RSA Lib Chapter 1 -- Introduction (RSA實驗室 第一章，密碼學介紹）

第一章 介紹


在這個介紹的章節中，對加密技術和相關問題的領域做了簡要概述。


1.1 RSA實驗室關於當今密碼學經常被問的問題？
RSA實驗室關於當今演算法的常見問題FAQ是一個有關於現代密碼學，密碼分析，並與他們有關的問題的問題大集合。以提出的問題和回答問題的方式。我們盡我們所能詳盡的回答每一個可能的問題。我們希望，這份檔案將是一個很好的介紹，以及為那些有興趣在密碼學領域的一個有用的參考。


1.2 什麼是密碼學
因為密碼學的領域已經進步了，加密和非加密的分界線已經變得模糊。今天的密碼學被總結為演算法的研究，和基於解決困難問題的應用。密碼分析學是研究如何侵入（攻破）演算法的機制，是結合加密技術和密碼分析的領域。對大多數人來說，加密是私人通訊相關。事實上，保護敏感的通訊一直是密碼學從歷史上一直強調的。然而這只是當今密碼學中的一部分。
加密是一種資料轉化方式，將資料轉化成在沒有相應的資訊儘量無法閱讀的格式。它的目的是即使非參與方能訪問加密資料，訊息仍然可以對非參與方隱藏，來保證隱私性。解密和加密相反，是把加密的資料回改為可以理解的形式。
加密和解密和解密通常需要使用一些安全資訊，比如提到的金鑰。對一些加密機制，加密和解密操作使用相同的金鑰；對另外一些機制，加密和解密使用的金鑰是不相同的。（參見問題2.1.1）
今天的密碼學不止於加密和解密。身份認證是我們生活中隱私常見的部分。我們在每天的生活中都使用身份認證-例如我們在一些文件簽署名字，當我們使用電子通訊將我們的決定和意見釋出到全世界範圍，我們需要有提供身份認證的電子技術。密碼學為這些過程提供了機制。一個數字簽名在文件上繫結了一個使用特定金鑰，一個數字時間戳在文件上繫結了具體的時間。這些密碼學演算法可以被用來控制對一個共享磁碟的訪問，一個高安全的安裝，或者一個付費觀看的電視訊道。密碼學領域也包含其它的用途。只需要幾個基本的加密工具，就可以建立詳盡的計劃和方案允許我們使用電子現金來支付，以證明我們知道特定的資訊，而不暴露資訊本身，共享安全資訊，並且共享方可以恢復安全資訊。
雖然現代密碼學日益多樣化，密碼學的根本還是基於難以解決的問題。一個問題難解決因為它的解決需要一些密碼因素，比如解密一個加密的訊息或者簽名一些數字文件。問題也可以難解決因為它本質上難以實現，比如發現一個能產生指定hash值的訊息。
Rivest和Brassard形成了一個現代密碼學很好的介紹。一些教科書由Stinson和Stallings提供。而西門子提供了一個密碼學技術視角更深層面的報導。應用密碼學是現代密碼學的一個完整的審查。Ford對加密和安全通訊提供了細節討論。


1.3 在密碼學領域一些流行的技術
有兩種型別的加密體系：金鑰體系和公鑰體系體系。金鑰體系演算法業被認為是對稱演算法，相同的金鑰被使用在加密和解密操作中。當今使用的最常見的金鑰體系演算法是資料加密標準(DES)
在公鑰演算法體系，每個使用者有一個公鑰和一個私鑰，公鑰是公開的，私鑰是私密的。加密使用公鑰，而解密使用四要。RSA公鑰體系演算法是公鑰體系最常見的演算法，Rivest,Shamir,Adleman發明了RSA演算法。
數字簽名演算法DSA也是一個常用的公鑰技術演算法，因為它只能被用來簽名，不能用於加密。橢圓曲線密碼系統ECCs是基於被成為橢圓曲線的數學物件上的演算法。橢圓曲線演算法正在越來越流行。最後Diffie-Hellman金鑰協商協議是在非安全通道上構建金鑰的通用公鑰技術。


