Talk:Cryptography

	Cryptography is a former featured article. Please see the links under Article milestones below for its original nomination page (for older articles, check the nomination archive) and why it was removed.
	This article appeared on Wikipedia's Main Page as Today's featured article on July 22, 2006.
Article milestones Date Process Result July 21, 2005 Featured article candidate Not promoted July 2, 2006 Featured article candidate Promoted May 26, 2011 Featured article review Demoted Current Status: Former featured article

This article is of interest to the following WikiProjects:

WikiProject Mathematics (Rated B+ class, Top-importance) Mathematics portal This article is within the scope of WikiProject Mathematics, a collaborative effort to improve the coverage of Mathematics on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Mathematics rating: A-BB+ Class Top Importance  Field: Applied mathematics A vital article. One of the 500 most frequently viewed mathematics articles. A selected article on the Mathematics Portal. WikiProject Computer science (Rated B-class, Top-importance) Computer scienceWikipedia:WikiProject Computer scienceTemplate:WikiProject Computer scienceComputer science articles Computer science portal v t e This article is within the scope of WikiProject Computer science, a collaborative effort to improve the coverage of Computer science related articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.  B  This article has been rated as B-Class on the project's quality scale.  Top  This article has been rated as Top-importance on the project's importance scale. Things you can help WikiProject Computer science with: edit history watch purge Tag all relevant articles in Category:Computer science and sub-categories with {{WikiProject Computer science}} Find pictures for the biographies of computer scientists (see Academic genealogy of computer scientists). Work on Wikipedia:Missing science topics/NIST Dictionary of Algorithms and Data Structures WikiProject Cryptography / Computer science  (Rated B-class, Top-importance) CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Cryptography portal v t e This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.  B  This article has been rated as B-Class on the quality scale.  Top  This article has been rated as Top-importance on the importance scale. This article is supported by WikiProject Computer science (marked as Top-importance). Wikipedia Version 1.0 Editorial Team / v0.5 / Vital Wikipedia 1.0Wikipedia:Version 1.0 Editorial TeamTemplate:WP1.0Wikipedia 1.0 articles v t e This article has been reviewed by the Version 1.0 Editorial Team. This article has been selected for Version 0.5 and subsequent release versions of Wikipedia.    B  This article has been rated as B-Class on the quality scale. This article is a vital article. WikiProject Citizendium Porting (Last updated: Never) Citizendium PortingWikipedia:WikiProject Citizendium PortingTemplate:WikiProject Citizendium PortingCitizendium Porting articles v t e This article is within the scope of WikiProject Citizendium Porting, a collaborative effort to improve Wikipedia articles by working in any useful content from their Citizendium counterparts. If you would like to participate, you can visit the project page, where you can join the project and see a list of open tasks.   This article is out of date with its Citizendium counterpart and needs to be updated. Current with its Citizendium counterpart article as of: Never

It is intended that this article be included in WikiReader Cryptography, a WikiReader on the topic of cryptography. Help and comments for improving this article would be especially welcome. A tool for coordinating the editing and review of these articles is the daily article box.

edit · history · watch · refresh  To-do list for Cryptography:
Give an overview of cryptography standards: at least, what they are and some important examples. Wikilink to a few of the most popular protocols, e.g., Secure Sockets Layer in the "Cryptographic protocols" section.
Priority 1 (top)

Archives
/Archive 1 — Feb–May 2004 /Archive 2 — Aug '04 – Mar '06 /Archive 3 — Mar – Jun 2006 /Archive 4 — Jun – Dec 2006 /Archive 5 — 2007 –
Threads older than 90 days may be archived by MiszaBot I.

[edit] Possible FAR

Concerns regarding this article's status as a featured article have been raised here. Because no prior talk page notification was made, this review has been placed on hold. However, if no response is seen or no work has been done in the next week or so, the review will go ahead. Please place any discussion here on the article talk page, rather than the FAR page, due to the holding of the review. Thank you, Dana boomer (talk) 17:32, 27 January 2011 (UTC)

I noted the temporary FAR notification. Personally, I'm not happy with seeing this up for FAR as it is generally a pretty nice article and very suitable for informing the casual reader about cryptography. I would hope for the nominator to intend working on the article or otherwise I consider the FAR nomination to be rather irresponsible. Regarding the article, it is true that there a number of minor holes and glitches that could be fixed, throughout the text. Concerning citations, I noted that a lot of the historical stuff is from Kahn's book, so the situation is not that bad. If it comes up for FAR again I will try to work on the article as requested though I can't promise due to time constraints. Cheers and all that, Nageh (talk) 18:43, 27 January 2011 (UTC)

The article requires inline references, the lead needs a rewrite, and the sections require cleanup. In its present state, I intend to take the article to FAR in two weeks time...though I will do my part and clean/source the article when I have time.Smallman12q (talk) 16:31, 29 January 2011 (UTC)

[edit] Proposed rewrite of Lead

I am proposing to rewrite the lead of this article essentially in the form below. I am aware that this needs polishing and more citations/references but am putting this forward as a strawman as there appears to have been little or no response to the FAR. Any and all comments would be welcome.

