RSA Lib Chapter 1 -- Introduction (RSA实验室 第一章，密码学介绍）

第一章 介绍


在这个介绍的章节中，对加密技术和相关问题的领域做了简要概述。


1.1 RSA实验室关于当今密码学经常被问的问题？
RSA实验室关于当今算法的常见问题FAQ是一个有关于现代密码学，密码分析，并与他们有关的问题的问题大集合。以提出的问题和回答问题的方式。我们尽我们所能详尽的回答每一个可能的问题。我们希望，这份文件将是一个很好的介绍，以及为那些有兴趣在密码学领域的一个有用的参考。


1.2 什么是密码学
因为密码学的领域已经进步了，加密和非加密的分界线已经变得模糊。今天的密码学被总结为算法的研究，和基于解决困难问题的应用。密码分析学是研究如何侵入（攻破）算法的机制，是结合加密技术和密码分析的领域。对大多数人来说，加密是私人通讯相关。事实上，保护敏感的通讯一直是密码学从历史上一直强调的。然而这只是当今密码学中的一部分。
加密是一种数据转化方式，将数据转化成在没有相应的信息尽量无法阅读的格式。它的目的是即使非参与方能访问加密数据，消息仍然可以对非参与方隐藏，来保证隐私性。解密和加密相反，是把加密的数据回改为可以理解的形式。
加密和解密和解密通常需要使用一些安全信息，比如提到的密钥。对一些加密机制，加密和解密操作使用相同的密钥；对另外一些机制，加密和解密使用的密钥是不相同的。（参见问题2.1.1）
今天的密码学不止于加密和解密。身份认证是我们生活中隐私常见的部分。我们在每天的生活中都使用身份认证-例如我们在一些文档签署名字，当我们使用电子通讯将我们的决定和意见发布到全世界范围，我们需要有提供身份认证的电子技术。密码学为这些过程提供了机制。一个数字签名在文档上绑定了一个使用特定密钥，一个数字时间戳在文档上绑定了具体的时间。这些密码学算法可以被用来控制对一个共享磁盘的访问，一个高安全的安装，或者一个付费观看的电视频道。密码学领域也包含其它的用途。只需要几个基本的加密工具，就可以建立详尽的计划和方案允许我们使用电子现金来支付，以证明我们知道特定的信息，而不暴露信息本身，共享安全信息，并且共享方可以恢复安全信息。
虽然现代密码学日益多样化，密码学的根本还是基于难以解决的问题。一个问题难解决因为它的解决需要一些密码因素，比如解密一个加密的消息或者签名一些数字文档。问题也可以难解决因为它本质上难以实现，比如发现一个能产生指定hash值的消息。
Rivest和Brassard形成了一个现代密码学很好的介绍。一些教科书由Stinson和Stallings提供。而西门子提供了一个密码学技术视角更深层面的报道。应用密码学是现代密码学的一个完整的审查。Ford对加密和安全通讯提供了细节讨论。


1.3 在密码学领域一些流行的技术
有两种类型的加密体系：密钥体系和公钥体系体系。密钥体系算法业被认为是对称算法，相同的密钥被使用在加密和解密操作中。当今使用的最常见的密钥体系算法是数据加密标准(DES)
在公钥算法体系，每个用户有一个公钥和一个私钥，公钥是公开的，私钥是私密的。加密使用公钥，而解密使用四要。RSA公钥体系算法是公钥体系最常见的算法，Rivest,Shamir,Adleman发明了RSA算法。
数字签名算法DSA也是一个常用的公钥技术算法，因为它只能被用来签名，不能用于加密。椭圆曲线密码系统ECCs是基于被成为椭圆曲线的数学对象上的算法。椭圆曲线算法正在越来越流行。最后Diffie-Hellman密钥协商协议是在非安全通道上构建密钥的通用公钥技术。


