Wikipedia talk:WikiProject Cryptography/Archive 1

From Wikipedia, the free encyclopedia

Archive This is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Contents

Merge Public key cryptography and Asymmetric key algorithm?

The first comment on the project's talk page. Wow!

I suggest that public key cryptography and asymmetric key algorithm are sufficiently distinct topics that a merge would be ill advised. In use, the first encompasses such things as PKI, digital signature, and so on. The second is a class of crypto primitives. Whether pkc should have acquired its rather sloppy penumbra of meanings is another point altogether. Hacker has been similarly abused, as has strong and weak crypto. But we're stuck with the way the language gets used, however unfortunate. Thoughts anyone? ww 21:29, 22 Apr 2004 (UTC)

Permissions for images

ww -- As I understand it, we can't use the "Crypto machines" images under GFDL or similar without permission, but it's sometimes possible (and common) to use images as Fair Use even without permission. This is quite different from the actual text (apart from small quotes), which has to be GFDL (or similar), or PD. The fact that the photographer derives commerical benefit from the images makes it unlikely we could justify their inclusion under fair use, perhaps? — Matt 20:39, 1 May 2004 (UTC)

Matt, The following is not from an attorney and should not be relied upon in court or elsewhere <-- std disclaimer. And you haven't paid for the advice which makes it void (right?). <-- actual case most of the time
I believe your statement of the case to be off base, though perhaps not by too much. Unfortunately the legal beagles can get most out of sorts for anyone even a bit off base. The following may clarify some, or perhaps not.
Copyright is an absolute monopoly on use (any use) reserved to the author / assignee. This monopoly is mandated in the US Constitution and Congress has enacted laws carrying out that mandate (for the US). The situation elsewhere is different and is further conditioned by various international copyright agreements (eg, Geneva, Berne, ...). In the US, copyright is for a limited time (per the Constitution) after expiration of which the material enters the public domain. In the US the term has been changed by Congress for various reasons (eg, unconscionable pressure by owners (as in the repeated case of Disney's Mouse) or conformance with international treaty). In some cases, as for instance Peter Pan by JM Barrie whose UK copyright is perpetual and all license fees acrue to a London (hospital, orphanage?), there is no term limit. How this applies in the US I haven't a clue.
Whether image, text, etc is immaterial. In the US, there is a Fair Use doctrine which modifies that absolute right. It allows others to use portions (how small will be, perhaps, something of a controversy to be settled individually when agreement can't be trivially reached) for certain purposes: academic, satirical, in reviews, ... However, even in academic use the fair use exception does not extend to copies for students. Other jurisdictions have similar (but presumably not identical) arrangements.
If the copyright has been licensed under GDFL (or similar) than the owner / assignee has in so doing waived all control of use of the material and it's free for all to use as they wish. Same for release to the 'public domain'.
Hmm...your description is correct for "public domain", but not for GFDL. It doesn't allow all to use as they wish; particularly, derivative works must also be GFDL, though there are other caveats. This might seem to be a minor point, but it's a somewhat controversial issue (see copyleft). — Matt 21:14, 2 May 2004 (UTC)
You are correct that GDFL is not exactly the same as public domain. I had neglected the pass through condition. ww 15:04, 3 May 2004 (UTC)
Some material is in public domain when created as condition of the work (eg, software created/paid for the US Government; though I understand this has changed recently).
Other licenses might be for first publication, for serial publication only, for all print publication, for all use whatsoever for a limited time, English language rights only, publication in Patagonia only, etc. All such must be seen as modification of the underlying absolute license. Certain industries have adopted 'automatic licenses' to facilitate commerce. An example is the music industry in which anyone may play a song (owned by its author) in a particular performance (owned by the performer) over a radio station or in a concert. License fees for these uses are collected by such organizations as ASCAP and BMI in the US (and something similar in UK, I'm sure). For copies of printed (especially periodical matter), there is a copyright clearing house in the US which handles small payments for copies (and aggregates them for payment to the copyright holder / assignee). And so on.
