographic key.
Recipes for Cooking Up Security
Cryptographic keys are secrets that are never “given away” but are, instead, “used.” So, how are they used?
It’s worth revisiting physical-world security mechanisms. The most natural to consider is the front-door lock, since this also involves a physical key. Let’s assume you have a traditional physical lock on your door, with no computer wizardry involved. (If you have a digital lock, then you will almost certainly be using cryptography to open your door.) You don’t simply show your key to the door in order to open it. Rather, you insert your key into the physical lock, rotate it around, and with luck, you can push the door open. Precisely what goes on here depends on the type of lock you have.
The exact process is largely invisible to you but is very precise. You might, for example, rotate the key in a clockwise direction while the key pushes down a sequence of metal “tumblers” inside the lock, which turn a crank and, if correctly configured, ultimately free the bolt that physically secures the door. Importantly, this chain of events involves the key. If the correct key is included in this process, then the lock will open. If the wrong key is inserted into the lock, then it will fail to release the bolt, and the door will remain locked.
Mere possession of a physical key is not sufficient to open a lock. The key needs to be incorporated into a process, which ultimately results in the lock being released. This process consists of a series of separate, but precise, actions that collectively free the bolt. To unlock the door, these actions must all be executed. If the key is not inserted fully into the lock, or the key is turned in the wrong direction, or one of the metal tumblers inside the lock is not pressed down, then the process will fail. These actions must also be conducted in the correct order. The tumblers will not free the bolt unless the key has first been turned, which itself cannot happen unless the key has been inserted into the lock.
The important point to note here is the separate roles of the door key and the unlocking process in securing your front door. The unlocking process is somewhat generic. All locks of the same model are unlocked by the same process. The door key, on the other hand, is unique. All locks of a particular model should have different keys.
Since cryptographic keys are numbers, any process that incorporates a cryptographic key will necessarily involve a sequence of mathematical operations such as adding, multiplying, shuffling, or swapping. I will refer to such a computational process as an algorithm. An algorithm is essentially a recipe dictating a sequence of operations that must be performed in a specific order. Do this, do that, then this, then that, and so on and so forth. The number we end up with after this process is called the output of the algorithm. The correct output depends on each step of the algorithm being successfully performed, and in the prescribed order.
With a recipe, you don’t get your dinner unless you include all the ingredients. An algorithm works the same way: there is no output unless you first put something in. The precise input to an algorithm depends on the task the algorithm has been designed to perform. For most cryptographic algorithms, the input includes data requiring protection and a cryptographic key.
Here’s the core idea. The cryptographic algorithm is shared by all users of a system (it might, for example, be implemented on every mobile phone connected to a telecommunications network). By contrast, every user has a unique cryptographic key. A user inputs the data and their key into the cryptographic algorithm, which is then used to compute an output that depends on both the data and the key (changing either the data or the key results in a different output). This output is a value that can be exposed to the outside world (for example, it could be transmitted over the air as part of a mobile phone call). Without revealing the key itself, this output provides evidence that whoever computed it must have been able to input the user’s key into the algorithm. This is, essentially, how most cryptography works. In the coming chapters, I’ll show you how this process can be used to provide a range of different security properties.
Numerical Blenders
Algorithms are recipes. Keys are special, usually secret, ingredients. Since the output of a cryptographic algorithm is released into the wilds of cyberspace, we need to make sure nobody can work out the key by observing the output. In other words, we’re happy for someone to inspect the results of our cooking, but we don’t want them to be able to identify all the ingredients.
If we’re making stir-fry, this is a problem, because the ingredients, although mixed, are barely transformed. We want a cryptographic algorithm to obliterate the ingredients. Perhaps a smoothie provides a better analogy, since a smoothie blends ingredients to such a fine pulp that little evidence remains of their original form. The color of a smoothie, however, is still informative. We want the ability to blend inputs so effectively that the output reveals no clues as to what those inputs were. A good cryptographic algorithm should produce textureless, colorless smoothies.
