Designing Encryption Algorithms for Real People

B. Schneier

Proceedings of the 1994 ACM SIGSAC New Security Paradigms Workshop, IEEE Computer Society Press, August 1994, pp. 63-71.

ABSTRACT: There is a wide disparity between cryptographic algorithms as specified by researchers and cryptographic algorithms as implemented in software applications. Programmers are prone to implement poor key management, make mistakes coding the algorithm, and use the algorithm in ways and for periods of time not originally intended. I propose design heuristics for designing algorithms in the “hostile” implementation environment of real-world software development. In the real world, it is easy to choose a secure encryption algorithm. There are several, all designed by respected cryptographers, all described in the open literature, and all implemented in public-domain software. It is much harder to implement the algorithm properly in a software application. As a result, implementations of the algorithm are often far less secure in practice than its creators envisioned them. While it is not strictly the job of an algorithm designer to concern himself with implementation details, it is important to realize how algorithms are used in the real world. Armed with this knowledge, a cryptographer can make his algorithms resilient to the kinds of abuses that they will most likely face in the hands of naive programmers. This paper concerns itself with software implementations of cryptographic algorithms. Traditionally strong encryption was almost exclusively found in special-purpose and embedded hardware. Since these hardware devices were self-contained, it was easier to design them securely and force secure implementations. Today, the increased demand for cheap encryption combined with the increased power of personal computers has made software encryption more ubiquitous. Mistakes are far more common in software cryptographic systems, because programmers have far more control over the details of a software system. They have more opportunities to make mistakes in programming, implement bad key management processes, ignore memory management issues, and cut corners to improve performance.

The full text of this paper is currently not available.

Categories: Miscellaneous Papers

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.