1.4 密碼學如何使用？
密碼學是非常有用的；有很多的應用，其中的大多數都是當前正在使用的。一個密碼學的典型應用是系統建立的基本技術。這種系統可以有不同層次的複雜度。一些更簡單的應用是安全通訊，鑑定，身份認證，和安全共享。更復雜一點的應用包括電子商務，證書，安全電子郵件，金鑰恢復，和安全計算機訪問。
通常來說，不太複雜的應用更容易實施。身份識別和驗證廣泛存在，然而電子商務系統才剛開始實施。然而這個規則也有例外；即，通過率取決於需求的水平。舉個例子SSL封裝HTTP比簡單的鏈路加密獲得了更多的使用率。採納率也依賴於需求水平。
安全通訊
安全通訊是密碼學最明顯的應用。兩個人可以通過加密傳送訊息來獲得安全通訊。在這種方式下，第三方竊聽可能永遠不能破譯訊息。雖然已經存在了幾個世紀，安全通訊的金鑰管理問題已經成為家常便飯。感謝公鑰演算法的開發，使得有工具可以使得人們即使之前從來沒有通訊過，也能在大型網路下互相安全通訊。
身份識別和認證
身份識別和認證是兩種密碼學的廣泛應用。身份識別是校驗某人或者某東西的身份的過程。例如，從銀行取錢的時候，櫃員要求檢查身份認證（比如駕駛本）來校驗帳號擁有者的身份。同樣的過程也可以使用密碼學電子實現。每個ATM機卡都和一個“祕密”個人身份標識號（PIN）關聯，繫結了卡的擁有者和帳號。當卡插入ATM機的時候，機器使用PIN來驗證卡片持有者。如果輸入了正確的PIN，機器識別操作者為正確的擁有者，並且賦予訪問許可權。另一個密碼學的重要應用是認證。認證和識別類似，都是為了允許某實體訪問資源（比如internet帳號），但是認證更廣泛，因為它並不一定包含一個人或者實體。認證僅決定是否使用者和實體在某個問題下是認證的。更多關於身份識別和認證的內容，參見問題2.2.5.
祕密共享
密碼學的另一個應用叫做祕密共享，允許祕密的的信任被一群人分配。例如，在（k,n)門限方案，祕密的資訊被描述成如下的方式：n個人中的k個人有足夠資訊來確定祕密，但是任何k-1集合的人都不能訪問。在任何祕密共享方案中，有指定的掌握資訊的人來決定祕密。在一些安全共享方案中，每個參與者在它產生的時候都收到祕密。在其它的一些實現中，實際的從來沒有對參與者開放，雖然它們被允許訪問祕密。更多的關於祕密共享的問題參見2.1.9
電子商務
在過去幾年，已經有越來越多的業務是在網際網路上進行的 - 這種形式被稱為電子商務或者e-商務。電子商務包括網上銀行，網上經紀賬戶，和網際網路購物的很多應用。人們可以在計算機前面預訂機票，預訂旅館，租車，從一個賬戶轉賬到另一個賬戶，購買CD，衣服，書。然而，一個這個問題的密碼學解決方案是當在網上輸入的時候加密信用卡號（或者其它私有資訊），另外一個一個是確保整個會話的安全。當計算機加密這個資訊並把它發往網路，這些資訊對第三方來說是無法理解的。網站伺服器在保證這些資料不落入壞人的手裡前提下收到這些加密資訊，解密，並且處理這些銷售。隨著越來越多的生意轉移到網際網路上，防止欺詐，盜竊，和貪汙的保護需求在增加。
認證
另外一個演算法學的應用是認證；認證是核證機關為了將受信的代理和未知代理，和使用者分開的方案。受信代理髮行的憑證稱為證書，每個都含有一些固定的含義。證書技術被開發來可以在大的場景下提供身份識別和驗證。
金鑰恢復
金鑰恢復是一個技術，允許金鑰的所有者在特定的環境下在不暴露的情況下輸出金鑰。因為以下兩個原因這是非常有用的：首先，如果使用者丟失或者誤刪除他的金鑰，金鑰恢復可以防止災難的發生。第二，如果一個執法機關希望在犯罪嫌疑人不知情的情況下實施監聽，機關必須能夠恢復金鑰。金鑰恢復機制被用在一些例項上；然而，作為執法應用的金鑰恢復的使用一直是有爭議的。
遠端訪問
安全的遠端訪問是另外一個密碼學的重要應用。基本的密碼系統提供一定級別的安全的安全訪問，但是在某些情況下是不足夠的。例如，密碼可以被竊聽，遺忘，丟失或者猜測出來。許多產品在高階別安全的級別下提供遠端訪問的密碼學方法。
其它應用
加密並不侷限於計算機世界。密碼學業是手機完成認證的手段，它可以驗證一個特定的手機是否擁有某個特定的手機號碼的權利。這個可以防止手機號碼被偷盜和克隆。另外一個保護手機被偷聽的應用使用了語音加密。


