Which of the parameters of a block cipher (e.g., algorithm name, mode of operation, IV (if any), key length) are essential to keep secret?
Asked
Active
Viewed 1,618 times
1 Answers
15
In you opinion which of the parameters of a block cipher (e.g., algorithm name, mode of operation, IV (if any), key length) are essential to keep secret?
I believe that it is essential that you keep the key secret.
If there is any other aspect of the cipher that you must keep secret (that is, you become insecure if it is revealed), then your cipher is 'broken'.
We can assume that the attacker can learn any long term aspect of your cipher implementation, such as the cipher name, mode of operation, key length. There are a number of possible ways they might learn it, such as an employee accidentally (or deliberately) leaking it, or if the attacker just obtains your implementation and dissects it. Hence, for security, we want to depend solely on something that we update routinely (such as the key). If the attacker learns the key, that limits the damage (as they can decrypt the traffic encrypted with that key, but nothing after we update the key). This idea is referred to as Kerckhoff's principle.
Now, you list the IV; that is typically updated constantly. On the other hand, we generally use it to refer to information that need not be secret. If it does have to be secret, then it really is part of the key, and should be considered that way.