Obviously this implies collateral modifications to the article. Without wishing to significanly disrupt an article that has achieved FA status massively I am inclined to the view that some of the ancient history belongs in history of crpytopgraphy rather than here.

Cryptography (or cryptology; from Greek κρυπτός, kryptos, "hidden, secret"; and γράφειν, gráphin, "writing", or -λογία, -logia, "study", respectively)^[1] refers to the study and use of algorithms to provide informationsecurity.

Cryptographic technology can deliver a range of functionality: confidentiality (encryption) rendering information unintelligible to all but the sender and intended recipients; data integrity a level of assurance that a information has not been altered in transit or storage; authentication assurance to the recipient of information that it originated from a person or organisation; and non-repudiation rendering it difficult for a sender to claim that information was/could have been sent by anybody but the sender.

While modern cryptographic algorithms are largely the product of a specialised branch of mathematics, these algorithms are in general implemented by programmers and engineers.

Familiar applications of cryptography include wireless network security, ATM cards, computer passwords, and electronic commerce.

Prior to the advent of the digital computer, cryptography was almost synonymous with encryption, the conversion of information from a readable state to apparent nonsense. Public key cryptography, which only came to public attention in 1976 and cryptographic hash functions essentially enabled widespread use of cryptography by parties who had not previously communicated and enabled the provision of data integrity, authentication and non-repudiation verifiable by the world at large.

Modern cryptography generally adopts a rigorous design approach, designs cryptographic algorithms around computational hardness assumptions, and (outside of government algorithms) puts new proposed algorithms through a long and public peer review process. This tends to produce algorithms that, while hard to break, are not unbreakable in theory but it is the level of effort to do so renders this generally infeasible. These schemes are therefore computationally secure. There exist information-theoretically secure schemes that provably cannot be broken--an example is the one-time pad--but these schemes are more difficult to implement than the theoretically breakable but computationally secure mechanisms.

This proposed lead suffers from many problems. Text is meant to be presented in paragraphs rather than bullet points whenever possible (see Wikipedia:Manual_of_Style#Bulleted_and_numbered_lists) and I suspect breaking the text into fragments like that won't go down well at the FAR either. If you want to make substantial changes to the article it's best to do that first rather than changing the lead first, as the lead is mean to summarise the article (WP:LEAD) and it's more difficult to summarise content that hasn't been written. We could certainly do with a proper section on authentication though. Hut 8.5 13:18, 30 April 2011 (UTC)

Many thanks for the comments, I have sought to address the stylistic issues raised above but I fully acknowledge that it is simply a strawman at this point. I will draft a section on authentication in the meantime.FrankFlanagan (talk) 16:14, 30 April 2011 (UTC)

I have started to develop an authentication section as a userspace page User:FrankFlanagan/Authentication. This is fairly rough and incomplete at present. I am including a link both to demonstrate that some work is being done and as an invitation to anybody who would care to contribute. I am not sensitive about text so feel free to amend in-place or make comments.FrankFlanagan (talk) 09:19, 2 May 2011 (UTC)

Sorry for the delay, Frank, and thanks for your efforts. This is gonna be a somewhat quick review, still short of time. Before starting, let me restate Hut 8.5's comment that it is best to use the lead section only for summarizing the article body. Anyway, here it goes.

The proposed text has multiple issues. To start with, cryptography deals with aspects of information security but it would probably be much more accurate to say that it deals with issues in communications security (as one aspect of information security). However, modern cryptography addresses not only issues in communications/information security but also issues beyond (think of pseudo-random number generation). We could state it like that. Or we could go with one of the more modern and generalizing attempts of definition. Rivest described it somewhat along the line of "Cryptography is concerned with constructing and analyzing protocols which overcome the influence of adversaries." (need to find the sources)

Concerning cryptographic techniques, confidentiality and authentication (plus data integrity) are certainly the most important (I consider non-repudiation strictly less important). However, we should really be more encompassing. For example, "Modern cryptography addresses a vast array of issues in communications security and beyond, including secrecy, data integrity and authentication, entity authentication, authorization, certification, anonymity, secret sharing, zero-knowledge proofs, and efficient key distribution and key revocation techniques, just to name a few."

Concerning your last two paragraphs I would start with rehashing classic cryptographic concepts, like substitution and transposition ciphers, polyalphabetics, auto-key systems, codes (nomenclatures) vs. cryptosystems, use of statistical frequency analysis, the transition into the electronic age and refined mechanics, Shannon's first mathematical treatment of encryption, his proof for the one-time pad, start of the era where cryptosystems are not designed to be "unbreakable" but to be infeasible to be broken by any practical attacker, later formalized by Goldwasser and Micali, in this regard Shannon's concept of product ciphers, then following the advent of computers and an increasing number of electronic transactions the need for a secure encryption standard which led to DES, later replaced via the AES contest. Next, I would discuss the advent of public-key cryptography, which led to the invention of digital signatures and certificate-based PKI, which again allowed for important widespread practical applications such as electronic commerce over the public Internet. Next, I would summarize authentication issues in a paragraph. Then, I would summarize "modern" developments such as proof-based cryptographic systems, the connection to complexity theory, the importance of one-way functions, etc. Last, I would summarize specific applications for cryptography.