The numerical equivalent of being “textureless and colorless” is randomness. Randomness is a surprisingly difficult concept to formally define, so I’ll avoid a detailed explanation.12 That said, your gut instincts about what randomness might mean are almost certainly broadly correct. Randomness is about unpredictability. Randomly generated numbers have no obvious patterns. Importantly, randomness relates to the unpredictability of numbers over many occurrences. For example, if you toss a coin five times and get heads every time, you might be disinclined to accept the outcome as random. Instead, you might think the coin is biased. But if you get heads, tails, heads, heads, tails, then you readily accept the outcome as random.
In fact, however (assuming the coin is not biased), these two outcomes are equally likely; each has one chance in thirty-two of occurring. What would be very odd would be to get five heads in a row every time you tossed the coin five times. Or, indeed, to get heads, tails, heads, heads, tails every time. In fact, if you keep tossing the coin for a long time and any sequence of heads and tails occurs significantly more often than one in thirty-two times that the experiment is conducted, it is reasonable to conclude that the process is not random. If the coin is unbiased, then each time you commence a new set of five coin tosses, you should have no expectation that any one outcome is more likely than another.
Randomness is a concept intimately linked to cryptography in two important ways. First, secret cryptographic keys should be randomly generated. If keys are not generated randomly, then some keys will be more likely to occur than others, which will help anyone who is trying to work out what they are. This randomness, along with key length, is what makes cryptographic keys so difficult to both guess and memorize. On the other hand, passwords are rarely random, since in most cases passwords forming memorable words, such as BatMan1988 (or even B@tM@n1988), are more likely to be selected than nonsensical passwords such as 8zuHmcA4&$. This lack of randomness, in addition to their short length, makes passwords weaker than cryptographic keys as a basis for providing security.
Second, and of equal importance, a good cryptographic algorithm should behave like a random number generator.13 If you encrypt some data, then the result should appear “nonsensical” and lack any meaningful patterns. This apparent randomness can be sent over the internet, with anyone who observes it seeing merely bland numerical fog.
The blending process required to protect our activities in cyberspace is even more demanding. Suppose a chef has a recipe for colorless, textureless smoothies (it’s just an analogy, so please don’t protest). Taste the smoothie; it’s not bad, and it’s so well blended that there’s no hint of the ingredients. Now suppose the chef tells you the ingredients. Next, the chef secretly mixes a new smoothie, this time adjusting the ingredients a minuscule amount (extra carrot in exchange for less apple). Taste this new one. It’s also not bad; in fact, it tastes almost the same as the last one, doesn’t it? The chef now challenges you to guess the ingredients of the new smoothie.
Naturally, you would be wise to guess that the ingredients are almost the same as those of the original smoothie. You might not be completely correct, but you’re bound to be close. Knowledge of the ingredients of the first smoothie is very useful in determining the ingredients of the second. This sort of relationship, however, is one we don’t want in cryptography, so the analogy is no longer effective.
For example, suppose a cryptographic algorithm is used to scramble the balances of two bank accounts with similar balances. We don’t want one account holder to be able to deduce the balance of the other’s account from an apparent similarity between the two scrambled balances. A good cryptographic algorithm should thus be the equivalent of a recipe so sensitive to ingredients that the minutest of changes (one grate of carrot in exchange for one shave of apple) should result in a smoothie tasting completely different. In other words, a small change to the input of a cryptographic algorithm should result in unpredictable changes to the output. Hence, two almost identical keys, or bank balances, when fed into the same cryptographic algorithm should result in two unrelated outputs. Anyone observing these two outputs will thus have no clue that the two keys, or bank balances, are almost the same.
This is quite enough blending for now. All you really need to know is that good cryptographic algorithms disguise the relationship between inputs and outputs, unless you know the key.14
Master Chefs and Secret Recipes
It’s relatively easy to toss ingredients into a pan and produce a palatable dinner. Coming up with a recipe that will astound food critics is another matter altogether. In haute cuisine, creating quality recipes is a task for master chefs.
In cryptography, things are no different. It’s easy to design a cryptographic algorithm that superficially appears to work but is, in fact, insecure. But it is extremely hard to design a good cryptographic algorithm that withstands the scrutiny of time. Frustratingly, some builders of new technology prefer to adopt homemade cryptographic algorithms. The security weaknesses of do-it-yourself algorithms tend to be discovered within months, rather than years, of deployment, which can be disastrous for the products using them.15 It takes considerable experience and skill to design cryptographic algorithms that are good enough for widespread modern use.
