Glossary

Elliptic captures and describes a collection of terms commonly used in the security and cryptography field.

Many customers find security to be a fascinating and complex world. Elliptic hopes to simplify and clarify options for customers through helpful links on the site and this collection of terms commonly used in security.

AES
The Advanced Encryption Standard is a security standard which is recommended for all new designs by the National Institute of Science and Technology (NIST). It has many different variants including CBC, CCM and GCM.
________________________________________
ANSI
American National Standards Institute.
________________________________________
API
Application Programming Interface.
________________________________________
attack
An attempt at breaking part or all of a cryptosystem. Examples include algebraic attack, birthday attack, brute force attack, chosen ciphertext attack, chosen plaintext attack, differential cryptanalysis, known plaintext attack, linear cryptanalysis, middleperson attack.
________________________________________
authentication
The action of verifying information such as identity, ownership or authorization.
________________________________________
block
A sequence of bits of fixed length; longer sequences of bits can be broken down into blocks.
________________________________________
block cipher
A symmetric cipher which encrypts a message by breaking it down into blocks and encrypting each block.
________________________________________
CBC
Cipher block chaining. AES-CBC and 3DES-CBC are the most common ciphers used in IPsec.
________________________________________
CPRM/CPPM
Content Protection for Recordable Media and Content Protection for Pre-Recorded Media are mechanisms for controlling the copying, moving and deletion of digital media on a host device, such as a personal computer, or other digital player. It is a form DRM developed by the 4C Entity, LLC (IBM, Intel, Matsushita and Toshiba). The use of the CPRM specification and access to the IP and cryptographic details required to implement it requires a license from 4C Entity, LLC.
________________________________________
CSS
Content Scramble System (CSS) is an encryption system used on most DVDs. It uses a weak, proprietary 40-bit encryption stream cipher algorithm. The CSS key sets are licensed to manufacturers who incorporate them into products such as DVD drives, DVD players and DVD movie releases.
________________________________________
certificate or cert
An electronic document binding some pieces of information together, such as a user's identity and public-key. Certifying Authorities (CA's) provide certificates.
________________________________________
certificate revocation list
A list of certificates that have been revoked before their expiration date.
________________________________________
Certifying Authority (CA)
A person or organization that creates certificates.
________________________________________
cipher
An encryption-decryption algorithm.
________________________________________
cryptography
The art and science of using mathematics to secure information and create a high degree of trust in electronic design.
________________________________________
Data Encryption Standard or DES
Data Encryption Standard, a block cipher developed by IBM and the U.S. government in the 1970's as an official standard.
________________________________________
dictionary attack
A brute force attack that tries passwords and or keys from a precompiled list of values.
________________________________________
Diffie-Hellman key exchange
A key exchange protocol allowing the participants to agree on a key over an insecure channel.
________________________________________
digest
Commonly used to refer to the output of a hash function, e.g. message digest refers to the hash of a message.
________________________________________
digital signature
The encryption of a message digest with a private key.
________________________________________
discrete logarithm problem
The problem of finding r such that gr = d, where d and g are elements in a given group. For some groups, the discrete logarithm problem is a hard problem used in public-key cryptography.
________________________________________
DRM Digital Rights Management
Security designs aimed at preserving the integrity of content such as music and films when such content is distributed over digital media such at Firewire, USB and IP networks.
________________________________________
DSA
Digital Signature Algorithm. DSA is a public-key method based on the discrete logarithm problem.
________________________________________
DTCP
Digital Transmission Content Protection. A DRM design created by Hitachi, Intel, Matsushita, Sony, and Toshiba.
________________________________________
ECC
Elliptic Curve Cryptography; A public-key cryptosystem based on the properties of elliptic curves.
________________________________________
elliptic curve
The set of points (x, y) satisfying an equation of the form
y2 = x3 + ax + b
for variables x, y and constants a, b Î F, where F is a field. The National Security Agency has recommended curves and fields for use in public key cryptography to replace the RSA algorithm.
________________________________________
elliptic curve discrete logarithm (ECDL) problem
The problem of finding m such that m•P = Q, where P and Q are two points on an elliptic curve.
________________________________________
encryption
The transformation of plaintext into an apparently less readable form (called ciphertext) through a mathematical process. The ciphertext may be read by anyone who has the key that decrypts (undoes the encryption) the ciphertext.
________________________________________
export licensing
Encryption, in any form which leaves its country of origin requires a license from the government as encryption is dual-use technology, i.e. technology which can be used for either commercial or military purposes.