Of course, as I stated myself we can only base the lead section on the article body. Which means that there is a lot to do in writing and rewriting. I will continue with the Authentication draft on your discussion page. Nageh (talk) 20:21, 22 May 2011 (UTC)

[edit] Request for comments - draft of authentication section

I have now done a first draft of an authentication section. I intended to insert it into this article but it has perhaps grown a little too much. Some feedback/copy editing would be very welcome as I probably do not feel comfortable dropping a whole new section into a featured article in the absence of some concensus. Draft is User:FrankFlanagan/Authentication. Many thanks.FrankFlanagan (talk) 11:54, 7 May 2011 (UTC)

The proposed draft is pretty weak. Articles on cryptography should be based on published papers and well established standards and processes. This is not the case with this proposal and in fact is describes authentication methods that are known to be flawed. In particular, the first diagram describing a simple hash based authentication by encrypting the string message||hash(message) is generally not a good idea. Assume for example that CTR mode is used for the encryption and that the attacker can guess the message. Then the attacker can learn the key stream used for the encryption and substitute the ciphertext with any message chosen by the attacker. The attack is simplest when using CTR mode, but is also flawed with other encryption modes. The description of digital signatures is also not state of the art. None of the digital signature schemes I know of follows the "encrypt the hash of the message with the private key" paradigm. DSA is not even close to an encryption scheme. Using RSA encryption to generate signatures is not necessarily secure, because RSA encryption uses a padding suitable for encryption and RSA signatures use paddings suitable for signatures. Using one for the other has difficult to analyze consequences and thus must be avoided. 62.203.98.127 (talk) 13:27, 7 May 2011 (UTC)

I'm probably not the best person to review this (I've never written any featured content myself) but there are a few points:

• Needs some more references. Some paragraphs don't have any at all.
• The manual of style discourages using bold text to emphasise things (WP:MOSBOLD), italics are preferred.
• I've fixed some typos and capitalisation errors (I don't think any cryptographic systems rely on a "pubic piece of shared data"!)

Hut 8.5 13:36, 7 May 2011 (UTC)

Many thanks to both of you for providing very useful feedback. On reflection, in light of the fact that this is intended to fit into an overview article I did perhaps let the balance tilt too much towards simplicity. I have kept, but caveated the first diagram, tidied up the public key material, while attempting to avoid getting into ASN1 and, I think, referenced the material fairly extensively. If anybody feels like taking a further look it would be much appreciated. If it looks like the draft section will not make the standard I am tempted to move it to the main space as a separate article.FrankFlanagan (talk) 22:12, 8 May 2011 (UTC)

Prior notification: I will review both your proposals soon, probably within the next few days. Watch out :) Nageh (talk) 20:50, 10 May 2011 (UTC)

[edit] Earliest use of the word Cryptography or cognate forms

As there was a recent edit putting forward a purported earliest known use of the word cryptography, and despite the fact that it may be of more relevance in a dictionary than an encyclopedia, the earliest reference of which I am aware, albeit actually to a cognate form thereof, as cited in the OED is
1641 Wilkins Mercury ii. (1707) 8 "There are also different Ways of Secresy. 1. Cryptologia. 2. Cryptographia. 3. Semæologia." 
Any earlier confirmed usage would be welcome. FrankFlanagan (talk) 07:06, 26 May 2011 (UTC)

[edit] Cryptology

The article is misleading to the reader in that it confuses cryptography with cryptology (and in fact it suggests that cryptoanalysis is a part of cryptography). I know it's been already discussed zillion times before through the wikipedia history, and different editors have various ideas, possibly there are even some differences in the popular American vs British usage but still it stays confusing. Can we make the distinction clear, based on strong linguistic sources rather than individual editors' opinions ? Similar confusion is common in other languages, still most other wikis have this already properly handled. --Lysy^talk 19:00, 24 September 2011 (UTC)

Hence the expression "cryptographic attack" would be an oxymoron. But a quick search on Google scholar shows that the expression can be found in over 500 papers. This clearly indicates that even the experts do not always distinguish between the terms cryptography and cryptology. Wikipedia should merely state how a term is used and not try to correct rsp. redefine it. At the moment the article seems to achieve this reasonably well. 83.79.135.102 (talk) 20:25, 24 September 2011 (UTC)

[edit] Classical method may outperform quantum cryptography

I recently stumbled across this and it may prove to be necessary to add information regarding this subject in the future, however at present I am not sure if there is enough information to comment on it in any article yet. http://arxiv.org/abs/1206.2534 70.249.189.22 (talk) 13:43, 17 June 2012 (UTC)

There is a wikipedia article on the Kish cypher, which might be related to the paper you mention above. 178.195.225.28 (talk) 14:46, 17 June 2012 (UTC)

Cite error: There are <ref> tags on this page, but the references will not show without a {{Reflist}} template or a <references /> tag; see the help page.