Glossary of Cryptographic Terms

go to 'E'       go to 'M'       go to 'S'   


Advance Encryption Standard (AES): the secret key encryption standard that replaced the Data Encryption Standard (DES) selected by the National Institute of Standards and Technology (NIST). The candidates for AES were announced in 1999, and the new standard, Rijndael, was selected in October 2000. Try out and learn more about AES encryption at

asymmetric ciphers: cryptographic methods (e.g. RSA) that use separate encryption and decryption keys known as public and private keys. The public key encrypts and another different private key decrypts. There is one and only one private key holder and usually many public key holders. Also known as public key cryptography.

authentication: assurance of the identity of the person at the other end of the line. Authentication stops masquerading imposters.

Authentication Header (AH): one of two protocol choices (the other is Encapsulating Security Protection) in Internet Protocol Security (IPsec). IPsec protocol choice controls if confidentiality and/or message integrity are used to protect a data packet.

avalanche effect: an effect in DES and other secret key ciphers where each small change in plaintext implies that somewhere around half the ciphertext changes. The avalanche effect makes it harder to successfully cryptanalyze the ciphertext.


birthday attack: an attack against hashes that cryptographers countered by making hashes with strong collision resistance. It is so named because it uses an analogy of the ease in finding equal birthdays.

biometric scans: electronic retina, iris, voice, face or fingerprint scans used to prove who you are. This electronic information helps authenticate a user alone or in conjunction with other verifying information like passwords.


Caesar's cipher:a substitution cipher named for Julius Caesar that shifts a plain alphabet three letters in order to encrypt. Try out Caesar's cipher under secret key shift cipher at

Certificate Authority (CA): manages digital certificate application, certification (authentication of the applicant), issuance and revocation. A CA is similar to a Key Distribution Center (KDC) which acts as a trusted third party for cryptographic keys except that a KDC is entrusted with secret keys and a CA only has to keep its private key secret in order to protect the digital certificates it issues for public keys.

certificate chain: a way of using digital certificates to acquire other digital certificates and thus obtain verified public keys.

certificate policy statement (CPS): internally generated guidelines under which a certificate authority (CA) operates. The CPS details how the CA authenticates, issues, etc. and provides legal protections for the root CA.

certificate revocation list (CRL): a list of revoked certificates. A certificate user/holder should check the most recent CRL just like a merchant validates a credit card before completing a transaction.

certificate verify message: a message sent during Secure Socket Layer (SSL) transmissions to verify that the sender has the private key paired to the public key on the digital certificate previously sent. It is made by digesting a combination of the master secret and some previous messages followed by signing the digest with the sender's private key.

checkerboard cipher: an encoding cipher that converts letters to numbers created by the ancient Greek Polybius (203-120 bc); also known as a Polybius square.

cipher: a method enabling encrypting or decrypting text. Ciphers replace the message letters with other letters, numbers or symbols, as in substitution, or move around the individual letters of the plaintext, as in transposition or a combination of both. Cipher can be used to mean either encryption or decryption.

ciphered alphabet: an alphabet that has been modified in some way and used to encipher plaintext.

ciphersuite rollback attack: an attack against how Secure Socket Layer version 2 (SSL v2) negotiates the cipher suite. The aim is to convince Alice and Bob to use much weaker encryption than they are capable of using.

ciphertext: disguised text.

code: words, numbers, letters or symbols used to replace words, letters, and phrases such as 007 for James Bond.

confidentiality: assurance that only owners of a shared secret key can decrypt a computer file that has been encrypted with the shared secret key.

confusion: a method, often a very complex substitution method, used by cryptographers to hide the relationship between the secret key and ciphertext. So even if the cryptanalyst can find some ciphertext patterns, they won't help in deducing the encryption key.

crack: to successfully defeat the security of a cryptographer's method.

cryptanalyst: a mathematical and linguistic analyst who removes the disguise to meaning that cryptographers create.

