(Note: The following write-up was provided to a group of people who

wanted to present some "traditional" knowledge in the hope that it

would be useful for modern encryption techniques.)

The purpose of encryption is that information be communicated from

one person to another without a third party being able to extract or

modify the transmission. Moreover, this transmission should be almost

as efficient as un-encrypted transmission.

The method of encryption chosen should be sufficiently flexible that

a re-design of the entire mechanism not be required each time

security is breached or alliances changed. Moreover, encryption of

messages may also be desired in multi-person interactions (such as

banks or financial transactions) where employing different methods

with each party would be impractical.

It is with the above considerations in mind that the existing paradigm,

which is broadly summarised below, has been arrived at.

Encryption is carried out using an algorithm that is well-known. There are

two parameters to the algorithm---the message itself and a key. (Usually

the algorithms are run on a digital computer). Decryption is also

carried out by an algorithm; this one takes the transmission and a key

as input and produces a message on its output. The broad division of

encryption and decryption is into the symmetric (both use the same key)

and asymmetric (they use different keys) types. In both cases any person

who has the encrypting key can generate transmissions and one who has

the decrypting key can convert the transmissions into messages.

The use of symmetric encryption alone is considered inherently weaker for

the following reasons. In the case of a security breach some method for

exchange of new keys must be found. In a multi-person situation each pair

of communicating individuals must exchange keys in a secure manner.

On the positive side, known methods of symmetric encryption are quite

quick as compared with the known methods of asymmetric encryption.

Asymmetric encryption is used in multi-person situations along with a

method known as public-key encryption. In this method the encrypting key

is made public and the decrypting key is kept private. Authentication is

achieved through the encrypter additionally "signing" the message using

the encrypter's decryption key. This can be done because the encryption

and decryption algorithms are the same.

However, all known methods of public-key encryption involve large numbers

(of the order of 300 or more digits) and are too slow for rapid exchange

of messages. Thus, public-key encryption is usually used as a base to

exchange keys for a symmetric key method. The latter method is employed

for a duration (which is too short for successful cryptanalysis) after

which a new exchange of keys takes place.

Common traps that need to be avoided in proposed methods of

encryption:

1. Security through obscurity. The security of the algorithm should

not depend on the algorithm being known only to the relevant parties

as the number of parties with access to the algorithm increases

exponentially with the importance of the activity.

2. Security through complexity. A complex method is not necessarily

secure. A simple method that is provably secure is always to be

preferred over one that is complex but not decidably secure or

insecure.

3. Security through intricacy. A method that involves a lot of

calculations to implement a symmetric encryption method is not of much

use since such methods have to be fast in order to be used within the

existing paradigm.

It is, in principle, possible to work outside the above paradigm if what

is proposed has sufficient promise. However, such a method will need

a lot of testing before it can be accepted for use. Even public-key

methods became commonly accepted almost thirty years after their

initial discovery. Moreover, there are a lot of efforts on to enhance

and improve the strength and usability of public-key systems. These

cannot be abandoned until an alternative paradigm is fully tested.

Finally, encryption is important enough that no considerations other

than mathematical analysis be used to determine the usefulness of the

methods employed. Thus, the question of origin, historical, oracular

or other authority, is of no interest in determining the validity of

the claims.