Glossary

AEAD

Authenticated Encryption with Associated Data

AEAD mode

Class of block cipher mode of operation that provides authenticated encryption, as well as authenticating some unencrypted associated data

AES

Advanced Encryption Standard

AKE

authenticated key exchange

ARX

add, rotate, XOR

asymmetric-key algorithm

See public-key algorithm

asymmetric-key encryption

See public-key encryption

BEAST

Browser Exploit Against SSL/TLS

block cipher

Symmetric encryption algorithm that encrypts and decrypts blocks of fixed size

Carter-Wegman MAC

Reusable message authentication code scheme built from a one-time MAC. Combines benefits of performance and ease of use

CBC

cipher block chaining

CBC mode

Cipher block chaining mode; common mode of operation where the previous ciphertext block is XORed with the plaintext block during encryption. Takes an initialization vector, which assumes the role of the “block before the first block”

CDN

content distribution network

cross-site request forgery

Kind of attack where a malicious website tricks the browser into making requests to another website. Can be prevented by properly authenticating requests instead of relying on ambient authority such as session cookies

CSPRNG

cryptographically secure pseudorandom number generator

CSRF

cross-site request forgery

CTR mode

Counter mode; a nonce combined with a counter produces a sequence of inputs to the block cipher; the resulting ciphertext blocks are the keystream

DES

Data Encryption Standard

ECB mode

Electronic code book mode; mode of operation where plaintext is separated into blocks that are encrypted separately under the same key. The default mode in many cryptographic libraries, despite many security issues

encryption oracle

An oracle that will encrypt some data

FIPS

Federal Information Processing Standards

GCM

Galois Counter Mode

GCM mode

Galois counter mode; AEAD mode combining CTR mode with a Carter-Wegman MAC

GMAC

message authentication code part of GCM mode used separately

HKDF

HMAC-based (Extract-and-Expand) Key Derivation Function

HMAC

Hash-based Message Authentication Code

HSTS

HTTP Strict Transport Security

initialization vector

Data used to initialize some algorithms such as CBC mode. Generally not required to be secret, but required to be unpredictable. Compare nonce, salt

IV

initialization vector

KDF

key derivation function

key agreement

See key exchange

key exchange

The process of exchanging keys across an insecure medium using a particular cryptographic protocol. Typically designed to be secure against eavesdroppers. Also known as key agreement

keyspace

The set of all possible keys

MAC

message authentication code

message authentication code

Small piece of information used to verify authenticity and integrity of a message. Often called a tag

MITM

man-in-the-middle

mode of operation
modes of operation

Generic construction that encrypts and decrypts streams, built from a block cipher

nonce

Number used once. Used in many cryptographic protocols. Generally does not have to be secret or unpredictable, but does have to be unique. Compare initialization vector, salt

OCB

offset codebook

OCB mode

Offset codebook mode; high-performance AEAD mode, unfortunately encumbered by patents

one-time MAC

message authentication code that can only be used securely for a single message. Main benefit is increased performance over re-usable MAC

oracle

A “black box” that will perform some computation for you

OTR

off-the-record

OTR messaging

Off-the-record messaging, messaging protocol that intends to mimic the properties of a real-live private conversation. Piggy-backs onto existing instant messaging protocols

PRF

pseudorandom function

PRNG

pseudorandom number generator

PRP

pseudorandom permutation

public-key algorithm

Algorithm that uses a pair of two related but distinct keys. Also known as asymmetric-key algorithm. Examples include public-key encryption and most key exchange protocols

public-key encryption

Encryption using a pair of distinct keys for encryption and decryption. Also known as asymmetric-key encryption. Contrast with secret-key encryption

RSA

Rivest Shamir Adleman

salt

Random data that is added to a cryptographic primitive (usually a one-way function such as a cryptographic hash function or a key derivation function) Customizes such functions to produce different outputs (provided the salt is different). Can be used to prevent e.g. dictionary attacks. Typically does not have to be secret, but secrecy may improve security properties of the system. Compare nonce, initialization vector

secret-key encryption

Encryption that uses the same key for both encryption and decryption. Also known as symmetric-key encryption. Contrast with public-key encryption

SMP

socialist millionaire protocol

stream cipher

Symmetric encryption algorithm that encrypts streams of arbitrary size

substitution-permutation network

Generic design for block ciphers where the block is enciphered by repeated substitutions and permutations

symmetric-key encryption

See secret-key encryption