In recent years, establishing copyright has become easier (at least in the US). Mere creation has always established a copyright, but an enforceable right used to require more. Labeling with (c) and a name/date was formerly required to establish an enforceable right (need to warn potential infringers was the theory), and further a copy of whatever it was (how exactly depended on the thing -- text being different than sculpture for instance) had to be depostied with the Library of Congress. Most of that has changed now.
My understanding of WP policy (dim, I admit) is that only explicit owner /assignee release as GDFL is acceptable.
WP is happy to incorporate material under Fair Use, if applicable; have a look at the relevant section in Wikipedia:Copyrights. — Matt 21:14, 2 May 2004 (UTC)
I'll take a look at it, but must note that much litigation has resulted for a rather long time from differences in understanding of Fair Use. The US courts have frequenctly been asked to decide whether this was (or was not) Fair Use and who should pay damages and how much if not. I would -- legal advice worth exactly what was paid for it, to wit $0 -- advise that WP not entertain Fair Use as the grounds on which to use copyrighted (but not GDFL, pub dom, or other equivalent) material. At least until some competent court holds that WP use is Fair Use and not subject to fee and to damages if that fee is not paid as required by owner/assignee. The whole megilla about Napster (etc, etc, etc) was, in major effect, over this point. Is a copy I give away of something I bought the right to listen to Fair Use? ww 15:04, 3 May 2004 (UTC)
Have looked, now understand more (sort of) and have pondered. It's a mushy policy legally (remember, you're getting what you pay for in legal advice from me!) and my suspicions above are confirmed. I don't think WP is at all well advised to allow anything in under the US legal doctine of Fair Use. First WP is international in scope and Fair Use is not, second what's Fair Use is not well settled and non controversial in re such things as Internet and in 'conversion' to GDFL or similar. In the US, Fair Use is defined by examing the debris left on the courtroom floor after a squabble. I don;t think WP should be leading with its chin in this respect. Too valuable a chin to lose as the result of some court case. ww 14:32, 13 May 2004 (UTC)
In the case of Jerry Proc and all those lovely images he's collected, I merely assume he is the assignee (for Internet use) of all those images -- many of which came from others. If he is, than any denial of permission by him (regardless of his motives or intentions or anything else) bars our use in any way on the WP. But he is probably not, as most folks are not, on top of the arcane (though recently more relaxed) requirements for tracking permissions and licenses and all that. I suspect he probably does not have adequate license for some (many?) of his images. And so he may not have a leg to stand on if he objects to our use here on the WP, whatever official WP policy might be. Though if he scanned them in himself, he might own/control that particular jpg/gif/png/whatever. We could track down the owners / assignees of the original images and get permission from them, I suppose, but that's more work than I think I can commit to personally.
I think quite a few of the images are original photographs by Jerry Proc (they are labelled as such). We could, as you point out, perhaps track down those attributed to other people. (A lot of effort, though). — Matt 21:14, 2 May 2004 (UTC)
Does this clarify some of the legal bog in and around....? Or just make it deeper and more squelchy? ww 17:54, 2 May 2004 (UTC)

featured article strategy

I was shocked, just Shocked!, to discover that no one save Matt and myself actually reads any of this crypto stuff!

Thus some ponderous thought on how to remedy this problem. Matt's not going to stop reading these articles, nor I, so we have to kidn, err, shang, hmmm, entice some others. Featured status arose as a possibility. Hence the addition of a 3 stage featured article section here. There's actually a fourth stage (writing the article, but we'll leave that as an exercise for the writer).