1.4 密码学如何使用？
密码学是非常有用的；有很多的应用，其中的大多数都是当前正在使用的。一个密码学的典型应用是系统建立的基本技术。这种系统可以有不同层次的复杂度。一些更简单的应用是安全通讯，鉴定，身份认证，和安全共享。更复杂一点的应用包括电子商务，证书，安全电子邮件，密钥恢复，和安全计算机访问。
通常来说，不太复杂的应用更容易实施。身份识别和验证广泛存在，然而电子商务系统才刚开始实施。然而这个规则也有例外；即，通过率取决于需求的水平。举个例子SSL封装HTTP比简单的链路加密获得了更多的使用率。采纳率也依赖于需求水平。
安全通讯
安全通讯是密码学最明显的应用。两个人可以通过加密发送消息来获得安全通讯。在这种方式下，第三方窃听可能永远不能破译消息。虽然已经存在了几个世纪，安全通信的密钥管理问题已经成为家常便饭。感谢公钥算法的开发，使得有工具可以使得人们即使之前从来没有通讯过，也能在大型网络下互相安全通讯。
身份识别和认证
身份识别和认证是两种密码学的广泛应用。身份识别是校验某人或者某东西的身份的过程。例如，从银行取钱的时候，柜员要求检查身份认证（比如驾驶本）来校验帐号拥有者的身份。同样的过程也可以使用密码学电子实现。每个ATM机卡都和一个“秘密”个人身份标识号（PIN）关联，绑定了卡的拥有者和帐号。当卡插入ATM机的时候，机器使用PIN来验证卡片持有者。如果输入了正确的PIN，机器识别操作者为正确的拥有者，并且赋予访问权限。另一个密码学的重要应用是认证。认证和识别类似，都是为了允许某实体访问资源（比如internet帐号），但是认证更广泛，因为它并不一定包含一个人或者实体。认证仅决定是否用户和实体在某个问题下是认证的。更多关于身份识别和认证的内容，参见问题2.2.5.
秘密共享
密码学的另一个应用叫做秘密共享，允许秘密的的信任被一群人分配。例如，在（k,n)门限方案，秘密的信息被描述成如下的方式：n个人中的k个人有足够信息来确定秘密，但是任何k-1集合的人都不能访问。在任何秘密共享方案中，有指定的掌握信息的人来决定秘密。在一些安全共享方案中，每个参与者在它产生的时候都收到秘密。在其它的一些实现中，实际的从来没有对参与者开放，虽然它们被允许访问秘密。更多的关于秘密共享的问题参见2.1.9
电子商务
在过去几年，已经有越来越多的业务是在互联网上进行的 - 这种形式被称为电子商务或者e-商务。电子商务包括网上银行，网上经纪账户，和互联网购物的很多应用。人们可以在计算机前面预订机票，预订旅馆，租车，从一个账户转账到另一个账户，购买CD，衣服，书。然而，一个这个问题的密码学解决方案是当在网上输入的时候加密信用卡号（或者其它私有信息），另外一个一个是确保整个会话的安全。当计算机加密这个信息并把它发往网络，这些信息对第三方来说是无法理解的。网站服务器在保证这些数据不落入坏人的手里前提下收到这些加密信息，解密，并且处理这些销售。随着越来越多的生意转移到互联网上，防止欺诈，盗窃，和贪污的保护需求在增加。
认证
另外一个算法学的应用是认证；认证是核证机关为了将受信的代理和未知代理，和用户分开的方案。受信代理发行的凭证称为证书，每个都含有一些固定的含义。证书技术被开发来可以在大的场景下提供身份识别和验证。
密钥恢复
密钥恢复是一个技术，允许密钥的所有者在特定的环境下在不暴露的情况下输出密钥。因为以下两个原因这是非常有用的：首先，如果用户丢失或者误删除他的密钥，密钥恢复可以防止灾难的发生。第二，如果一个执法机关希望在犯罪嫌疑人不知情的情况下实施监听，机关必须能够恢复密钥。密钥恢复机制被用在一些实例上；然而，作为执法应用的密钥恢复的使用一直是有争议的。
远程访问
安全的远程访问是另外一个密码学的重要应用。基本的密码系统提供一定级别的安全的安全访问，但是在某些情况下是不足够的。例如，密码可以被窃听，遗忘，丢失或者猜测出来。许多产品在高级别安全的级别下提供远程访问的密码学方法。
其它应用
加密并不局限于计算机世界。密码学业是手机完成认证的手段，它可以验证一个特定的手机是否拥有某个特定的手机号码的权利。这个可以防止手机号码被偷盗和克隆。另外一个保护手机被偷听的应用使用了语音加密。


