In this era of disclosure, transparency, and the public internet, maintaining exclusive rights or control over knowledge and techniques is a virtual impossibility. Any measures put in place to safeguard the transfer and storage of information have to contend not only with external threats, but also with the intervention of higher authorities (as in the case of investigations by government or law enforcement agencies), and the actions (intended or unintended) of those who under normal circumstances are the authorized users or owners of that information.
To guard the safety and confidentiality of any digital system in this environment, security has to be an integral part of the protection mechanism – capable of preventing protected information from being extracted and understood, even if it does fall into the wrong hands. That’s the reasoning behind what has come to be known as Kerckhoff’s Principle.
Historical Origins of Kerckhoff’s Principle
Auguste Kerckhoff (variously spelled as Kerckhoffs or Kerckhof, depending on the source) was a Dutch linguist and cryptographer of the 19th century. In 1883 he published an article titled “La Cryptographie Militaire (Military Cryptography)”, in the French “Le Journal des Sciences Militaires” (Journal of Military Sciences).
Spanning two issues of the journal, Kerckhoff’s article considered solutions for contemporary military cryptography from a practical perspective, and laid out six design principles for military ciphers:
- The system must be indecipherable at least in practice, if not mathematically.
- The system must not be required to be secret, and it must be able to fall into the hands of an enemy without inconvenience.
- The encryption key for the system must be capable of being stored and communicated without the help of written notes, and able to be changed or modified at the will of the communicating parties.
- The system must be capable of being applied to communications via telegraph (the prevailing technology of the time).
- Equipment and documents for the system must be portable, and their usage and function must not require the gathering or collaboration of several people.
- The system must be easy to use, requiring neither mental strain nor the knowledge of a long series of rules in order to implement it.
What Is Kerckhoff’s Principle?
The second axiom laid down by Kerckhoff in his article forms what is now acknowledged as Kerckhoff’s Principle (variously referred to as Kerckhoff’s desideratum, Kerckhoff’s assumption, axiom, doctrine or law). Namely, that:
“a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
So for encrypted communications, Kerckhoff’s principle allows for the possibility that the entire encrypted message and even the encryption algorithm used to produce it may be intercepted by an attacker or spy, without compromising the overall security of the system. Central to this inherent security are the measures taken to safeguard the encryption key, and the robustness of the system’s design, in being able to adapt to unforeseen circumstances such as an attack or information leak.
Central to Kerckhoff’s principle is the idea that secrecy in itself isn’t necessarily a good thing – or an effective guarantee of security. In fact, if any part of a cryptographic system (except the individual secret key) has to be kept secret, then the cryptosystem isn’t really secure. True security can only be said to have been established if the details of the cryptographic system can be safely shared with the world.
Kerckhoff’s Principle – Connections to Shannon’s Maxim
Expanding on Kerckhoff’s work, the American mathematician Claude Shannon produced a generalized rule or maxim of his own, stating that:
“one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.”
Put in even plainer terms than that, Shannon’s maxim says that security professionals and cryptographic designers need to operate on the assumption that:
“the enemy knows the system.”
Examples of this can be seen in security practices historically and today, where for example during the Cold War the U.S. National Security Agency (NSA’s) National Computer Security Center developed its systems with the understanding that “serial number 1 of any new device was delivered to the Kremlin.”
Contemporary Applications for Kerckhoff’s Principle
In practice, Kerckhoff’s principle has been applied to virtually all the encryption algorithms in use today. Under systems like AES or RSA (which are publicly distributed standards), the security lies in the complexity of the algorithm itself, rather than in keeping it secret. The same holds true for internet communication and security standards like HTTPS, SSL, and TLS.
Any secrecy required involves the encryption key which is used in transmission/reception. For internet purposes, this key may be generated randomly by your web browser and the remote server, each time you connect to a secure site.
Keep Your Powder Dry
This final point is based on another historical military principle:
“Trust in God – but keep your (gun)powder dry.”
The thing to note is that no system is perfect. Knowing that the integrity of a cryptographic system may hinge on the safety of its encryption keys, it only makes sense to take precautions to ensure the security of those keys. Which means secure storage, firewalls, anti-malware protection, etc.
Encryption designers and those who use encrypted communications also need to factor in the worst-case scenario, where secured information is fully disclosed – and the encryption algorithm needs to be strong enough to stand as its last line of defense.
Share this Post