cryptanalyze: analyzing an encrypted message to unlock its meaning without being privy to the key. Cryptanalyze was coined in the twentieth century by William Friedman to distinguish between deciphering an encrypted message with the key and cracking it through statistical analysis.

cryptographer: one who creates a disguise to hide the meaning of words.

cryptographic checksum: see message digest. Also known as cryptographic hash and digital or message fingerprint.

cryptographic hash: see message digest. Also known as cryptographic checksum and digital or message fingerprint.

cryptography: the study of enciphering and deciphering messages disguised with a secret code. For thousands of years cryptography has involved both the lock or method of hiding meaning and a combination to the lock or a key that unlocks the meaning of the message.

cryptology: the study of both cryptography and cryptanalysis.


Data Authentication Algorithm (DAA) : the most well-known message authentication code (MAC) which is made using DES and a compression method.

Data Encryption Standard (DES): an iterated product cipher designed for computer cryptography that uses 16 rounds of confusion and diffusion and a 56-bit key. The DES method is so secure that cryptanalysts had no choice but to attack the keys, which have been weakened over the years of technological advancement since DES was introduced in 1977. Because of the size of its keys, DES is no longer secure (see double DES and triple DES).

decipher: see decrypt.

decrypt: to remove disguise by using some secret information and reclaiming the message's meaning; also decipher.

decryption: the process of transforming ciphertext to plaintext.

Diffie-Hellman: the first workable public key cryptographic system still widely used in Internet browsers such as Secure Socket Layer (SSL) and Internet Protocol Security (IPsec). Diffie-Hellman confidants use public (insecure) communication lines to agree on a shared secret key.

diffusion: a combination of transposition and some function -- substitution or something more elaborate -- which spreads or diffuses the statistical structure of plaintext over the ciphertext. Diffusion makes it more difficult for the cryptanalyst to reclaim meaning. In math lingo, diffusion eliminates all statistical relevance the ciphertext has to the underlying plaintext.

digest: abbreviated term for message digest.

digital certificates: a specialized document signed by a trusted third party which are the preferred way to securely deliver public keys. The top part of a digital certificate contains plaintext identifying the issuer (signer), subject (whose public key is attached), the subject's public key and the expiration date of the certificate. The bottom part of a digital certificate contains the issuer's signed hash of the top part.

digital or message fingerprint: see message digest. Also known as cryptographic checksum and crytographic hash.

digital signature: authenticating by encrypting with a private key. A digital signature is just like a handwritten signature as long as the private key is kept secret.

Digital Signature Algorithm (DSA): a public key method only used for digital signatures. DSA's private key encryption provides authentication, integrity and non-repudiation but cannot be used for confidentiality. Although a modified DSA can support public key encryption, this feature is complex and very seldom used.

Digital Signature Standard (DSS): a cryptographic signature standard spelled out in a U.S Federal Information Processing Standard (FIPS) Pub 186-1 (revised late 1998). Although DSS is mostly about the Digital Signature Algorithm (DSA), DSS also approves RSA public key cryptography as a signature method.

distinguished name: the unique name to which a root certificate authority (CA) issues a certificate and then stores in a certificate repository (database). The name is associated with enough data elements (country, business, business unit, e-mail address, etc.) to ensure there's only one such name in the database.

Double DES: a method of encryption that does two Data Encryption Standard (DES) encryptions with two separate keys, effectively doubling the DES key from 56 bits to 112 bits to deal with the weakness in key size of single DES. However, there is an attack against double DES that makes triple DES, three DES encryptions with two separate keys, a better choice.


elliptic curve cryptography (ECC): a public key cryptographic method that uses much smaller keys than RSA and so operates faster.

Encapsulating Security Protection (ESP): one of two protocol choices (the other is Authentication Header) in Internet Protocol Security (IPsec). IPsec protocol controls if confidentiality and/or message integrity are used to protect a data packet.

encipher: see encryption.

encryption: the process of transforming plaintext to ciphertext.

existential forgery: a forgery made of any valid plaintext/MAC pair without the secret key.


first pre-image resistance: see one-wayness.


hash: shortened term for cryptographic hash.

hash function: term usually reserved for non-keyed message digests but sometimes is used to refer to both key and non-keyed digest functions.

