cipher near the top, and a tiny but accurate model that we can investigate near the bottom. While full-size ciphers can never be exhaustively tested, tiny cipher models can be approached experimentally, and any flaws in them probably will be present in the full-scale versions we propose to use. Just as mathematics works the same for numbers large or small, a backdoor cipher built from fixed construction rules must have the same sort of backdoor, whether built large or small. For block ciphers, the real block size must be at least 128 bits, and the experimental block size probably should be between 8 and 16 bits. Such tiny ciphers can be directly compared to keyed substitution tables of the same size, which are the ideal theoretical model of a block cipher. Potentially, scalability does far more than just simplify testing: Scalability is an enabling technology that supports experimental analysis which is otherwise impossible. Secrecy One of the objectives of cryptography: Keeping private information private. Also see: trust. In a secret key cipher, secrecy implies the use of a strong cipher. Secrecy in communication requires the secure distribution of secret keys to both ends (this is the key distribution problem). In a public key cipher, the ability to expose keys apparently solves the key distribution problem. But communications secrecy requires that public keys be authenticated (certified) as belonging to their supposed owner. This must occur to cryptographic levels of assurance, because failure leads to immediate vulnerability under a man-in-the-middle attack. The possibility of this sort of attack is very disturbing, because it needs little computation, and does not involve breaking any cipher, which makes all discussion of cipher strength simply irrelevant. Secret Code A coding in which the correspondence between symbol and code value is kept secret. Secret Key Cipher Also called a symmetric cipher or conventional cipher. A cipher in which the exact same key is used to encipher a message, and then decipher the resulting ciphertext. As opposed to a public key cipher. Security Protection of a vital quality (such as secrecy, or safety, or even wealth) from infringement, and the resulting relief from fear and anxiety. The ability to engage and defeat attempts to damage, weaken, or destroy a vital quality. Security, in the form of assuring the secrecy of information while in storage or transit, is the fundamental role of cryptography. A secure cryptosystem physically or logically prevents unauthorized disclosure of its protected data. This is independent of whether the attacker is a government agent, a criminal, a private detective, some corporate security person, or a friend of an ex-lover. Real security does not care who the attacker is, or what their motive may be, but instead protects against the threat itself. Limited security, on the other hand, often seeks to guess the identity, capabilities and motives of the attacker, and concentrates resources at those points. There is, of course, no absolute security. But we can have real security against particular, defined threats. Also see: strength. Security Through Obscurity A phrase which normally refers to inventing a new cipher which is supposedly strong, then keeping the cipher secret so it "cannot be attacked." One problem with this strategy is that it prevents public review of the cipher design, which means that the cipher may have serious weaknesses. And it may be much easier for The Opponent to obtain the supposedly secret ciphering program than it would be to break a serious cipher (see Kerckhoff's second requirement). On the other hand, it can be a mistake to use even a public and well- reviewed cipher, if the cipher protects enough valuable information to support a substantial investment in analysis and equipment to break the cipher. A reasonable alternative is to select from among a wide variety of conceptually different ciphers, each of which thus carries far less information of far less value and so may not warrant a substantial attack investment. Semiconductor A material which is between conductor and insulator with respect to ease of electron flow. The obvious examples are silicon and germanium. Semigroup A set with an associative dyadic operation which happens to be closed. Session Key A key which lasts for the period of a work "session." A message key used for multiple messages. Set A collection of distinguishable elements, usually, but not necessarily, numbers. Shift Register An array of storage elements in which the values in each element may be "shifted" into an adjacent element. (A new value is shifted into the "first" element, and the value in the "last" element is normally lost, or perhaps captured off-chip.) (See LFSR.) Right-Shifting Shift Register (SR) + + + + + + Carry In >| A0 |->| A1 |-> ->| An | > Carry Out + + + + + + In digital hardware versions, elements are generally bits, and the stored values actually move from element to element in response to a clock. Analog hardware versions include the charge-coupled devices (CCD's) used in cameras, where the analog values from lines of sensors are sampled in parallel, then serialized and stepped off the chip to be