1.5 什麼是密碼學規範？
密碼學規範是建立資訊保安領域互操作性所需要的。從本質講它的條件和協議是為了允許在通訊、交易和幾乎所有的計算機活動的統一性。資訊科技的不斷演進，促進更多的規範的發展，這反過來有助於引導這種演變。
標準背後的主要動機是為了允許不同的製造商的技術“使用同樣的語言講話“，即，有效性互動。從我們熟悉的視訊規範VHS和VCRs來看，這顯然是最好的。若干年前，在VCR產業，有兩個互相競爭的方案，VHS和BETA。一個VHS錄影帶無法在BETA機器上播放反之依然；它們是在VCR行業不相容的格式。標準對於保證不同公司的產品是相容的。
在密碼學領域，規範提供著一個額外的目標；它可以提供一個演算法技術的實驗場。因為複雜的協議很容易產生設計缺陷。通過建立一個審查標準，工廠可以生產更可信的產品。因為相涉及的審批流程，即使是一個安全協議也會在成為一個標準之後被消費者更加的相信。
政府，民營企業，和其它一些組織，有助於加密學規範的收集。其中一些是ISO, ANSI, IEEE, NIST, 和IETF (參見第5.3章）。有許多規範的型別，一些使用在銀行業，一些內部使用，另外的一些在政府中。標準化幫助開發者設計新產品。除了花時間開發一個新的規範，它們可以在開發過程中使用預先定義的規範。有了這個過程，消費者有機會在相互競爭的產品和服務中做出選擇。


1.6 美國政府在密碼學領域的規則？
美國政府在密碼學領域扮演了許多角色，從新演算法的使用到出口管制到規範制定。最近政府對密碼學領域提出了更多的興趣，因為日益增長的非軍事需求。
美國政府對密碼學感興趣的一個顯著的原因是源於戰爭時期的安全通訊。因為敵人可能有通訊介質的訪問，訊息必須加密。通過特定的演算法，接受這可以判斷訊息是否在傳輸中被篡改，並且訊息是否真正從傳送源出來。
在過去，政府不只是使用密碼學本身，也攻擊其它國家的資料。這方面的一個明顯的例子是1940年威廉·弗裡德曼領導的海軍密碼小組，成功的攻破了日本稱為紫色的外交密碼。
在1952年，美國政府發起了國家安全域性（NSA），其任務是處理軍事和政府資料資料的安全，也為了收集其它國家通訊資訊。還建立了國家標準技術研究院（NIST），在開發密碼學規範上發揮了主要作用。
在1970年代，IBM和美國商務部，更具體的是和NIST開啦了資料加密標準DES。這個演算法自從1977年成為了規範，每隔幾年就要引起一次評論。普遍的共識是DES對今天的加密需求已經不再足夠強大了。因此NIST當前在努力實現一個新的標準，增強加密規範AES來替代DES。在中間階段，三DES是加密標準。據預計，21世紀AES將會成為通用的演算法。
當前，國內加密強度上沒有任何限制。然而政府通過設定審查對出口的安全產品進行加密強度的限制。密碼學出口在出口管理條例（EAR）的控制內，並且它們通過不同的屬性，包括目的地，顧客和密碼學使用的強度區別對待。在2000年1月，限制顯著的放寬；今天密碼學產品已經可以不通過授權出口到任何政府任何使用者手中（除了禁止的目的：比如恐怖組織）。