What do we cryptiacs (or cryptonauts?) think about this way of going about things? ww 14:32, 13 May 2004 (UTC)

(Cryptographers? Too easy...). Mmm, well, many cryptography pages are indeed visited only a few times a month, but a few hold up well by the standards of popularity of other parts of Wikipedia. But yes, more readers would be good, as more readers would likely mean more contributions, and hence better articles.
Matt, I doubt if crypto is ever going to be as popular as some of the articles both you and Arvindn had been following and knew so much about... I think I'd be satisfied if I were to become convinced it's not just you and me! ww 16:57, 13 May 2004 (UTC)
I'm not sure if nominations for "featured status" (FA) is the most appropriate mechanism for attracting readers and editors; at least, that probably shouldn't be the primary motivation. I think FA is for articles that are of exceptionally high quality, and, to my mind, none of the crypto articles qualify at the moment (many good, just not outstanding). Perhaps a better forum on WP would be Wikipedia:Peer review?
I think the crypto articles should be of exceptionally high quality as writing. If this motivates writing to that end, well and good. As for attracting editors, I doubt it would work at all; wasn't in my mind. I thought the idea was to attact readers so we could take over the world. (I'd share with Tux, wouldn't you?) Anyway, it was your idea, wasn't it? Sure it was!
In WP, Readers are editors, or at least potential ones. I fix spelling mistakes and the like when I'm just browsing. — Matt 17:38, 13 May 2004 (UTC)
Well, yes... But I had in mind another sort of editor of course. ww 18:31, 13 May 2004 (UTC)
I have already begun to blac, err, bludg, err, plead/beg/whine/grovel non-crypto folk to review the less technical crypto articles. This is a sort of peer review, I suppose, though not 'officially' WP sanctioned. See jwr's comment at Talk:Enigma for a result of this effort. ww 16:57, 13 May 2004 (UTC)
It's a good idea; good work on that. I'm planning on roping in my fiancee at some point for some copyediting; hopefully she qualifies as non-technical enough...— Matt 17:38, 13 May 2004 (UTC)
She's managed to avoid contact infection thus far? Good show!
But, being from this side of the pond (and from the High Plains on this side) I think I have some semi expert advice on this roping business. First, and probably foremost, the ropee often has a opinion. Ropers get bitten, knocked down, head butted, and have other assorted mayhem inflicted on their persons. Caution is indicated for that reason alone. On the question of female persons being directed by their male persons to do something (with or without a rope), well there is much opportunity for reflection before undertaking such an enterprise. I wish you well and will attempt to attend any resultant memorial services. Alternatively, if you can get word to me of the hospital location, I'll attempt to visit during convalesence. It used to be easier, in the good old days. ww 18:31, 13 May 2004 (UTC)
Other than that, maybe we should look to places on the internet to plug Wikipedia cryptography. In addition, such links might improve our Google rank; for e.g., http://en.wikipedia.org/wiki/Cryptography languishes in the mid 30s in Google's search results for "Cryptography".
Matt, Google search results are, well, less than convincing as evidence of interest outside WP. Google has been the subject of some fascinating (perhaps mostly benign) manipulation, though surely not for crypto topics. Better than nothing, surely, and high ranking would be good generally, but... As for finding a place to 'plug', I'm at a total loss. My idea was streaking the main page, but you and Arvindn were discouraging. ww 16:57, 13 May 2004 (UTC)
I was under the impression that a large proportion of Wikipedia's traffic was obtained from Google search results; hence, if WP has higher ranking, we get more eyeballs, and more mistakes fixed. — Matt 17:38, 13 May 2004 (UTC)
Probably so, but I suspect much of that is for less esoteric stuff. The featuring business actually would help, I suspect. All kidding around aside. ww 18:31, 13 May 2004 (UTC)
One other thought I had was to advertise for contributions on the sci.crypt newsgroup. I've hesitated because there are a number of regulars on that group who might not adapt well to collaborative editing, but I'm probably being paranoid. It's currently being flooded with junk at the moment, so maybe soon. — Matt 15:29, 13 May 2004 (UTC)
Matt, I too had considered appealing to Usenet, but have deferred both for the reason you cite and because, until you created the Project and the other apparati (for which YAFT) the crypto corner here was rather anarchic with somewhat too much (too often not so overly informed) expertise being in evidence. Now that there is a structure within which to work (and probably, to work against) the second concern is lessened. You and I are still learning to work in (metaphorical) harness and it would perhaps be well if current WP cryptiacs were more in sync before a general call goes out. On the other hand, having jon wander by was a very good thing. I don't think we dare expect so beneficient a result routinely, witness the general tone of sci.crypt for the past some years. I would (mildly, and without any intent to offend anyone) suggest that your paranoia is well founded. ww 16:57, 13 May 2004 (UTC)