1.5 什么是密码学规范？
密码学规范是建立信息安全领域互操作性所需要的。从本质讲它的条件和协议是为了允许在通讯、交易和几乎所有的计算机活动的统一性。信息技术的不断演进，促进更多的规范的发展，这反过来有助于引导这种演变。
标准背后的主要动机是为了允许不同的制造商的技术“使用同样的语言讲话“，即，有效性互动。从我们熟悉的视频规范VHS和VCRs来看，这显然是最好的。若干年前，在VCR产业，有两个互相竞争的方案，VHS和BETA。一个VHS录像带无法在BETA机器上播放反之依然；它们是在VCR行业不兼容的格式。标准对于保证不同公司的产品是兼容的。
在密码学领域，规范提供着一个额外的目标；它可以提供一个算法技术的实验场。因为复杂的协议很容易产生设计缺陷。通过创建一个审查标准，工厂可以生产更可信的产品。因为相涉及的审批流程，即使是一个安全协议也会在成为一个标准之后被消费者更加的相信。
政府，民营企业，和其它一些组织，有助于加密学规范的收集。其中一些是ISO, ANSI, IEEE, NIST, 和IETF (参见第5.3章）。有许多规范的类型，一些使用在银行业，一些内部使用，另外的一些在政府中。标准化帮助开发者设计新产品。除了花时间开发一个新的规范，它们可以在开发过程中使用预先定义的规范。有了这个过程，消费者有机会在相互竞争的产品和服务中做出选择。


1.6 美国政府在密码学领域的规则？
美国政府在密码学领域扮演了许多角色，从新算法的使用到出口管制到规范制定。最近政府对密码学领域提出了更多的兴趣，因为日益增长的非军事需求。
美国政府对密码学感兴趣的一个显著的原因是源于战争时期的安全通讯。因为敌人可能有通讯介质的访问，消息必须加密。通过特定的算法，接受这可以判断消息是否在传输中被篡改，并且消息是否真正从发送源出来。
在过去，政府不只是使用密码学本身，也攻击其它国家的数据。这方面的一个明显的例子是1940年威廉·弗里德曼领导的海军密码小组，成功的攻破了日本称为紫色的外交密码。
在1952年，美国政府发起了国家安全局（NSA），其任务是处理军事和政府数据数据的安全，也为了收集其它国家通讯信息。还建立了国家标准技术研究院（NIST），在开发密码学规范上发挥了主要作用。
在1970年代，IBM和美国商务部，更具体的是和NIST开啦了数据加密标准DES。这个算法自从1977年成为了规范，每隔几年就要引起一次评论。普遍的共识是DES对今天的加密需求已经不再足够强大了。因此NIST当前在努力实现一个新的标准，增强加密规范AES来替代DES。在中间阶段，三DES是加密标准。据预计，21世纪AES将会成为通用的算法。
当前，国内加密强度上没有任何限制。然而政府通过设置审查对出口的安全产品进行加密强度的限制。密码学出口在出口管理条例（EAR）的控制内，并且它们通过不同的属性，包括目的地，顾客和密码学使用的强度区别对待。在2000年1月，限制显著的放宽；今天密码学产品已经可以不通过授权出口到任何政府任何用户手中（除了禁止的目的：比如恐怖组织）。