1.7 密碼學的重要性？
密碼學通過允許人們離開電子詐騙從事電子商業，給了人們將物理世界搬移到電子世界的信心。每天，成千上萬的人們電子化互動，不論是通過電子郵件，電子商務，ATM機或者手提電話。不斷增加了網路上的密碼學使用。
網路，由百萬級互聯的電腦組成，允許幾乎全世界幾乎瞬間的資訊傳輸和通訊。人們使用使用電子郵件與其它人通訊。全球資訊網被線上商務，資料分發，市場，研發，學習和無數的其它活動使用。
加密使得安全的網站和安全電子傳輸成為可能。安全的網站和電腦收到和儲存的資料必須是加密的。這允許人們實現線上銀行，線上交易，信用卡網上購物，而不用擔心它們的帳號資訊收到損害。加密對網路和電子商務的發展至關重要。
電子商務正在以極快的速度增長。在世紀之交，網際網路上的商業貿易每年的總額將達到數十億美元。這個程度的活躍度不能支援非密碼學安全。曾有人說使用者在網上使用信用卡比在參觀和商店用更安全。相對於步入商店和飯店獲得信用卡號，網上獲得信用卡號需要更多的工作來跨國安全等級。這種級別的安全雖然沒有廣泛使用，但已經是電子商務得以增長的基礎。人們每天使用電子郵件來處理個人和商業事物。電子郵件沒有物理形式，並且可以以電子形式同時在不止一處儲存。這構成了潛在的問題，因為它增加了竊聽者獲得傳輸的機會。加密保護的電子郵件很難被非參與方讀取。數字簽名業被用來鑑定電子郵件訊息的起源和內容。
認證
在一些情況下，密碼學允許你在電子傳輸中相對於日常生活傳輸有更多的信心。例如，顯示生活的簽名文件仍然有如下的問題。在簽名之後，有人在保持你簽名的前提下，可以改變文件內容。在電子世界這種型別的偽造更困難，因為電子簽名的存在是基於被簽名文件的內容的。
訪問控制
密碼學也被用來處理衛星和有線電視的訪問。有線電視被設計為使用者只能觀看它們繳費的頻道。因為有限電視公司對每個獨立的使用者都有直接的線路，有限電視公司將只傳送它們付費的頻道內容。一些公司提供付費預覽服務。付費預覽允許客戶通過機頂盒租一個電影。如果一個人想觀看點播電影，它打電話給有限公司申請，有限公司傳送訊號到機頂盒負責解碼輸入的電影。衛星電視和有限電視的工作方式完全不同。因為衛星電視沒有直接連如客戶家內，這意味著任何使用者都可以用衛星接收器獲得訊號。為了避免使用者免費觀看電視的問題，它們使用了加密。訣竅是值允許為服務付費的人解讀傳輸；這是通過接受器做到的。每個客戶給了一個接收器；衛星傳輸訊號只能通過接收器解密。點播的實現和有線電視類似。
可以看到，密碼學被廣泛使用。不僅僅是在網路上，也在電視，電話，和其它常見的家居用品中見到。沒有密碼學，黑客可以獲取我們的電子郵件，監聽我們的電話通訊，闖入公司網路獲得免費的資料服務，或者破解我們的銀行賬戶。

Chapter 1 Introduction


In this introductory chapter, a brief overview of the field of cryptography and related issues is given.




1.1 WHAT IS RSA LABORATORIES' FREQUENTLY ASKED QUESTIONS ABOUT TODAY'S CRYPTOGRAPHY?
RSA Laboratories' Frequently Asked Questions About Today's Cryptography is a large collection of questions about modern cryptography, cryptanalysis, and issues related to them. The information is presented in question and answer form. We have not attempted to be, nor could we be, exhaustive in answering every possible question. Yet, we hope that this document will be both a useful introductory text and a useful reference for those interested in the field of cryptography.