Breaking public-key algorithms

One area I've noticed that's sadly lacking in WikiProject Crypto is that of attacks on public-key algorithms like RSA. In the case of RSA, it would be factoring algorithms. Check out integer factorization. I've actually written a lot of the factoring stuff on WP myself. I just joined this project, oh, a few hours ago, so I'm not exactly sure of how to proceed in linking those pages in with this one. I noticed the lack when I wanted to add special number field sieve as a page that needs expansion.

Pages that I suggest linking in:

--Decrypt3 20:04, Jun 10, 2004 (UTC)

De, Good idea and I favor it. However, from an Average User's pespective (this fellow, for whom I keep talking up, never seems to contact me directly though), I think we may have a problem. I would like to find a way to include enough information about the mathematical connections (many of which you note here) but fear doing so in such a way as to touch off math-o-phobia (wooo, wooo, woooo, ...). AU's eyes will probably just glaze over and we'll lose our opportunity to take over his/her mind in the service of Crypto.
More seriously, I've been pondering for some time a suggestion as to a template for algorithm and protocol articles. It would be something like the following:
    • <name> is a <whatever>.
    • <Explanation of <whatever> and its instance as <name>>,
    • <diagrams of <name>>,
    • <history of <name> as an example of <whatever>>,
    • <status of <name> in re breaks>
      • {eg,
      • no publicly known successful attacks against <name> better than brute force as of <whenever written> qualified in re key lengths,
      • foreseeable potential vulneabilities of <name> if <new research results in re <obscure math stuff>>
      • ...
      • },
    • proofs re security of <name> or <whatever> if any,
    • and so on.
This would have the advantage that AU would get the executive summary (eg, <it's broken> or <if a new Ramanujan comes along and figures out <new research result> things will be VERY different, hold the presses!>) and yet will have a sense of where the connections are, and can go chasing them down as you suggest if interested. But if interested AU probably isn't, of course.
What do you think? Reactions from others? Should we make this formal and put it on the Project page? ww 16:24, 12 Jun 2004 (UTC)
Well, one suggestion that's appeared at WikiProject Mathematics (of which I'm also a member) is to include a little paragraph at the beginning saying something like, "It is recommended that the reader be familiar with blah, blah and blah before reading this article." We could adapt that to just say, "This article has a mathematical focus" or something like that. The reason I mention factoring algorithms in particular is that progress in them is directly linked to RSA's security. RSA is based on pure number theory, and some readers would like to know more about what makes it work and what makes it secure.
As to the template idea, where would the description of the algorithm or protocol fit in? Otherwise, it's quite good. It's what I've been trying to do for my new block cipher and miscellaneous (see weak key) articles. --Decrypt3 18:04, Jun 12, 2004 (UTC)
Well, ahmmm... In the 'and so on' part. Of course. ww 16:30, 19 Jun 2004 (UTC)
Assorted comments: I like the idea of the template, but not so much as a rigid structure for the article, but as a checklist for what should be included, and a general guide for a good ordering. I think the "executive summary", as ww puts it, should be the lead section (i.e. the first one or two paragraphs). I think it's fine to have technical focus articles, but if there's a chance a non-techical reader might be interested, we should cater for them appropriately; e.g. DES and Rijndael should start easy (though maybe including technical detail later on in the text). More obscure topics (e.g. LOKI89 and MMB) can probably launch right in at a higher level. It's not always clear, but I think we've enough common sense to get the right balance! As regards RSA, I think it's an excellent idea to run through (briefly) the various approaches to factoring; as Decrypt3 points out, it's highly relevant to the security of the cipher, after all.— Matt 18:25, 12 Jun 2004 (UTC)
I take it then (though with considerable surprise) that such a template (or guide for good ordering -- pick your own rubric) is acceptable? Or even thought worthwhile? All right! The reason I thought of this is that I am often frustrated, in accounts of this or that algorithm or protocol, by absence of any discussion of its break status. In articles here on WP and elsewhere, both. I took the opportunity of De's comments to include this concern in a proposed structure. Ok, we all agree, how to implement it? Thoughts? Comments? ww 16:29, 19 Jun 2004 (UTC)