1.7 密码学的重要性？
密码学通过允许人们离开电子诈骗从事电子商业，给了人们将物理世界搬移到电子世界的信心。每天，成千上万的人们电子化互动，不论是通过电子邮件，电子商务，ATM机或者手提电话。不断增加了网络上的密码学使用。
网络，由百万级互联的电脑组成，允许几乎全世界几乎瞬间的信息传输和通讯。人们使用使用电子邮件与其它人通讯。万维网被在线商务，数据分发，市场，研发，学习和无数的其它活动使用。
加密使得安全的网站和安全电子传输成为可能。安全的网站和电脑收到和保存的数据必须是加密的。这允许人们实现在线银行，在线交易，信用卡网上购物，而不用担心它们的帐号信息收到损害。加密对网络和电子商务的发展至关重要。
电子商务正在以极快的速度增长。在世纪之交，互联网上的商业贸易每年的总额将达到数十亿美元。这个程度的活跃度不能支持非密码学安全。曾有人说用户在网上使用信用卡比在参观和商店用更安全。相对于步入商店和饭店获得信用卡号，网上获得信用卡号需要更多的工作来跨国安全等级。这种级别的安全虽然没有广泛使用，但已经是电子商务得以增长的基础。人们每天使用电子邮件来处理个人和商业事物。电子邮件没有物理形式，并且可以以电子形式同时在不止一处存储。这构成了潜在的问题，因为它增加了窃听者获得传输的机会。加密保护的电子邮件很难被非参与方读取。数字签名业被用来鉴定电子邮件消息的起源和内容。
认证
在一些情况下，密码学允许你在电子传输中相对于日常生活传输有更多的信心。例如，显示生活的签名文档仍然有如下的问题。在签名之后，有人在保持你签名的前提下，可以改变文档内容。在电子世界这种类型的伪造更困难，因为电子签名的存在是基于被签名文档的内容的。
访问控制
密码学也被用来处理卫星和有线电视的访问。有线电视被设计为用户只能观看它们缴费的频道。因为有限电视公司对每个独立的用户都有直接的线路，有限电视公司将只发送它们付费的频道内容。一些公司提供付费预览服务。付费预览允许客户通过机顶盒租一个电影。如果一个人想观看点播电影，它打电话给有限公司申请，有限公司发送信号到机顶盒负责解码输入的电影。卫星电视和有限电视的工作方式完全不同。因为卫星电视没有直接连如客户家内，这意味着任何用户都可以用卫星接收器获得信号。为了避免用户免费观看电视的问题，它们使用了加密。诀窍是值允许为服务付费的人解读传输；这是通过接受器做到的。每个客户给了一个接收器；卫星传输信号只能通过接收器解密。点播的实现和有线电视类似。
可以看到，密码学被广泛使用。不仅仅是在网络上，也在电视，电话，和其它常见的家居用品中见到。没有密码学，黑客可以获取我们的电子邮件，监听我们的电话通讯，闯入公司网络获得免费的数据服务，或者破解我们的银行账户。

Chapter 1 Introduction


In this introductory chapter, a brief overview of the field of cryptography and related issues is given.




1.1 WHAT IS RSA LABORATORIES' FREQUENTLY ASKED QUESTIONS ABOUT TODAY'S CRYPTOGRAPHY?
RSA Laboratories' Frequently Asked Questions About Today's Cryptography is a large collection of questions about modern cryptography, cryptanalysis, and issues related to them. The information is presented in question and answer form. We have not attempted to be, nor could we be, exhaustive in answering every possible question. Yet, we hope that this document will be both a useful introductory text and a useful reference for those interested in the field of cryptography.