1.2 WHAT IS CRYPTOGRAPHY?
As the field of cryptography has advanced, the dividing lines for what is and what is not cryptography have become blurred. Cryptography today might be summed up as the study of techniques and applications that depend on the existence of difficult problems. Cryptanalysis is the study of how to compromise (defeat) cryptographic mechanisms, and cryptology (from the Greek kryptós lógos, meaning ``hidden word'') is the discipline of cryptography and cryptanalysis combined. To most people, cryptography is concerned with keeping communications private. Indeed, the protection of sensitive communications has been the emphasis of cryptography throughout much of its history [Kah67]. However, this is only one part of today's cryptography.
Encryption is the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge (a key; see below). Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.
Encryption and decryption generally require the use of some secret information, referred to as a key. For some encryption mechanisms, the same key is used for both encryption and decryption; for other mechanisms, the keys used for encryption and decryption are different (see Question 2.1.1).
Today's cryptography is more than encryption and decryption. Authentication is as fundamentally a part of our lives as privacy. We use authentication throughout our everyday lives - when we sign our name to some document for instance - and, as we move to a world where our decisions and agreements are communicated electronically, we need to have electronic techniques for providing authentication.
Cryptography provides mechanisms for such procedures. A digital signature (see Question 2.2.2) binds a document to the possessor of a particular key, while a digital timestamp (see Question 7.11) binds a document to its creation at a particular time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high security installation, or a pay-per-view TV channel.
The field of cryptography encompasses other uses as well. With just a few basic cryptographic tools, it is possible to build elaborate schemes and protocols that allow us to pay using electronic money (see Question 4.2.1), to prove we know certain information without revealing the information itself (see Question 2.1.8), and to share a secret quantity in such a way that a subset of the shares can reconstruct the secret (see Question 2.1.9).
While modern cryptography is growing increasingly diverse, cryptography is fundamentally based on problems that are difficult to solve. A problem may be difficult because its solution requires some secret knowledge, such as decrypting an encrypted message or signing some digital document. The problem may also be hard because it is intrinsically difficult to complete, such as finding a message that produces a given hash value (see Question 2.1.6).
Surveys by Rivest [Riv90] and Brassard [Bra88] form an excellent introduction to modern cryptography. Some textbook treatments are provided by Stinson [Sti95] and Stallings [Sta95], while Simmons provides an in-depth coverage of the technical aspects of cryptography [Sim92]. A comprehensive review of modern cryptography can also be found in Applied Cryptography [Sch96]; Ford [For94] provides detailed coverage of issues such as cryptography standards and secure communication.


1.3 WHAT ARE SOME OF THE MORE POPULAR TECHNIQUES IN CRYPTOGRAPHY?
There are two types of cryptosystems: secret-key and public-key cryptography (see Questions 2.1.2 and 2.1.1). In secret-key cryptography, also referred to as symmetric cryptography, the same key is used for both encryption and decryption. The most popular secret-key cryptosystem in use today is the Data Encryption Standard (DES; see Section 3.2).
In public-key cryptography, each user has a public key and a private key. The public key is made public while the private key remains secret. Encryption is performed with the public key while decryption is done with the private key. The RSA public-key cryptosystem (see Section 3.1) is the most popular form of public-key cryptography. RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem.
The Digital Signature Algorithm (DSA; see Section 3.4) is also a popular public-key technique, though it can only be used only for signatures, not encryption. Elliptic curve cryptosystems (ECCs; see Section 3.5) are cryptosystems based on mathematical objects known as elliptic curves (see Question 2.3.10). Elliptic curve cryptography has been gaining in popularity recently. Lastly, the Diffie-Hellman key agreement protocol (see Question 3.6.1) is a popular public-key technique for establishing secret keys over an insecure channel.