"Please review" section?

Would it be a good idea to create a "For peer review" section in the Open Tasks section of the project page? I've been writing several new pages recently, and I thought it would be nice to have a section where editors could put articles they had created, but that needed looking over (for factual accuracy, clarity, copyediting, etc.). Among these pages that I've been wanting to have reviewed are Piling-up lemma, Madryga, MacGuffin (cipher) and weak key. Comments or suggestions about my suggestion? --Decrypt3 15:52, Jun 12, 2004 (UTC)

De, I like the idea, but there is a WP bias toward everyone gets to take a whack at everything. Means more work cleaning up after the idi... errrr less informed, but it's a strongly held philosophical position. In technical material I think it makes sense, but .... An alterantive is to create a stub page, and insert the proposed article on the stub's talk page. Not ideal as someone has to do some moving around and some edit history may get lost (not sure about that though, I've never tried it myself).
Matt will probably have an idea, and he's done a lot of poking around in behind the curtain so he knows much more of what's possible with the underlying mechanism(s) than I. Matt...? ww 16:28, 12 Jun 2004 (UTC)
Random thoughts: there is an actual Wikipedia:Peer review page, which I guess would likely only attract people to check general things, like spelling, grammar and formatting etc. Personally, I try and read all the new stuff as soon as it gets added, and tweak things; this is slightly different from active fact-checking and concentrated copyediting, though. — Matt 18:28, 12 Jun 2004 (UTC)
Me too, more or less. But I miss stuff. ww 16:33, 19 Jun 2004 (UTC)
I know about the peer review page (I've posted on it myself), but I was thinking of a crypto-specific one on the WP Crypto project page. How do you mean "as soon as it gets added"? Where do you find it? I know there's the "recent changes" page, but stuff on there goes so fast that it's impossible to catch new crypto stuff unless you happen to look at it within seconds of the new page being added. I see you've been chasing me around a lot already, but how do you find out about it? I never mentioned weak key at all on the WP Crypto project page. --Decrypt3 19:53, Jun 12, 2004 (UTC)
So you too have that 'haunted by mc' feeling. Careful, I think he's watching now,.... ww
While the Wikipedia-wide "recent changes" is clearly too fast to follow, there is the "Special:Newpages" page, which is a little slower (I don't bother tracking that, most of the time). I do track Recent changes to list of cryptography topics, which sometimes gives hints to new pages when people add links to other cryptography articles, e.g. you added "Weak key" to Template:Block_ciphers. Also, if someone does a bunch of work on cryptography pages, I might go search their "User contributions" for a "(new)" tag. New pages from me and User:ww end up on List of cryptography topics pretty quickly (because we add them manually), and that shows up on various watchlist-style things. — Matt 20:06, 12 Jun 2004 (UTC)

protocols category

Well, it's clear that in a few months I won't be able to edit anything since I'm falling farther and farther behind regarding the adminstrative structure / tools / scheme we are developing. Matt is to be congratulated on this (much of it is his work), but I will clearly be roadkill quite shortly. Ah well... Anyway, the point of this note is to note a note left at mode of operation which notes that it really shouldn't be in the algorithm category but rather in the (and I am shocked to discover a contribution that even I can make to the structure) the newly discovered to be non-existent protocols category. Please note that those who understand this stuff (not me, I'm finding Roger Bacon more and more a soul mate!) might consider creating one.