In the U.S., export licensing of cryptography is governed by the Bureau of Industry and Security (BIS) and their web site can be found at www.bis.gov. This link will take you right to the page that explains the export licensing laws relating to cryptography. It is important to distinguish between the export licensing laws as they apply to Elliptic versus those that apply to the final product. Elliptic licenses cryptography technology in the form of semiconductor IP or software. Elliptic customers transform the IP into an end product which is the form that the export license considerations are applied to in the licensing process. In many cases, the final product such as an integrated circuit or final product may or may not require a license depending on how the cryptography is used. The only way to find out is to apply for an export permit through BIS and they are by law required to provide responses to requests in a 30 day period.
In the United Kingdom, the export of products containing cryptography is governed by the Department for Business Enterprise and Regulatory Reform. The web page dealing with export controls of products containing cryptography can be found through the following link www.berr.gov.uk.
________________________________________
FIPS
Federal Information Processing Standards
________________________________________
Forward Lock
A DRM method which locks content to a specific device or user preventing content from being further distributed
________________________________________
function
A mathematical relationship between two values. For example, f defined on the set of real numbers as f(x) = x3 is a function with input any real number x and with output the cube of x.
________________________________________
GCM
Galois Counter Mode is a block cipher mode of operation that uses universal hashing over a binary Galois field to provide authenticated encryption.
________________________________________
Galois field
A field with a finite number of elements. The size of a finite field must be a power of a prime number.
________________________________________
group
A mathematical structure consisting of a finite or infinite set together with a binary operation called group multiplication satisfying certain axioms.
________________________________________
HDCP
High-Bandwidth Digital Content Protection (HDCP) is a form of DRM developed by the Intel Corporation to control digital audio and video content as it travels across Digital Visual Interface (DVI) or High Definition Multimedia Interface (HDMI) connections. The HDCP specification is proprietary and an implementation of HDCP requires a license from Digital Content Protection, LLC, a subsidiary of Intel.
________________________________________
hash-based MAC
A message authentication counter that uses a hash function to reduce the size of the data it processes.
________________________________________
hash function
A function that takes a variable sized input and derives a fixed size output based upon an algorithm such as SHA-1 or MD5.
________________________________________
IEEE
Institute of Electrical and Electronics Engineers, a body that creates standards that frequently includes security. 802.16 or WiMAX is an example of a wireless standard created and ratified by the IEEE.
________________________________________
IETF
Internet Engineering Task Force. A body that creates standards for us in the Internet. RFC 4301 for example is the IETF standard that specifies the security design for the Internet - IPsec.
________________________________________
identification
A process through which one ascertains the identity of another person or entity.
________________________________________
ITU-T
International Telecommunications Union - Telecommunications standardization sector.
________________________________________
key
A string of bits used widely in cryptography, allowing people to encrypt and decrypt data; a key can be used to perform other mathematical operations as well. Given a cipher, a key determines the mapping of the plaintext to the ciphertext.
________________________________________
key agreement
A process used by two or more parties to agree upon a secret symmetric key.
________________________________________
key exchange
A process used by two more parties to exchange keys in cryptosystems.
________________________________________
key expansion
A process that creates a larger key from the original key.
________________________________________
key generation
The act of creating a key.
________________________________________
key management
The various processes that deal with the creation, distribution, authentication, and storage of keys.
________________________________________
key pair
The full key information in a public-key cryptosystem, consisting of the public key and private key.
________________________________________
key recovery
A special feature of a key management scheme that allows messages to be decrypted even if the original key is lost.
________________________________________
key space
The collection of all possible keys for a given cryptosystem.
________________________________________
linear cryptanalysis
A known plaintext attack that uses linear approximations to describe the behavior of the block cipher.
________________________________________
LFSR
linear feedback shift register. Used in many hardware implementation of security algorithms because of its ability to cost effectively implement mathematical functions.
________________________________________
LRW
The IEEE considering the LRW-AES cipher for storage security. Unfortunately, several security holes were found in the cipher and it dropped from the standard in favor of XTS-AES.
________________________________________
MAC or Message Authentication Code
A MAC is a function that takes a variable length input and a key to produce a fixed-length output.
________________________________________
message digest
The result of applying a hash function to a message.
________________________________________
MIPS
Millions of Instructions Per Second, a measurement of computing speed.
________________________________________
modular arithmetic
A form of arithmetic where integers are considered equal if they leave the same remainder when divided by the modulus.
________________________________________
NIST
National Institute of Standards and Technology, a United States agency that produces security and cryptography related standards which are then published as FIPS documents.
________________________________________
non-repudiation
A property of a cryptosystem. Non-repudiation cryptosystems are those in which the users cannot deny actions they performed.
________________________________________
NSA
National Security Agency. A security-conscious U. S. government agency whose mission is to decipher and monitor foreign communications.