Having carefully designed a good cryptographic algorithm, how much should a designer reveal about the details? After all, a master chef might well keep their best recipes secret. Should a cryptographic algorithm designer do the same?
We can make at least one case for keeping cryptographic algorithms secret. Suppose a hacker has broken into a computer system and discovered a database whose contents are protected by cryptography. The hacker now needs to work out what the secret key is. If a good cryptographic algorithm has been used, then it should be impossible to work out what this key is just from observing the scrambled database. However, a hacker who knows which cryptographic algorithm has been used has at least a starting point. They could, for example, guess the key and try to unscramble the database using the algorithm. There is some chance, however slim, that they get lucky and this works. But a hacker who does not know the algorithm won’t even know where to begin the task of unscrambling the database. Use of secret algorithms thus appears to offer a security advantage over use of algorithms whose details are known.
Despite this apparent advantage of secret algorithms, most of the cryptography you use every day to secure your digital activities is based on openly published cryptographic algorithms. You can buy books, or visit websites, that explain exactly how these algorithms work. There are two reasons why openly published algorithms are preferred over secret algorithms.
The first reason is that openly published algorithms can be scrutinized in order to develop public confidence in their strength. Suppose you want to buy a very secure physical lock for an outhouse that you have erected in your garden to store some gold bullion (one can dream). You visit the top locksmith in town to seek some advice. He shows you a range of standard products, based on conventional, quality locks that he has been selling all his working life. The locksmith can show you cutaway models and explain in detail how every bolt and pin of these products operate. However, the most expensive lock in the shop is the gleaming WunderLock, a recent addition to his range. You ask how the WunderLock works, and the locksmith confesses he has absolutely no idea, since the details of the mechanism are confidential. He has been told by the manufacturer that the lock is strong and merits the high price tag, but he himself cannot vouch for its quality. Should you buy it?
It might seem tempting. If it is, indeed, an excellent lock, then you will have a security advantage. Every thief in the neighborhood will be dumbfounded at the shiny mystery object on the outhouse door and, with luck, will be foiled in their attempts to rob you. So, purchasing the pricey lock might pay off, but it’s a gamble. You’re forced to trust the manufacturer that the lock is as secure as claimed. You cannot call on the experience of your local locksmith, or indeed any locksmith. The majority of experts who live and breathe the design and security of locks would be unable to give you any advice on how good a lock the WunderLock really is.
Importantly, this issue is not just about recommendation prior to purchase. Your newly installed WunderLock might do the job nicely for a year or two, until the day you wake up to an empty outhouse. You later read a news story about the antics of clever thieves who have discovered that persistent tapping of the WunderLock with a pin hammer is enough to trigger the bolt. This is a weakness that surely would have been discovered earlier if all the locksmiths in the world had been privy to the details of the WunderLock design. Somebody, somewhere, somehow would have found this out.
Once upon a time, not long ago (perhaps half a century), the few cryptographic algorithms in existence were used mainly in military and intelligence applications. At the time, very few people in the world had any knowledge about the design of cryptographic algorithms. The algorithms used were designed in secret. It is even conceivable that every expert in a particular country could have been party to the design of a secret algorithm. Further, these designers were fully trusted by the select few who relied on these secret algorithms.
