An extract translated from La
cryptographie militaire (Military
Cryptography) by Auguste Kerckhoffs published in 1883. Remember
that encryption was to be carried out by hand using memorized
information, which explains some of the more antiquated-looking
principles below, but many still apply. Principle #1, and the
explanation of it that follows, suggests the role of computationally
intractable problems, which we will discuss later. Principle #2 is now
known as Kerckhoffs' principle, and remains a cornerstone of
cryptography.
REQUIREMENTS FOR A CRYPTOGRAPHIC SYSTEM
1. The system must be practically, if not mathematically,
indecipherable.
2. The system must not be required to be secret; it should be able to
fall into the hands of the enemy without causing any inconvenience.
3. It must be possible to communicate and remember the key without
recourse to written notes, and to modify it whenever the correspondents
wish.
4. It should be applicable to messages sent by telegraph.
5. It must be portable; its use must not require the cooperation
of several people.
6. Finally, it is necessary, given the circumstances under which such
systems are applied, that it be simple to use, requiring neither great
mental effort nor a long series of rules to follow.
Everyone agrees on these last three points, but not on the first three.
Thus, there are people in authority who maintain that the absolute
indecipherability of the cipher need not be considered a sine qua non for its use in the
army, that the encrypted instructions transmitted in wartime have only
a momentary imporance and need not be held secret longer than three or
four hours after they are given. That it is therefore is of
little imporance if the meaning of a secret dispatch becomes known to
the enemy several hours after it is intercepted; that it is enough, in
a word, that the system be crafted in such a manner that that its
decipherment requires at least three or four hours of work. They
add that the possibility of changing the key at will robs
indecipherability of all its importance.
At first glance, this argument appears correct, but I believe that at
bottom it is false. Indeed, I think that it forgets the fact that
the secrecy of messages very often keeps its importance past the day
that they are sent. Without listing all the eventualities that
can arise, it is enough to cite the case where the commander of a city
under siege sends infomation to the army that must come to its
aid. Moreover, once someone has managed to decipher an
intercepted message, every new dispatch, encrypted with the same key
and likewise intercepted, can be read instantly. As a result,
after a certain time, dispatches will be sent in all directions, and
their decipherment will in a sense have been accomplished in
advance---unless one allows that in an army corps all the encrypted
messages come from a single person, or at least pass through the hands
of a single person, which would reduce secret correspondence to an
extremely modest role.
The ability to change the key at will is certainly an essential
condition of every cryptographic system, but it is a deceptive
advantage, which one cannot count on practically through the thousand
adventures of a long military campaign.
As to the necessity of a secret system, which, in my view, constitutes
the principal defect of ALL our cryptographic systems, I will
observe that in a sense it restricts the use of the cryptographic
system exclusively to top commanders. And here, by 'secret', I do
not mean the key, but the material part of the system: Tables,
codebooks, or mechanical devices that are needed to apply the
system. Indeed, one need not invent imaginary phantoms nor doubt
the honesty of employees and subordinates to understand that if a
secret system was known to too many individuals, it could be
compromised by any use of it made by any of them. This is
enough to condemn the codebooks which are in use today in the army.
It will be objected that if we meet this goal (#2), it will scarcely
be possible to create a completely indecipherable system. Let's
understand: I know very well that to have under these conditions
a system that is mathematically indecipherable is mathematically
impossible. But I claim, and not without good reason, that one
can create systems that are, if not mathematically, at least
practically, indecipherable, while still realizing the goals that I
have set out above.
There is now serious reason for suggesting that the minister of
war replace the secret codebooks by some other, more practical system.
If the administration wishes to profit from all the services that a
well-crafted cryptographic system can render, it must absolutely
renounce secret methods, and establish the principle that it will
accept only systems that can be taught openly in our military schools,
that our students are free to communicate to whomever they choose, and
that our neighbors can copy and adopt if they wish. I will say
more: It is only when our officers will have studied the
principles of cryptography and learned the art of decipherment
that they will be able to avoid the many blunders that compromise the
keys of the best systems.