Hashed Message Authentication Codes (HMACS): a combination secret key and a non-keyed hash function designed to operate faster than a MAC but be just as secure. As of this writing most HMACs use SHA or MD5. Systems like Secure Socket Layers (SSL) and Internet Protocol Security (IPsec) have standardized on HMAC.

High Assurance Digital Certificates: a digital certificate issued to an applicant who most likely was required by the Certificate Authority (CA) to physically appear and present more than one additional form of identification, such as a driver's license or a passport. It is high assurance since the CA can match a certified picture to the physical applicant.


IKE SA: the first security association negotiated in Internet Key Exchange (IKE) phase 1(also referred to as SA-1 in this book).

integrity: assurance that a file was not changed during transit; also called message authentication.

Internet Engineering Task Force (IETF): an open group of technical people and companies interested in the harmonious operation of the Internet. Most Internet standards such as x.509 come from the IETF.

Internet Key Exchange (IKE): the default Internet key exchange protocol which enables negotiation of methods (cryptographic parameters) and keys as well as enabling authentication.

Internet Protocol Security (IPsec): a protocol that authenticates data entering and encrypts data leaving an IPsec enabled computer and is transparent to the user who does not have to purposely invoke cryptographic protections. It consists of two related parts -- one which manages authentication and key exchange, the other which handles the bulk encryption process -- and is custom built for each operating system.

IPsec SA: the second security association negotiated in Internet Key Exchange (IKE) phase 2 (also referred to as SA-2 in Cryptography Decrypted ).

Issuer: a trusted Certificate Authority (CA) who signs (verifies) a digital certificate with his or her private key. The issuer is specified on the digital certificate.

iterated product ciphers: product ciphers that use many rounds such as the Data Encryption Standard (DES).


Key Distribution Center (KDC): the term for a Trusted Third Party (TTP) when this intermediary encrypts keys with the secret keys he or she shares with others for the purpose of distributing those keys securely. The KDC is often burdened with extensive key management and can become a bottleneck. Also called a key exchange authority (KEA).

key escrow agent: an intermediary who agrees to hold others' secret keys. Because a key escrow agent acts as a depository for others' secret keys, he or she is an attractive target.

Key Exchange Authority (KEA): see key distribution center (KDC).

key store: a secured database of cryptographic keys. Try out and learn more about key stores at

Knapsack public key cryptography: the first commercial public key system to offer confidentiality. Invented by Ralph Merkle and Martin Hellman, the knapsack is no longer a secure system because the design of its private key was based on a telltale mathematical pattern that eventually gave it away.


lifetime: the "life" of a security association in Internet Protocol Security (IPsec) expressed as either time or an amount of plaintext encrypted with a single secret key. After its lifetime expires, a new IPsec SA and therefore new keys and perhaps cryptographic parameters must be negotiated. IPsec handles this automatically without user involvement.

Low Assurance Digital Certificates: a digital certificate issued by a Certificate Authority (CA) over the Internet to an email address. It is low assurance because the CA did not physically identify the owner of the private key.


man-in-the-middle attack (MIM): BlackHat accomplishes a MIM by substituting his public key for Alice's public key. Then Bob mistakenly encrypts with BlackHat's public key instead of Alice's public key. BlackHat intercepts Bob's message to Alice and encrypts it with Alice's public key so that no one suspects the subterfuge. Just because public keys need not be concealed, doesn't mean public keys can just be sent (or stored) without protection.

master secret: a random value generated using a pre-master secret, other random values and a pseudo-random function (PRF). It is used in Secure Socket Layers (SSL) to make six shared secret keys.

MD5: one of the two most popular non-keyed message digest programs. It makes a 128-bit digest which means a birthday attack against its strong collision resistance using 128/2 = 64 bits makes it vulnerable. In addition, MD5 collisions have been found for small messages. Because of this, other more secure hash methods are rapidly replacing MD5.

message authentication: see integrity.

