society which serves the National Secu---uh, no. Seriously, we're the good guys, and we've done what we can to ensure the completeness and accuracy of this document, but in a field of military and commercial importance like cryptography you have to expect that some people and organizations consider their interests more important than open scientific discussion. Trust only what you can verify firsthand. And don't sue us. Many people have contributed to this FAQ. In alphabetical order: Eric Bach, Steve Bellovin, Dan Bernstein, Nelson Bolyard, Carl Ellison, Jim Gillogly, Mike Gleason, Doug Gwyn, Luke O'Connor, Tony Patti, William Setzer. We apologize for any omissions. If you have suggestions, comments, or criticism, please let the current editors know by sending e-mail to firstname.lastname@example.org. We don't assume that this FAQ is at all complete at this point. Archives: sci.crypt has been archived since October 1991 on cl-next2.cl.msu.edu, though these archives are available only to U.S. and Canadian users. Please contact email@example.com if you know of other archives. The sections of this FAQ are available via anonymous FTP to rtfm.mit.edu as /pub/usenet/news.answers/cryptography-faq/part[xx]. The Cryptography FAQ is posted to the newsgroups sci.crypt, sci.answers, and news.answers every 21 days. * What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? The story begins: When Julius Caesar sent messages to his trusted acquaintances, he didn't trust the messengers. So he replaced every A by a C, every B by a D, and so on through the alphabet. Only someone who knew the ``shift by 2'' rule could decipher his messages. A cryptosystem or cipher system is a method of disguising messages so that only certain people can see through the disguise. Cryptography is the art of creating and using cryptosystems. Cryptanalysis is the art of breaking cryptosystems---seeing through the disguise even when you're not supposed to be able to. Cryptology is the study of both cryptography and cryptanalysis. The original message is called a plaintext. The disguised message is called a ciphertext. Encryption means any procedure to convert plaintext into ciphertext. Decryption means any procedure to convert ciphertext into plaintext. A cryptosystem is usually a whole collection of algorithms. The algorithms are labelled; the labels are called keys. For instance, Caesar probably used ``shift by n'' encryption for several different values of n. It's natural to say that n is the key here. The people who are supposed to be able to see through the disguise are called recipients. Other people are enemies, opponents, interlopers, eavesdroppers, or third parties. * What is the National Security Agency (NSA)? The NSA is the official security body of the U.S. government. It was given its charter by President Truman in the late 40's, and has continued research in cryptology till the present. The NSA is known to be the largest employer of mathematicians in the world, and is also the largest purchaser of computer hardware in the world. Governments in general have always been prime employers of cryptologists. The NSA probably possesses cryptographic expertise many years ahead of the public state of the art, and can undoubtedly break many of the systems used in practice; but for reasons of national security almost all information about the NSA is classified. Bamford's book [BAMFD] gives a history of the people and operations of the NSA. The following quote from Massey [MAS88] highlights the difference between public and private research in cryptography: ``... if one regards cryptology as the prerogative of government, one accepts that most cryptologic research will be conducted behind closed doors. Without doubt, the number of workers engaged today in such secret research in cryptology far exceeds that of those engaged in open research in cryptology. For only about 10 years has there in fact been widespread open research in cryptology. There have been, and will continue to be, conflicts between these two research communities. Open research is common quest for knowledge that depends for its vitality on the open exchange of ideas via conference presentations and publications in scholarly journals. But can a government agency, charged with responsibilities of breaking the ciphers of other nations, countenance the publication of a cipher that it cannot break? Can a researcher in good conscience publish such a cipher that might undermine the effectiveness of his own government's code-breakers? One might argue that publication of a provably-secure cipher would force all governments to behave like Stimson's `gentlemen', but one must be aware that open research in cryptography is fraught with political and ethical considerations of a severity than in most scientific fields. The wonder is not that some conflicts have occurred between government agencies and open researchers in cryptology, but rather that these conflicts (at least those of which we are aware) have been so few and so mild.'' * What are the US export regulations? In a nutshell, there are two government agencies which control export of encryption software. One is the Bureau of Export Administration (BXA) in the Department of Commerce, authorized by the Export Administration Regulations (EAR). Another is the Office of Defense Trade Controls (DTC) in the State Department, authorized by the International Traffic in Arms Regulations (ITAR). As a rule of thumb, BXA (which works with COCOM) has less stringent requirements, but DTC (which takes orders from NSA) wants to see everything first and can refuse to transfer jurisdiction to BXA. The newsgroup misc.legal.computing carries many interesting discussions on the laws surrounding cryptographic export, what people think about those laws, and many other complex issues which go beyond the scope of technical groups like sci.crypt. Make sure to consult your lawyer before doing anything which will get you thrown in jail; if you are lucky, your lawyer might know a lawyer who has at least heard of the ITAR. * What is TEMPEST? TEMPEST is a standard for electromagnetic shielding for computer equipment. It was created in response to the discovery that information can be read from computer radiation (e.g., from a CRT) at quite a distance and with little effort. Needless to say, encryption doesn't do much good if the cleartext is available this way.