Cryptology is an engineering discipline, informed by telecommunications engineering practice, the communications theory aspects of information theory (see Shannon and Weaver, Mathematical Theory of Communication, University of Illinois Press, (about 1949), and Shannon's articles (in 1949?) in the Bell System Technical Journal on communications secrecy, and by the theory of computational complexity. The term cryptology is derived from the Greek kryptós, "hidden," and lógos, "word."
The field has two parts: cryptography and cryptanalysis, and combines pragmatic methods with mathematically rigorous methods to create a field which combines part engineering, part science and part craft. Implementations of cryptographic ideas are called cryptosystems.
Cryptology is concerned with communications in secure, and often secret, form. Cryptology is often taken as a synonym for cryptography and occasionally for cryptanalysis as well, but specialists in the field have for years adopted the convention that cryptology is the more inclusive term, encompassing both cryptography and cryptanalysis. The word is sometimes ascribed to William Friedman of the US Army's Signal Intelligence Service in the '30s.
However, some writers prefer to use cryptography as the overall term.
Table of contents |
2 Cryptology in practice 3 See also 4 Recommended Reading 5 External links |
Cryptography cannot be regarded as a science, in that security "proofs" are typically dependent on sets of far-reaching assumptions, which are often invalidated by unexpected cryptanalytic or other attacks.
Except in the sense that some proposed algorithm or protocol may be shown to be insecure under current conditions (eg, the cryptanalytic tools, computational capability, funding and staff, ... available to an attacker), there is also generally no opportunity to perform experimental tests of hypotheses about cryptopgraphic assertions.
Questions of practicality and cost-effectiveness predominate in actual practice, and experimental testing is wholly conditioned on tester resources. Most practices in modern cryptography rely on assumptions that certain algorithms are in some sense "hard", together with the failure of cryptanalytic attacks against these algorithms or simplified versions. None of these guarantee the security of the system, as the German armed forces discovered to their cost when using the Enigma cipher.
Although in recent years research has concentrated on mathematical cryptography, early cryptographyic techniques made great use of techniques such as steganography. More recent developments may mark the start of moves to use new physical methods such as quantum cryptography.
However, cryptanalysis can be regarded as scientific, because it is amenable to hypothesis testing and falsifiability. Disproofs of security can be made mathematically rigorous, and experiments can be made, both against hypothetical ciphers and practical deployments in the field.
Note that cryptology/cryptography encompasses much more than mere secrecy. Cryptographic security may result (when, and only when, well chosen algorithms and protocols are properly used); these intentions may include authentication of the participants to each other (with or without secrecy), integrity checks of messages sent (also with or without secrecy), and of course secrecy of the message sent against the non-intended. In most instances, secrecy obtains when legitimate users, the 'sender' and the 'receiver', are able to transform information into a ciphertext by use of an encryption algorithm (in all modern cases controlled at each invocation by one of many possible cryptographic keys) -- i.e., a piece of information which customizes the operation of the encryption algorithm. For a large class of such algorithms, the key is known to both users and must not be known by any other. Although the cipher should be inscrutable and unforgeable to anyone without this secret key (and good ones correctly used will be), the authorized receiver can either decrypt the cipher to recover the hidden information or verify that it was sent in all likelihood by someone possessing the key.
Much is frequently confused, and misused, in discussions of cryptography. Readers are warned that there is much irresponsible and poorly informed, but authoritatively stated, information available on the subject. Terms often confused, with unfortunate consequences on understanding, are code and cipher. Even experts occasionally employ these terms as though they were synonymous.
"Crypto" is a common abbreviation for cryptology.