1.4 HOW IS CRYPTOGRAPHY APPLIED?
Cryptography is extremely useful; there is a multitude of applications, many of which are currently in use. A typical application of cryptography is a system built out of the basic techniques. Such systems can be of various levels of complexity. Some of the more simple applications are secure communication, identification, authentication, and secret sharing. More complicated applications include systems for electronic commerce, certification, secure electronic mail, key recovery, and secure computer access.
In general, the less complex the application, the more quickly it becomes a reality. Identification and authentication schemes exist widely, while electronic commerce systems are just beginning to be established. However, there are exceptions to this rule; namely, the adoption rate may depend on the level of demand. For example, SSL-encapsulated HTTP (see Question 5.1.2) gained a lot more usage much more quickly than simpler link-layer encryption has ever achieved. The adoption rate may depend on the level of demand.
Secure Communication
Secure communication is the most straightforward use of cryptography. Two people may communicate securely by encrypting the messages sent between them. This can be done in such a way that a third party eavesdropping may never be able to decipher the messages. While secure communication has existed for centuries, the key management problem has prevented it from becoming commonplace. Thanks to the development of public-key cryptography, the tools exist to create a large-scale network of people who can communicate securely with one another even if they had never communicated before.
Identification and Authentication
Identification and authentication are two widely used applications of cryptography. Identification is the process of verifying someone's or something's identity. For example, when withdrawing money from a bank, a teller asks to see identification (for example, a driver's license) to verify the identity of the owner of the account. This same process can be done electronically using cryptography. Every automatic teller machine (ATM) card is associated with a ``secret'' personal identification number (PIN), which binds the owner to the card and thus to the account. When the card is inserted into the ATM, the machine prompts the cardholder for the PIN. If the correct PIN is entered, the machine identifies that person as the rightful owner and grants access. Another important application of cryptography is authentication. Authentication is similar to identification, in that both allow an entity access to resources (such as an Internet account), but authentication is broader because it does not necessarily involve identifying a person or entity. Authentication merely determines whether that person or entity is authorized for whatever is in question. For more information on authentication and identification, see Question 2.2.5.
Secret Sharing
Another application of cryptography, called secret sharing, allows the trust of a secret to be distributed among a group of people. For example, in a (k, n)-threshold scheme, information about a secret is distributed in such a way that any k out of the n people (k £ n) have enough information to determine the secret, but any set of k-1 people do not. In any secret sharing scheme, there are designated sets of people whose cumulative information suffices to determine the secret. In some implementations of secret sharing schemes, each participant receives the secret after it has been generated. In other implementations, the actual secret is never made visible to the participants, although the purpose for which they sought the secret (for example, access to a building or permission to execute a process) is allowed. See Question 2.1.9 for more information on secret sharing.
Electronic Commerce
Over the past few years there has been a growing amount of business conducted over the Internet - this form of business is called electronic commerce or e-commerce. E-commerce is comprised of online banking, online brokerage accounts, and Internet shopping, to name a few of the many applications. One can book plane tickets, make hotel reservations, rent a car, transfer money from one account to another, buy compact disks (CDs), clothes, books and so on all while sitting in front of a computer. However, simply entering a credit card number on the Internet leaves one open to fraud. One cryptographic solution to this problem is to encrypt the credit card number (or other private information) when it is entered online, another is to secure the entire session (see Question 5.1.2). When a computer encrypts this information and sends it out on the Internet, it is incomprehensible to a third party viewer. The web server ("Internet shopping center") receives the encrypted information, decrypts it, and proceeds with the sale without fear that the credit card number (or other personal information) slipped into the wrong hands. As more and more business is conducted over the Internet, the need for protection against fraud, theft, and corruption of vital information increases.
Certification
Another application of cryptography is certification; certification is a scheme by which trusted agents such as certifying authorities vouch for unknown agents, such as users. The trusted agents issue vouchers called certificates which each have some inherent meaning. Certification technology was developed to make identification and authentication possible on a large scale. See Question 4.1.3.10 for more information on certification.
Key Recovery
Key recovery is a technology that allows a key to be revealed under certain circumstances without the owner of the key revealing it. This is useful for two main reasons: first of all, if a user loses or accidentally deletes his or her key, key recovery could prevent a disaster. Secondly, if a law enforcement agency wishes to eavesdrop on a suspected criminal without the suspect's knowledge (akin to a wiretap), the agency must be able to recover the key. Key recovery techniques are in use in some instances; however, the use of key recovery as a law enforcement technique is somewhat controversial. See Question 7.12 for more on key recovery.
Remote Access
Secure remote access is another important application of cryptography. The basic system of passwords certainly gives a level of security for secure access, but it may not be enough in some cases. For instance, passwords can be eavesdropped, forgotten, stolen, or guessed. Many products supply cryptographic methods for remote access with a higher degree of security.
Other Applications
Cryptography is not confined to the world of computers. Cryptography is also used in cellular (mobile) phones as a means of authentication; that is, it can be used to verify that a particular phone has the right to bill to a particular phone number. This prevents people from stealing (``cloning'') cellular phone numbers and access codes. Another application is to protect phone calls from eavesdropping using voice encryption.