1.2 WHAT IS CRYPTOGRAPHY?
As the field of cryptography has advanced, the dividing lines for what is and what is not cryptography have become blurred. Cryptography today might be summed up as the study of techniques and applications that depend on the existence of difficult problems. Cryptanalysis is the study of how to compromise (defeat) cryptographic mechanisms, and cryptology (from the Greek kryptós lógos, meaning ``hidden word'') is the discipline of cryptography and cryptanalysis combined. To most people, cryptography is concerned with keeping communications private. Indeed, the protection of sensitive communications has been the emphasis of cryptography throughout much of its history [Kah67]. However, this is only one part of today's cryptography.
Encryption is the transformation of data into a form that is as close to impossible as possible to read without the appropriate knowledge (a key; see below). Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have access to the encrypted data. Decryption is the reverse of encryption; it is the transformation of encrypted data back into an intelligible form.
Encryption and decryption generally require the use of some secret information, referred to as a key. For some encryption mechanisms, the same key is used for both encryption and decryption; for other mechanisms, the keys used for encryption and decryption are different (see Question 2.1.1).
Today's cryptography is more than encryption and decryption. Authentication is as fundamentally a part of our lives as privacy. We use authentication throughout our everyday lives - when we sign our name to some document for instance - and, as we move to a world where our decisions and agreements are communicated electronically, we need to have electronic techniques for providing authentication.
Cryptography provides mechanisms for such procedures. A digital signature (see Question 2.2.2) binds a document to the possessor of a particular key, while a digital timestamp (see Question 7.11) binds a document to its creation at a particular time. These cryptographic mechanisms can be used to control access to a shared disk drive, a high security installation, or a pay-per-view TV channel.
The field of cryptography encompasses other uses as well. With just a few basic cryptographic tools, it is possible to build elaborate schemes and protocols that allow us to pay using electronic money (see Question 4.2.1), to prove we know certain information without revealing the information itself (see Question 2.1.8), and to share a secret quantity in such a way that a subset of the shares can reconstruct the secret (see Question 2.1.9).
While modern cryptography is growing increasingly diverse, cryptography is fundamentally based on problems that are difficult to solve. A problem may be difficult because its solution requires some secret knowledge, such as decrypting an encrypted message or signing some digital document. The problem may also be hard because it is intrinsically difficult to complete, such as finding a message that produces a given hash value (see Question 2.1.6).
Surveys by Rivest [Riv90] and Brassard [Bra88] form an excellent introduction to modern cryptography. Some textbook treatments are provided by Stinson [Sti95] and Stallings [Sta95], while Simmons provides an in-depth coverage of the technical aspects of cryptography [Sim92]. A comprehensive review of modern cryptography can also be found in Applied Cryptography [Sch96]; Ford [For94] provides detailed coverage of issues such as cryptography standards and secure communication.


1.3 WHAT ARE SOME OF THE MORE POPULAR TECHNIQUES IN CRYPTOGRAPHY?
There are two types of cryptosystems: secret-key and public-key cryptography (see Questions 2.1.2 and 2.1.1). In secret-key cryptography, also referred to as symmetric cryptography, the same key is used for both encryption and decryption. The most popular secret-key cryptosystem in use today is the Data Encryption Standard (DES; see Section 3.2).
In public-key cryptography, each user has a public key and a private key. The public key is made public while the private key remains secret. Encryption is performed with the public key while decryption is done with the private key. The RSA public-key cryptosystem (see Section 3.1) is the most popular form of public-key cryptography. RSA stands for Rivest, Shamir, and Adleman, the inventors of the RSA cryptosystem.
The Digital Signature Algorithm (DSA; see Section 3.4) is also a popular public-key technique, though it can only be used only for signatures, not encryption. Elliptic curve cryptosystems (ECCs; see Section 3.5) are cryptosystems based on mathematical objects known as elliptic curves (see Question 2.3.10). Elliptic curve cryptography has been gaining in popularity recently. Lastly, the Diffie-Hellman key agreement protocol (see Question 3.6.1) is a popular public-key technique for establishing secret keys over an insecure channel.