These circumstances do not, however, resemble the environment within which we use cryptography today. Two things are significantly different. First, there is an active global community of researchers and designers with expertise in the design of cryptographic algorithms. It is simply not possible to involve this entire community in the design of a secret algorithm. Any algorithm whose details are secret is immediately of interest, and an object of potential suspicion, to this community. If the algorithm is not being exposed to the “many eyes” test of open, public evaluation, might there be something wrong with it? Second, we all rely on the use of strong cryptographic algorithms. We thus all need to trust in their design.16 Using the cryptographic equivalent of the WunderLock as the basis of security is extremely risky. Why use the cryptographic WunderLock when widely respected and openly evaluated cryptographic algorithms are available?17
A second reason we tend not to use secret cryptographic algorithms to support everyday technologies is more fundamental. These days, it’s almost impossible to keep secret algorithms secret. Fifty years ago, cryptographic algorithms were implemented in large metal boxes to which few people had access. Today, cryptographic algorithms are implemented in mass technologies. Algorithms implemented in software are almost impossible to keep secret. Hiding the details of algorithms implemented in hardware is also very hard when many people have access to the devices on which the algorithm is implemented. Experts with access to a device can analyze the technology and its behavior in order to establish the details of how the algorithm works—a process known as reverse engineering.18
Anyone deploying a secret cryptographic algorithm would be wise to operate under the assumption that one day (perhaps sooner than expected), the secrecy of the algorithm will be lost. This is not just contemporary advice based on recent experience. In the late nineteenth century, the esteemed Dutch cryptographer Auguste Kerckhoffs included this maxim among six design principles that he formulated for the design of cryptographic algorithms.19 This was a time long before algorithms were implemented on machines. In Kerckhoffs’s day, an algorithm (which he called a system) was something you applied by hand to manipulate written text. More precisely, Kerckhoffs observed: The system must not require secrecy and can be stolen by the enemy without causing trouble. He was a wise man.
A Tale of Two Algorithms
I have argued that, for cryptography, keeping recipes secret is not always beneficial, or even possible. This is particularly true when these recipes relate to ubiquitously deployed products.
It is worth reflecting on this conclusion by considering two very different secret recipes, both of which have global reach. The manufacturers of Coca-Cola claim that the recipe for making their soft drink is one of the world’s best-kept secrets, and they have an elaborate process for safeguarding it. Having a “secret formula” for Coca-Cola is not unlike trying to protect a mobile phone by using a secret cryptographic algorithm. It is hard to find anyone who has not both drunk Coca-Cola and owned a mobile phone. Keeping the algorithms behind either of these products secret when they are both so prevalent presents a considerable challenge.
Mobile phones were once protected by the use of secret algorithms, because the architects of the first mobile networks believed that this practice offered extra security. However, the secret algorithms used on these mobile phones were eventually reverse engineered and, in some cases, found to be not as secure as originally hoped. Today, mobile operators have decided that the benefits of making their cryptographic algorithms public far outweigh any questionable security gains from keeping them secret.20 Secret recipes are out of fashion in the mobile telecommunications industry.
So, how has Coca-Cola managed to get away with keeping its recipe secret? The truth is that the Coca-Cola recipe is not strictly a secret. The process (the algorithm) for creating a carbonated soft drink is well known. So, too, are most of the ingredients of Coca-Cola, some of which have been surmised by experts. Indeed, several manufacturers now produce soft drinks tasting so much like Coca-Cola that most people cannot tell the difference. What remains a secret is the precise nature of one of the ingredients of the Coca-Cola formula, which is referred to as Merchandise 7X.21 In this respect, the secrecy of 7X is more like the secrecy of a cryptographic key. While the algorithm for making a carbonated soft drink is broadly known, a whole range of different beverages can be produced by replacing 7X with other flavoring agents. Just as for modern mobile phones, while the Coca-Cola algorithm is broadly known, safeguarding Coca-Cola depends on the secrecy of a key.
Algorithms Are Important, but Keys Are Key
It really is essential to recognize the different roles played by algorithms and keys in cryptography.
Algorithms are the engine rooms of cryptography, determining and conducting the necessary computations. As far as most of us are concerned, algorithms run in the background and we never have to worry about them. Even seasoned cybersecurity professionals rarely interact directly with cryptographic algorithms, other than needing to be aware of which algorithms are being used to protect the systems they’re responsible for.
Keys are the secrets that the security provided by cryptography depends on. From a security perspective, keys are part of the interface between a technology and its users. Unlike algorithms, which we all share, keys are unique to individual users or devices. Keys are thus things we should all have an acute awareness of. Everyone knows the cryptographic algorithms that we use, but if someone else gets hold of our personal cryptographic keys, then we lose all sense of security in cyberspace.
In using cryptography to support our security in cyberspace, algorithms are important, but keys are key.