1.5 WHAT ARE CRYPTOGRAPHY STANDARDS?
Cryptography standards are needed to create interoperability in the information security world. Essentially they are conditions and protocols set forth to allow uniformity within communication, transactions and virtually all computer activity. The continual evolution of information technology motivates the development of more standards, which in turn helps guide this evolution.
The main motivation behind standards is to allow technology from different manufacturers to "speak the same language", that is, to interact effectively. Perhaps this is best seen in the familiar standard VHS for video cassette recorders (VCRs). A few years ago there were two competing standards in the VCR industry, VHS and BETA. A VHS tape could not be played in a BETA machine and vice versa; they were incompatible formats. Imagine the chaos if all VCR manufacturers had different formats. People could only rent movies that were available on the format compatible with their VCR. Standards are necessary to insure that products from different companies are compatible.
In cryptography, standardization serves an additional purpose; it can serve as a proving ground for cryptographic techniques because complex protocols are prone to design flaws. By establishing a well-examined standard, the industry can produce a more trustworthy product. Even a safe protocol is more trusted by customers after it becomes a standard, because of the ratification process involved.
The government, private industry, and other organizations contribute to the vast collection of standards on cryptography. A few of these are ISO, ANSI, IEEE, NIST, and IETF (see Section 5.3). There are many types of standards, some used within the banking industry, some internationally and others within the government. Standardization helps developers design new products. Instead of spending time developing a new standard, they can follow a pre-existing standard throughout the development process. With this process in place consumers have the chance to choose among competing products or services.


1.6 WHAT IS THE ROLE OF THE UNITED STATES GOVERNMENT IN CRYPTOGRAPHY?
The U.S. government plays many roles in cryptography, ranging from use to export control to standardization efforts to the development of new cryptosystems. Recently the government has taken an even bigger interest in cryptography due to its ever-increasing use outside of the military.
One obvious reason the U.S. government is interested in cryptography stems from the crucial role of secure communication during wartime. Because the enemy may have access to the communication medium, messages must be encrypted. With certain cryptosystems, the receiver can determine whether or not the message was tampered with during transmission, and whether the message really came from who claims to have sent it.
In the past, the government has not only used cryptography itself, but has cracked other country's codes as well. A notable example of this occurred in 1940 when a group of Navy cryptanalysts, led by William F. Friedman, succeeded in breaking the Japanese diplomatic cipher known as Purple.
In 1952, the U.S. government established The National Security Agency (NSA; see Question 6.2.2), whose job is to handle military and government data security as well as gather information about other countries' communications. Also established was The National Institute of Standards and Technology (NIST; see Question 6.2.1), which plays a major role in developing cryptography standards.
During the 1970's, IBM and the U.S. Department of Commerce - more precisely NIST (then known as NBS) - developed along with NSA the Data Encryption Standard (DES; see Section 3.2). This algorithm has been a standard since 1977, with reviews leading to renewals every few years. The general consensus is that DES is no longer strong enough for today's encryption needs. Therefore, NIST is currently working on a new standard, the Advanced Encryption Standard (AES; see Section 3.3), to replace DES. In the intermediate stage, triple-DES (see Question 3.2.6) is the encryption standard. It is expected that AES will remain a standard well into the 21st century.
Currently there are no restrictions on the use or strength of domestic encryption (encryption where the sender and recipient are in the U.S.). However, the government regulates the export of cryptography from the U.S. by setting restrictions (see Section 6.4) on how strong such encryption may be. Cryptographic exports are controlled under the Export Administration Regulations (EAR), and their treatment varies according to several factors including destinations, customers, and the strength and usage of the cryptography involved. In January 2000, the restrictions were significantly relaxed; today, any cryptographic product can be exported to non-governmental end-users outside embargoed destinations (states supporting terrorism) without a license.