________________________________________
PKI
Public-key Infrastructure. PKIs are designed to solve the key management problem.
________________________________________
padding
Extra bits concatenated with a key, password, or plaintext.
________________________________________
PKCS
Public-key cryptography Standards. A series of cryptographic standards dealing with public-key issues, published by RSA Laboratories.
________________________________________
plaintext
The data to be encrypted.
________________________________________
prime factor
A prime number that is a factor of another number is called a prime factor of that number.
________________________________________
prime number
Any integer greater than 1 that is divisible only by 1 and itself. The first twelve primes are 2,3,5,7,11,13,17,19,23,29,31, and 37.
________________________________________
private key
In public-key cryptography, this key is the secret key. It is primarily used for decryption but is also used for encryption with digital signatures.
________________________________________
protocol
A series of steps that two or more parties agree upon to complete a task.
________________________________________
provably secure
A property of a digital signature scheme stating that it is provably secure if its security can be tied closely to that of the cryptosystem involved.
________________________________________
pseudo-random number
A number extracted from a pseudo-random sequence.
________________________________________
public exponent
The public key in the RSA public-key cryptosystem.
________________________________________
public key
In public-key cryptography this key is made public to all, it is primarily used for encryption but can be used for verifying signatures.
________________________________________
public-key cryptography
Cryptography based on methods involving a public key and a private key.
________________________________________
RSA algorithm
A public-key cryptosystem based on the factoring problem. RSA stands for Rivest, Shamir and Adleman, the developers of the RSA public-key cryptosystem and the founders of RSA Data Security (now RSA Security).
________________________________________
random number
As opposed to a pseudo-random number, a truly random number is a number produced independently of its generating criteria. For cryptographic purposes, numbers based on physical measurements, such as a Geiger counter, are considered random.
________________________________________
rounds
The number of times a function, called a round function, is applied to a block in a Feistel cipher.
________________________________________
SSL
Secure Socket Layer. An application layer protocol used for secure Internet communications.
________________________________________
secret key
In secret-key cryptography, this is the key used both for encryption and decryption.
________________________________________
secure channel
A communication medium safe from the threat of eavesdroppers.
________________________________________
seed
A typically random bit sequence used to generate another, usually longer pseudo-random bit sequence.
________________________________________
session key
A key for symmetric-key cryptosystems which is used for the duration of one message or communication session.
________________________________________
stream cipher
A secret-key encryption algorithm that operates on a bit at a time. This is compared to a block cipher which operates on multiple bits (the block) at a time.
________________________________________
symmetric cipher
An encryption algorithm that uses the same key is used for encryption as decryption.
________________________________________
Superdistribution
A DRM method which allows individuals to transfer content they have acquired to other users (ie friends and family) who in turn retrieve their rights to play content from the appropriate license provider.
________________________________________
tamper resistant
In cryptographic terms, this usually refers to a hardware device that is either impossible or extremely difficult to reverse engineer or extract information from.
________________________________________
tamper reaction
A hardware device which has mechanical devices and electronic circuitry to respond to an attempt to compromise the device. The reaction usually includes the immediate erasure of private information such as keys or constants used in the security design.
________________________________________
verification
The act of recognizing that a person or entity is who or what it claims to be.
________________________________________
weak key
A key giving a poor security implementation, or causing regularities in encryption which can be used by cryptanalysts to break codes.
________________________________________
XOR
A binary bitwise operator yielding the result one if the two values are different and zero otherwise. XOR is an abbreviation for exclusive-OR.
________________________________________
XTS-AES
The IEEE P1619 Standard for Cryptographic Protection of Data on Block-Oriented Storage Devices mandates the use of XTS-AES cipher for disk security. XTS-AES is a narrow-block tweakable cipher and has the unique characteristic that the ciphertext is the same size of the plaintext making it ideal for storage applications.

Featured Products

Elliptic tvault TM PLUS PNG web

tVault™ PLUS provides robust end-to-end security by protecting content from distribution centers to smart devices and multiple displays, thus meeting the stringent demands of Hollywood studios. Secrets and content are protected in the Trusted Execution Environment (TEE) during all stages of DRM playback and link protection for transmission to other devices.

tVault PLUS supports multiple DRM and link protection standards including Microsoft® PlayReady®, HDCP 2.2 for Miracast, HDMI and Display Port, and DTCP-IP for DLNA applications. The solution is Global Platform compliant and provides an efficient small-footprint solution, enabling full-featured protection of High Definition (HD) or Ultra HD content on mobile and connected devices. tVault PLUS scales easily to incorporate additional content protection standards while minimizing use of limited TEE resources, offering flexibility, better performance and value while minimizing development costs, risks and time-to-market.

Find out more about Ellipitic's tVault product line »

 

S5 Box