digitized and processed. In software versions, elements are often bytes or larger values, and the values may not actually move during stepping. Instead, the values may reside in a circular array, and one or more offsets into that array may step. In this way, even huge amounts of state can be "shifted" by changing a single index or pointer. Shuffle Generally, the concept of "mixing up" a set of objects, symbols or elements, as in shuffling cards. Mathematically, each possible arrangement of elements is a particular permutation. Within a computer environment, it is easy to shuffle an arbitrary number of symbols using a random number generator, and the algorithm of Durstenfeld, which is described in Knuth II: Durstenfeld, R. 1964. Algorithm 235, Random Permutation, Procedure SHUFFLE. Communications of the ACM. 7: 420. Knuth, D. 1981. The Art of Computer Programming, Vol. 2, Seminumerical Algorithms. 2nd ed. 139. Reading, Mass: Addison- Wesley. Sieve of Eratosthenes A way to find relatively small primes. Although small primes are less commonly useful in cryptography than large (say, 100+ digit) primes, they can at least help to validate implementations of the procedures used to find large primes. Basically, the "Sieve of Eratosthenes" starts out with a table of numbers from 1 to some limit, all of which are potential primes, and the knowledge that 2 is a prime. Since 2 is a prime, no other prime can have 2 as a factor, so we run though the table discarding all multiples of 2. The next remaining number above 2 is 3, which we accept as a prime, and then run through the table crossing off all multiples of 3. The next remaining is 5, so we cross off all multiples of 5, and so on. After we cross-off each prime up to the square- root of the highest value in the table, the table will contain only primes. A similar process works with small polynomials, and small polynomial fields, to find irreducible polynomials. Significance In statistics, the probability of committing a type I error, the rejection of a true null hypothesis. Given the probability distribution of the test statistic for the case "nothing unusual found," that area which is sufficiently unlikely that values in this critical region would lead to rejecting the null hypothesis, and thus accepting the alternative hypothesis. Simple Substitution A type of substitution in which each possible symbol is given a unique replacement symbol. Perhaps the original classical form of cipher, in which each plaintext character is enciphered as some different character. In essence, the order of the alphabet is scrambled or permuted, and the particular scrambled order (or the scrambling process which creates that particular order) is the cipher key. Normally we think of scrambling alphabetic letters, but any computer coding can be scrambled similarly. Small, practical examples of simple substitution are easily realized in hardware or software. In software, we can have a table of values each of which can be indexed or selected by element number. In hardware, we can simply have addressable memory. Given an index value, we can select the element at the index location, and read or change the value of the selected element. A substitution table will be initialized to contain exactly one occurrence of each possible symbol or character. This allows enciphering to be reversed and the ciphertext deciphered. For example, suppose we substitute a two-bit quantity, thus a value 0 3, in a particular table as follows: 2 3 1 0. The above substitution table takes an input value to an output value by selecting a particular element. For example, an input of 0 selects 2 for output, and an input of 2 selects 1. If this is our enciphering, we can decipher with an inverse table. Since 0 is enciphered as 2, 2 must be deciphered as 0, and since 2 is enciphered as 1, 1 must be deciphered as 2, with the whole table as follows: 3 2 0 1. Mathematically, a simple substitution is a mapping (from input to output) which is one-to-one and onto, and is therefore invertible. Software The description of a logic machine. The original textual composition is called source code, the file of compiled opcode values is called object code, and the final linked result is pure "machine code" or machine language Note that, by itself, software does not and can not function; but instead relies upon hardware for all functionality. When "software" is running, there is no software there: there is only hardware memory, with hardware bits which can be sensed and stored, hardware counters and registers, and hardware digital logic to make decisions. See: computer, system, system design, and debug. . the order of the alphabet is scrambled or permuted, and the particular scrambled order (or the scrambling process which creates that particular order) is the cipher key. Normally we think of. quantity, thus a value 0 3, in a particular table as follows: 2 3 1 0. The above substitution table takes an input value to an output value by selecting a particular element. For example,. those points. There is, of course, no absolute security. But we can have real security against particular, defined threats. Also see: strength. Security Through Obscurity A phrase which normally