1.7 WHY IS CRYPTOGRAPHY IMPORTANT?
Cryptography allows people to carry over the confidence found in the physical world to the electronic world, thus allowing people to do business electronically without worries of deceit and deception. Every day hundreds of thousands of people interact electronically, whether it is through e-mail, e-commerce (business conducted over the Internet), ATM machines, or cellular phones. The perpetual increase of information transmitted electronically has lead to an increased reliance on cryptography.
Cryptography on the Internet
The Internet, comprised of millions of interconnected computers, allows nearly instantaneous communication and transfer of information, around the world. People use e-mail to correspond with one another. The World Wide Web is used for online business, data distribution, marketing, research, learning, and a myriad of other activities.
Cryptography makes secure web sites (see Question 5.1.2) and electronic safe transmissions possible. For a web site to be secure all of the data transmitted between the computers where the data is kept and where it is received must be encrypted. This allows people to do online banking, online trading, and make online purchases with their credit cards, without worrying that any of their account information is being compromised. Cryptography is very important to the continued growth of the Internet and electronic commerce.
E-commerce (see Section 4.2) is increasing at a very rapid rate. By the turn of the century, commercial transactions on the Internet are expected to total hundreds of billions of dollars a year. This level of activity could not be supported without cryptographic security. It has been said that one is safer using a credit card over the Internet than within a store or restaurant. It requires much more work to seize credit card numbers over computer networks than it does to simply walk by a table in a restaurant and lay hold of a credit card receipt. These levels of security, though not yet widely used, give the means to strengthen the foundation with which e-commerce can grow.
People use e-mail to conduct personal and business matters on a daily basis. E-mail has no physical form and may exist electronically in more than one place at a time. This poses a potential problem as it increases the opportunity for an eavesdropper to get a hold of the transmission. Encryption protects e-mail by rendering it very difficult to read by any unintended party. Digital signatures can also be used to authenticate the origin and the content of an e-mail message.
Authentication
In some cases cryptography allows you to have more confidence in your electronic transactions than you do in real life transactions. For example, signing documents in real life still leaves one vulnerable to the following scenario. After signing your will, agreeing to what is put forth in the document, someone can change that document and your signature is still attached. In the electronic world this type of falsification is much more difficult because digital signatures (see Question 2.2.2) are built using the contents of the document being signed.
Access Control
Cryptography is also used to regulate access to satellite and cable TV. Cable TV is set up so people can watch only the channels they pay for. Since there is a direct line from the cable company to each individual subscriber's home, the Cable Company will only send those channels that are paid for. Many companies offer pay-per-view channels to their subscribers. Pay-per-view cable allows cable subscribers to "rent" a movie directly through the cable box. What the cable box does is decode the incoming movie, but not until the movie has been ``rented.'' If a person wants to watch a pay-per-view movie, he/she calls the cable company and requests it. In return, the Cable Company sends out a signal to the subscriber's cable box, which unscrambles (decrypts) the requested movie.
Satellite TV works slightly differently since the satellite TV companies do not have a direct connection to each individual subscriber's home. This means that anyone with a satellite dish can pick up the signals. To alleviate the problem of people getting free TV, they use cryptography. The trick is to allow only those who have paid for their service to unscramble the transmission; this is done with receivers (``unscramblers''). Each subscriber is given a receiver; the satellite transmits signals that can only be unscrambled by such a receiver (ideally). Pay-per-view works in essentially the same way as it does for regular cable TV.
As seen, cryptography is widely used. Not only is it used over the Internet, but also it is used in phones, televisions, and a variety of other common household items. Without cryptography, hackers could get into our e-mail, listen in on our phone conversations, tap into our cable companies and acquire free cable service, or break into our bank/brokerage accounts.