Message Authentication Codes (MAC): keyed message digests that combine a message and a shared secret key. MACs require the sender and receiver to share a secret key.

message digest: a redundant short proxy for a usually much larger message to identify if the message was modified during transmission. Message digest methods super compress messages so encryption and decryption operate on less data and, therefore, take less time. Also known as cryptographic hash; cryptographic checksum; digital or message fingerprint.

Message Integrity Codes (MIC): a non-keyed message digests made without a secret key ; also known as Modification Detection Codes (MDC). Most public key digital signatures use non-keyed message digests.

mod: an abbreviation for modulo mathematics used in public key cryptography.

Mode: an attribute in Internet Protocol Security (IPsec) that controls how much of the data packet is protected by confidentiality and message integrity. The mode choices are formally called Tunnel and Transport. An IPsec data packet must be protected by either a protocol or a mode.

Modification Detection Codes (MDC): see Modification Integrity Codes (MIC).

modular inverses: two whole numbers that when multiplied by each other result in the product of one. Cryptographers use modular inverses to manufacture public/private key pairs in most commercial public key cryptography because they provide time-consuming problems to cryptanalyze.

modulus: the divisor in modulo mathematics that is used in public key cryptography.


non-repudiation: assurance that the sender cannot deny a file was sent. This cannot be done with secret key alone.

Number Theory: formal mathematical name for some of the math tricks behind public key cryptography.


one-wayness: one of three non-keyed message digest security assurances which assures the original message is not recoverable so as to stop message digest forgeries. The other two assurances are weak collision resistance (second pre-image resistance) and strong collision resistance. Cryptographers refer to one-wayness as first pre-image resistance.

One-Way Functions (OWF): A function that is easy to compute one way but not the other. For example squaring a number is easy, e.g. computing 2.23 2 is easy ( it's approximately 5). But computing a square root is much more difficult, e.g. computing √ 6 is difficult (it's approximately 2.45).


PGP certificate: digital certificates similar to X.509 self-signed (root) certificates, except there can be more than one signature on PGP certificates.

plain alphabet: a standard alphabet.

plaintext:undisguised text.

plaintext-ciphertext pair: ciphertext and its corresponding plaintext. These paired communications give cryptanalysts clues to determine the meaning of other messages encrypted by the same method.

Polling: a certificate revocation list (CRL) delivery model which requires the certificate user to request the current CRL whenever verifying a digital certificate. One polling problem is the time delay between certificate authority (CA) certificate revocation and CA publication of a new CRL.

Polybius square: see checkerboard cipher.

pre-master secret: a 48-byte random value generated in the beginning of electronic exchanges using Secure Socket Layer (SSL). It is used along with other exchanged random values and a pseudo-random function (PRF) to independently and simultaneously generate a master secret which in turn is used to make six shared secret keys. After this, the pre-master secret is no longer needed and should, for security reasons, be deleted.

Pretty Good Privacy (PGP): an alternative to the X.509 crypto trust system and an incredible story and contribution to computer privacy (our book's PGP chapter has some more detail).

private key: concealed key held by only one person in public key cryptography. It is never shared.

product ciphers: ciphers that use both confusion and diffusion like the Data Encryption Standard (DES).

Protocol: an attribute in Internet Protocol Security (IPsec) that controls if confidentiality and/or message integrity are used to protect a data packet. The protocol choices are formally called Encapsulating Security Protection (ESP) and Authentication Header (AH). An IPsec data packet must be protected by either a protocol or a mode.

pseudo-random function (PRF): a mathematical method that creates a pseudo-random number.

pseudo-random numbers: numbers with as little detectable pattern as possible but not truly random. Computer programs make pseudo-random numbers because they can't make truly random numbers.

public key: a key in asymmetric ciphers used to encrypt a message that can only be decrypted by the matching private key. Public keys can be openly shared because knowledge of the public key doesn't help quickly cryptanalyze a public key encrypted message or figure out the private key. Although public keys don't need to be concealed they must nevertheless be protected (see man-in-the-middle attack). Try out and learn more about public key encryption at

Public Key Infrastructures (PKI): digital certificate administrative frameworks (scaffolding). The two major PKI frameworks are called x.509 and Pretty Good Privacy (PGP).

public key method: modern encryption method where one person has the private key and one or more people have the matching public key. Although all public key methods have public and private keys, they are called public key methods.