1.4 HOW IS CRYPTOGRAPHY APPLIED?
Cryptography is extremely useful; there is a multitude of applications, many of which are currently in use. A typical application of cryptography is a system built out of the basic techniques. Such systems can be of various levels of complexity. Some of the more simple applications are secure communication, identification, authentication, and secret sharing. More complicated applications include systems for electronic commerce, certification, secure electronic mail, key recovery, and secure computer access.
In general, the less complex the application, the more quickly it becomes a reality. Identification and authentication schemes exist widely, while electronic commerce systems are just beginning to be established. However, there are exceptions to this rule; namely, the adoption rate may depend on the level of demand. For example, SSL-encapsulated HTTP (see Question 5.1.2) gained a lot more usage much more quickly than simpler link-layer encryption has ever achieved. The adoption rate may depend on the level of demand.
Secure Communication
Secure communication is the most straightforward use of cryptography. Two people may communicate securely by encrypting the messages sent between them. This can be done in such a way that a third party eavesdropping may never be able to decipher the messages. While secure communication has existed for centuries, the key management problem has prevented it from becoming commonplace. Thanks to the development of public-key cryptography, the tools exist to create a large-scale network of people who can communicate securely with one another even if they had never communicated before.
Identification and Authentication
Identification and authentication are two widely used applications of cryptography. Identification is the process of verifying someone's or something's identity. For example, when withdrawing money from a bank, a teller asks to see identification (for example, a driver's license) to verify the identity of the owner of the account. This same process can be done electronically using cryptography. Every automatic teller machine (ATM) card is associated with a ``secret'' personal identification number (PIN), which binds the owner to the card and thus to the account. When the card is inserted into the ATM, the machine prompts the cardholder for the PIN. If the correct PIN is entered, the machine identifies that person as the rightful owner and grants access. Another important application of cryptography is authentication. Authentication is similar to identification, in that both allow an entity access to resources (such as an Internet account), but authentication is broader because it does not necessarily involve identifying a person or entity. Authentication merely determines whether that person or entity is authorized for whatever is in question. For more information on authentication and identification, see Question 2.2.5.
Secret Sharing
Another application of cryptography, called secret sharing, allows the trust of a secret to be distributed among a group of people. For example, in a (k, n)-threshold scheme, information about a secret is distributed in such a way that any k out of the n people (k £ n) have enough information to determine the secret, but any set of k-1 people do not. In any secret sharing scheme, there are designated sets of people whose cumulative information suffices to determine the secret. In some implementations of secret sharing schemes, each participant receives the secret after it has been generated. In other implementations, the actual secret is never made visible to the participants, although the purpose for which they sought the secret (for example, access to a building or permission to execute a process) is allowed. See Question 2.1.9 for more information on secret sharing.
Electronic Commerce
Over the past few years there has been a growing amount of business conducted over the Internet - this form of business is called electronic commerce or e-commerce. E-commerce is comprised of online banking, online brokerage accounts, and Internet shopping, to name a few of the many applications. One can book plane tickets, make hotel reservations, rent a car, transfer money from one account to another, buy compact disks (CDs), clothes, books and so on all while sitting in front of a computer. However, simply entering a credit card number on the Internet leaves one open to fraud. One cryptographic solution to this problem is to encrypt the credit card number (or other private information) when it is entered online, another is to secure the entire session (see Question 5.1.2). When a computer encrypts this information and sends it out on the Internet, it is incomprehensible to a third party viewer. The web server ("Internet shopping center") receives the encrypted information, decrypts it, and proceeds with the sale without fear that the credit card number (or other personal information) slipped into the wrong hands. As more and more business is conducted over the Internet, the need for protection against fraud, theft, and corruption of vital information increases.
Certification
Another application of cryptography is certification; certification is a scheme by which trusted agents such as certifying authorities vouch for unknown agents, such as users. The trusted agents issue vouchers called certificates which each have some inherent meaning. Certification technology was developed to make identification and authentication possible on a large scale. See Question 4.1.3.10 for more information on certification.
Key Recovery
Key recovery is a technology that allows a key to be revealed under certain circumstances without the owner of the key revealing it. This is useful for two main reasons: first of all, if a user loses or accidentally deletes his or her key, key recovery could prevent a disaster. Secondly, if a law enforcement agency wishes to eavesdrop on a suspected criminal without the suspect's knowledge (akin to a wiretap), the agency must be able to recover the key. Key recovery techniques are in use in some instances; however, the use of key recovery as a law enforcement technique is somewhat controversial. See Question 7.12 for more on key recovery.
Remote Access
Secure remote access is another important application of cryptography. The basic system of passwords certainly gives a level of security for secure access, but it may not be enough in some cases. For instance, passwords can be eavesdropped, forgotten, stolen, or guessed. Many products supply cryptographic methods for remote access with a higher degree of security.
Other Applications
Cryptography is not confined to the world of computers. Cryptography is also used in cellular (mobile) phones as a means of authentication; that is, it can be used to verify that a particular phone has the right to bill to a particular phone number. This prevents people from stealing (``cloning'') cellular phone numbers and access codes. Another application is to protect phone calls from eavesdropping using voice encryption.



