Glossary
- AEAD
- Authenticated Encryption with Associated Data
- AEAD mode
- Class of block cipher mode of operation that provides
authenticated encryption, as well as authenticating some unencrypted
associated data
- AES
- Advanced Encryption Standard
- AKE
- authenticated key exchange
- ARX
- add, rotate, XOR
- asymmetric-key algorithm
- See public-key algorithm
- asymmetric-key encryption
- See public-key encryption
- BEAST
- Browser Exploit Against SSL/TLS
- block cipher
- Symmetric encryption algorithm that encrypts and decrypts blocks of fixed size
- Carter-Wegman MAC
- Reusable message authentication code scheme built from a one-time MAC.
Combines benefits of performance and ease of use
- CBC
- cipher block chaining
- CBC mode
- Cipher block chaining mode; common mode
of operation where the previous ciphertext block is XORed with the
plaintext block during encryption. Takes an initialization vector,
which assumes the role of the “block before the first block”
- CDN
- content distribution network
- cross-site request forgery
- Kind of attack where a malicious website tricks the browser into making
requests to another website. Can be prevented by properly authenticating
requests instead of relying on ambient authority such as session cookies
- CSPRNG
- cryptographically secure pseudorandom number generator
- CSRF
- cross-site request forgery
- CTR mode
- Counter mode; a nonce combined with a counter produces a sequence
of inputs to the block cipher; the resulting ciphertext blocks are the keystream
- DES
- Data Encryption Standard
- ECB mode
- Electronic code book mode; mode of
operation where plaintext is separated into blocks that are
encrypted separately under the same key. The default mode in many
cryptographic libraries, despite many security issues
- encryption oracle
- An oracle that will encrypt some data
- FIPS
- Federal Information Processing Standards
- GCM
- Galois Counter Mode
- GCM mode
- Galois counter mode; AEAD mode combining CTR mode with a
Carter-Wegman MAC
- GMAC
- message authentication code part of GCM mode used separately
- HKDF
- HMAC-based (Extract-and-Expand) Key Derivation Function
- HMAC
- Hash-based Message Authentication Code
- HSTS
- HTTP Strict Transport Security
- initialization vector
- Data used to initialize some algorithms such as CBC mode.
Generally not required to be secret, but required to be unpredictable.
Compare nonce, salt
- IV
- initialization vector
- KDF
- key derivation function
- key agreement
- See key exchange
- key exchange
- The process of exchanging keys across an insecure medium using a
particular cryptographic protocol. Typically designed to be secure against
eavesdroppers. Also known as key agreement
- keyspace
- The set of all possible keys
- MAC
- message authentication code
- message authentication code
- Small piece of information used to verify authenticity and integrity of a message.
Often called a tag
- MITM
- man-in-the-middle
- mode of operation
- modes of operation
- Generic construction that encrypts and decrypts streams, built from a
block cipher
- nonce
- Number used once. Used in many cryptographic protocols. Generally
does not have to be secret or unpredictable, but does have to be unique.
Compare initialization vector, salt
- OCB
- offset codebook
- OCB mode
- Offset codebook mode; high-performance AEAD mode, unfortunately
encumbered by patents
- one-time MAC
- message authentication code that can only be used securely for a
single message. Main benefit is increased performance over re-usable MAC
- oracle
- A “black box” that will perform some computation for you
- OTR
- off-the-record
- OTR messaging
- Off-the-record messaging, messaging protocol that intends to mimic the
properties of a real-life private conversation. Piggy-backs onto existing
instant messaging protocols
- PRF
- pseudorandom function
- PRNG
- pseudorandom number generator
- PRP
- pseudorandom permutation
- public-key algorithm
- Algorithm that uses a pair of two related but distinct keys. Also known
as asymmetric-key algorithm. Examples include public-key
encryption and most key exchange protocols
- public-key encryption
- Encryption using a pair of distinct keys for encryption and decryption.
Also known as asymmetric-key encryption. Contrast with secret-key
encryption
- RSA
- Rivest Shamir Adleman
- salt
- Random data that is added to a cryptographic primitive (usually a one-way
function such as a cryptographic hash function or a key derivation
function) Customizes such functions to produce different outputs (provided
the salt is different). Can be used to prevent e.g. dictionary attacks.
Typically does not have to be secret, but secrecy may improve security
properties of the system. Compare nonce, initialization vector
- secret-key encryption
- Encryption that uses the same key for both encryption and decryption. Also
known as symmetric-key encryption. Contrast with public-key encryption
- SMP
- socialist millionaire protocol
- stream cipher
- Symmetric encryption algorithm that encrypts streams of arbitrary size
- substitution-permutation network
- Generic design for block ciphers where the block is enciphered by repeated
substitutions and permutations
- symmetric-key encryption
- See secret-key encryption