Pushing: a certificate revocation list (CRL) delivery model in which the certificate authority (CA) delivers users new CRLs as soon as it revokes a certificate. A pushing problem is the computer time used just to receive and process revoked certificates even if there aren't any relevant revoked certificates on the CRL. Also, since the CRL is pushed, the CA and the user must ensure BlackHat doesn't intercept and delete the pushed CRL even before it reaches the user.


Quick Mode: part of the protocol used in Internet Protocol Security (IPsec). During quick mode which completes in three messages and doesn't have any time-consuming public key operations, Alice and Bob negotiate cryptographic methods used for bulk encryption and make a second shared secret key.


replay attack: cryptographic attack by sending a copy of an old message. One should always number or time stamp a messages before encryption.

RIPEMD-160: a secure 160-bit non-keyed message digest program not as widely known as MD5 and SHA-1.

root certificate: a self-signed digital certificate which is the foundation of every x.509 Public Key Infrastructure (PKI) implementation. If the root certificate is untrustworthy, so is every certificate that the root Certificate Authority (CA) signed.

round: each application of confusion and diffusion in a cipher.

RSA public key cryptography: the only widely used public key cryptographic system that enables both public and private keys to encrypt messages. The math behind RSA makes both public and private key encryption equally secure. RSA, invented by Ron Rivest, Adi Shamir and Len Adelman, was patented in 1977.


second pre-image resistance: see weak collision resistance.

secret key: an identical secret shared between two users of a secret key method. Try out and learn more about secret key encryption at

secret key method: Classical encryption method where two users share the identical secret key.

Secure email: applications like Secure Multipurpose Internet Mail Exchange (S/MIME) and Pretty Good Privacy (PGP) which offer different choices for secret key methods, public key methods, and message digest methods used to encrypt email. All secure email packages require the sender to purposefully invoked encryption, either by setting the default in the program to automatic encryption or by selecting encryption and signing each time email is sent

Secure Hash Algorithm (SHA-1): a currently secure message digest method. SHA-1 makes a 160-bit digest, compressing all of Microsoft Office to about 20 bytes of disk storage.

Secure Multipurpose Internet Mail Exchange (S/MIME): a secure email application.

Secure Socket Layer (SSL): a protocol (data transmission procedure) transparent to the user that implements three cryptographic assurances -- authentication, confidentially, message integrity -- and provides secure key exchange between an Internet Browser and Internet Server. It's main purpose is to make Internet e-commerce users feel secure about sending their financial information over the Internet. SSL does not offer non-repudiation.

security association (SA): terminology in for one secret key together with one set of cryptographic parameters agreed upon during the authentication and key exchange process.

selective forgery: a forgery made when the secret key is no longer secure and BlackHat can manufacture a MAC for any selected plaintext.

session key: a secret key used one time for a single session between two parties exchanging encrypted electronic information.

SHA-1: one of the two most popular non-keyed message digest programs. It makes a 160-bit digest and has so far been immune from the cryptanalytic attacks successfully mounted against MD5.

signature method: required information on an X509 digital certificate which spells out the encryption method used to generate the public/private key pair.

signing: encrypting with the private key in public key cryptography to provide authentication, integrity and non-repudiation.

smart cards: a standard plastic credit card with an imbedded computer chip which easily store cryptographic keys and algorithms while limiting access to those keys. The most widespread commercial solution for key management at present, smart cards, though not foolproof, are particularly valued for providing secure authentication by creating and storing keys someplace more secure than a desktop computer.

strong collision resistance: one of three non-keyed message digest security assurances which prevents two different messages from making equivalent message digests.