1.5 WHAT ARE CRYPTOGRAPHY STANDARDS?
Cryptography standards are needed to create interoperability in the information security world. Essentially they are conditions and protocols set forth to allow uniformity within communication, transactions and virtually all computer activity. The continual evolution of information technology motivates the development of more standards, which in turn helps guide this evolution.
The main motivation behind standards is to allow technology from different manufacturers to "speak the same language", that is, to interact effectively. Perhaps this is best seen in the familiar standard VHS for video cassette recorders (VCRs). A few years ago there were two competing standards in the VCR industry, VHS and BETA. A VHS tape could not be played in a BETA machine and vice versa; they were incompatible formats. Imagine the chaos if all VCR manufacturers had different formats. People could only rent movies that were available on the format compatible with their VCR. Standards are necessary to insure that products from different companies are compatible.
In cryptography, standardization serves an additional purpose; it can serve as a proving ground for cryptographic techniques because complex protocols are prone to design flaws. By establishing a well-examined standard, the industry can produce a more trustworthy product. Even a safe protocol is more trusted by customers after it becomes a standard, because of the ratification process involved.
The government, private industry, and other organizations contribute to the vast collection of standards on cryptography. A few of these are ISO, ANSI, IEEE, NIST, and IETF (see Section 5.3). There are many types of standards, some used within the banking industry, some internationally and others within the government. Standardization helps developers design new products. Instead of spending time developing a new standard, they can follow a pre-existing standard throughout the development process. With this process in place consumers have the chance to choose among competing products or services.


1.6 WHAT IS THE ROLE OF THE UNITED STATES GOVERNMENT IN CRYPTOGRAPHY?
The U.S. government plays many roles in cryptography, ranging from use to export control to standardization efforts to the development of new cryptosystems. Recently the government has taken an even bigger interest in cryptography due to its ever-increasing use outside of the military.
One obvious reason the U.S. government is interested in cryptography stems from the crucial role of secure communication during wartime. Because the enemy may have access to the communication medium, messages must be encrypted. With certain cryptosystems, the receiver can determine whether or not the message was tampered with during transmission, and whether the message really came from who claims to have sent it.
In the past, the government has not only used cryptography itself, but has cracked other country's codes as well. A notable example of this occurred in 1940 when a group of Navy cryptanalysts, led by William F. Friedman, succeeded in breaking the Japanese diplomatic cipher known as Purple.
In 1952, the U.S. government established The National Security Agency (NSA; see Question 6.2.2), whose job is to handle military and government data security as well as gather information about other countries' communications. Also established was The National Institute of Standards and Technology (NIST; see Question 6.2.1), which plays a major role in developing cryptography standards.
During the 1970's, IBM and the U.S. Department of Commerce - more precisely NIST (then known as NBS) - developed along with NSA the Data Encryption Standard (DES; see Section 3.2). This algorithm has been a standard since 1977, with reviews leading to renewals every few years. The general consensus is that DES is no longer strong enough for today's encryption needs. Therefore, NIST is currently working on a new standard, the Advanced Encryption Standard (AES; see Section 3.3), to replace DES. In the intermediate stage, triple-DES (see Question 3.2.6) is the encryption standard. It is expected that AES will remain a standard well into the 21st century.
Currently there are no restrictions on the use or strength of domestic encryption (encryption where the sender and recipient are in the U.S.). However, the government regulates the export of cryptography from the U.S. by setting restrictions (see Section 6.4) on how strong such encryption may be. Cryptographic exports are controlled under the Export Administration Regulations (EAR), and their treatment varies according to several factors including destinations, customers, and the strength and usage of the cryptography involved. In January 2000, the restrictions were significantly relaxed; today, any cryptographic product can be exported to non-governmental end-users outside embargoed destinations (states supporting terrorism) without a license.

1.7 WHY IS CRYPTOGRAPHY IMPORTANT?
Cryptography allows people to carry over the confidence found in the physical world to the electronic world, thus allowing people to do business electronically without worries of deceit and deception. Every day hundreds of thousands of people interact electronically, whether it is through e-mail, e-commerce (business conducted over the Internet), ATM machines, or cellular phones. The perpetual increase of information transmitted electronically has lead to an increased reliance on cryptography.
Cryptography on the Internet
The Internet, comprised of millions of interconnected computers, allows nearly instantaneous communication and transfer of information, around the world. People use e-mail to correspond with one another. The World Wide Web is used for online business, data distribution, marketing, research, learning, and a myriad of other activities.
Cryptography makes secure web sites (see Question 5.1.2) and electronic safe transmissions possible. For a web site to be secure all of the data transmitted between the computers where the data is kept and where it is received must be encrypted. This allows people to do online banking, online trading, and make online purchases with their credit cards, without worrying that any of their account information is being compromised. Cryptography is very important to the continued growth of the Internet and electronic commerce.
E-commerce (see Section 4.2) is increasing at a very rapid rate. By the turn of the century, commercial transactions on the Internet are expected to total hundreds of billions of dollars a year. This level of activity could not be supported without cryptographic security. It has been said that one is safer using a credit card over the Internet than within a store or restaurant. It requires much more work to seize credit card numbers over computer networks than it does to simply walk by a table in a restaurant and lay hold of a credit card receipt. These levels of security, though not yet widely used, give the means to strengthen the foundation with which e-commerce can grow.
People use e-mail to conduct personal and business matters on a daily basis. E-mail has no physical form and may exist electronically in more than one place at a time. This poses a potential problem as it increases the opportunity for an eavesdropper to get a hold of the transmission. Encryption protects e-mail by rendering it very difficult to read by any unintended party. Digital signatures can also be used to authenticate the origin and the content of an e-mail message.
Authentication
In some cases cryptography allows you to have more confidence in your electronic transactions than you do in real life transactions. For example, signing documents in real life still leaves one vulnerable to the following scenario. After signing your will, agreeing to what is put forth in the document, someone can change that document and your signature is still attached. In the electronic world this type of falsification is much more difficult because digital signatures (see Question 2.2.2) are built using the contents of the document being signed.
Access Control
Cryptography is also used to regulate access to satellite and cable TV. Cable TV is set up so people can watch only the channels they pay for. Since there is a direct line from the cable company to each individual subscriber's home, the Cable Company will only send those channels that are paid for. Many companies offer pay-per-view channels to their subscribers. Pay-per-view cable allows cable subscribers to "rent" a movie directly through the cable box. What the cable box does is decode the incoming movie, but not until the movie has been ``rented.'' If a person wants to watch a pay-per-view movie, he/she calls the cable company and requests it. In return, the Cable Company sends out a signal to the subscriber's cable box, which unscrambles (decrypts) the requested movie.
Satellite TV works slightly differently since the satellite TV companies do not have a direct connection to each individual subscriber's home. This means that anyone with a satellite dish can pick up the signals. To alleviate the problem of people getting free TV, they use cryptography. The trick is to allow only those who have paid for their service to unscramble the transmission; this is done with receivers (``unscramblers''). Each subscriber is given a receiver; the satellite transmits signals that can only be unscrambled by such a receiver (ideally). Pay-per-view works in essentially the same way as it does for regular cable TV.
As seen, cryptography is widely used. Not only is it used over the Internet, but also it is used in phones, televisions, and a variety of other common household items. Without cryptography, hackers could get into our e-mail, listen in on our phone conversations, tap into our cable companies and acquire free cable service, or break into our bank/brokerage accounts.