The other two assurances are one-wayness (first pre-image resistance) and weak collision resistance (second pre-image resistance). Strong collision resistance stops forgery of any message.

sub certificate authority (CA): some entity who has been given authority to issue digital certificates by a root certificate authority (CA). Usually the root CA directs the sub CA to sign certificates with the sub CA's private key -- not with the root CA's private key.

Subject: the person or entity on the digital certificate who owns the public key being verified by the issuer.

substitution cipher: a method of hiding text in which plaintext letters are replaced by ciphertext letters or symbols. It is one technique used in the Data Encryption Standard (DES).

symmetric cipher: cryptographic methods that use shared secret keys. Both confidants encrypt and decrypt with the identical secret key. Usually there are only two holders of a particular secret key. Also known as secret key cryptography.


time period: required information on an X509 digital certificate which contains the issuance and expiration dates for which the issuer certifies the subject's public key. The issuer must keep records on the subject until expiration.

Transport Layer Security (TLS): the likely new standard for Secure Socket Layer (SSL) which provides secure key exchange between an Internet Browser and Internet Server. The TLS protocol based on SSL v3 was published by an Internet Engineering Task Force (IETF) working group in January 1999. Microsoft and Netscape both support TLS. The differences between SSL v3 and TLS version 1 are minor.

transposition cipher: enciphering techniques in which individual plaintext letters (or individual bits) change positions.

trap doors: a secret that enables a quick solution to the normally difficult part of a one-way function.

Triple DES: Encrypting plaintext with DES three times, effectively lengthening the DES secret key to 3 * 56 =168 bits, which is more secure than both single and double DES.

Trusted Third Party (TTP): an intermediary who shares secret keys with others who don't have a means to communicate with each other securely. Encrypted communications are funneled through the trusted third party to ensure confidentiality. This model for secure communications is sometimes called the military model because the troops must communicate through a superior ranking solider, the Trusted Third Party.

Transport Mode: one of two mode choices that controls how much of the data packet is protected by confidentiality and message integrity. Transport Mode encrypts less of the data packet than Tunnel Mode.

Trust networks: a PGP public key infrastructure (PKI) trust model in which each user creates and distributes his (her) own public key with a self-signed digital certificate. Rather than the centralized control of X.509's (certificate authority) trust model, PGP uses a distributed trust (web-of-trust) model.

Tunnel Mode: one of two mode choices in Internet Protocol Security (IPsec) that controls how much of the data packet is protected by confidentiality and message integrity. Tunnel mode encrypts more of the data packet than transport mode. Gateway computers use IPsec in tunnel mode to hide the addresses of internal computers from the outside world.


verifying: decrypting with the public key in public key cryptography to authenticate what was encrypted with the private key.

Vigenere cipher: a ciphering method developed by a cryptographer from the 1500s. It's stronger than Caesar's cipher since it uses a longer key and many alphabets to confuse the relationship between ciphertext and the secret key. Try out Vigenere's cipher under secret key multi-shift cipher at

Virtual Private Network (VPN):secure electronic communications over a public line accomplished through cryptographic systems that implement a protocol such as Internet Protocol Security (IPsec). Many, if not most, vendors use IPsec's tunnel mode to implement their VPN products.


Weak Collision Resistance: one of three non-keyed message digest security assurances which assures that another plaintext message can't be found whose digest is exactly equal to a particular plaintext message stopping forgery of a particular message. The other two assurances are one-wayness (first pre-image resistance) and strong collision resistance. Cryptographers refer to weak collision resistance as second pre-image resistance.


x.509 certificate: a certificate issued by a public key infrastructure where there is one central authority, the Root Certificate Authority (CA) , who controls certificate registration, issuance, expiration and revocation. In addition, a CA can also control the public and private key generation. Digital certificate users trust the accuracy of the public keys the CA issues.

go to 'E'             go to 'M'             go to 'S'

Back to Book Chapters