Please. It's rather a significant missing bit after all. And our protocol coverage is, now that's it's been forcibly called to my attention, not what might be called complete. Since this is perhaps the most obscure and trickiest of the technical side of modern crypto (save perhaps on the innards of block cypher operation, or maybe random number generator testing) I'm going to leave protocol content to those with more facility, myself. (--> retreating so yellow streak is plainly visible...) ww 18:23, 22 Jun 2004 (UTC)

Block cipher template

I have a little problem with the block cipher template. In Safari, on a 1024x768 screen, it is too wide for the screen, making the sideways scroll bar appear. It's just a minor annoyance, but one thing I learned from web design classes is "never make the viewer scroll sideways". I can see how to fix it, if nobody objects: one just has to remove the margins by removing the "style" parameter from "{| id="toc" style="margin: 0 2em 0 2em;"". Is this OK? Decrypt3 15:37, Jul 1, 2004 (UTC)

Sounds good to me; "be bold" (and all that)! (The scrollbar doesn't appear on Mozilla, just for information). — Matt 15:50, 1 Jul 2004 (UTC)

Terminology: Cryptology vs. Cryptography?

I have a question for the Wikipedia crypto crowd: is the distinction between "cryptology" and "cryptography" one that is current in the field? I'm not an expert by any means, just an interested party. I noted the redirect from "cryptology" and "cryptography". Based primarily on usage in David Kahn's The Codebreakers, it's my understanding that "cryptography" refers specifically to the creation and implementation of codes, ciphers, and coded and ciphered messages. In contrast, "cryptology" refers to the entire field of hidden and secret communications, including cryptography, cryptanalysis, steganography, etc. Is this distinction meaningful? I'm wondering if Wikipedia should have a brief "cryptology" article introducing the general field with links to the various subdisciplines. Or is the distinction between the usage of cryptology and cryptography so minor that having an extra article layer would just be pedantic?

I don't just want to be bold on this issue, as this project seems to be well underway with some sort of a plan. Gwimpey 20:24, Jul 14, 2004 (UTC)

This has come up recently at Talk:Marian Rejewski; to summarise, there's two "styles" of usage; one is the more traditional usage, like Kahn, having the entire field labelled as cryptology, divided into cryptography ("code-making") and cryptanalysis (codebreaking). More recently, though, people use a second "style": cryptography for the entire field (including things like digital cash, secret sharing protocols, etc.), and specifically encryption (code making) and cryptanalysis (for breaking systems). The latter style is more prevalent, so we use it to name articles; so cryptography is the overview of the entire field, and it includes a brief summary section on cryptanalysis and encryption, as well as other topics. — Matt 20:33, 14 Jul 2004 (UTC)
Thanks for the info Gwimpey 20:46, Jul 14, 2004 (UTC)
I've read some of the talk you referred me to. From what evidence do we have the conclusion that the "second" style is more widely used? On this page, NSA uses cryptography, cryptology, and cryptanalysis in the Kahn sense. In their FAQ, RSA Security defines the three terms separately as well, as does Terry Ritter's glossary. To me, encryption means "the act of hiding information". Research into methods of encryption, or the making of new ciphers or codes, would be cryptography. However, this distinction is probably even fuzzier. I'm not trying to be difficult, but I do believe that Wikipedia articles should be consistent not only with each other but also with the usage of those who work and publish in the field. I guess the question then is, do those workers and publishers agree on usage? Gwimpey 21:27, Jul 14, 2004 (UTC)
Hmm...I don't actually have any evidence; my assertion is only based on my experience and could be wrong. I have seen both styles used within the field (see also Journal of cryptology), so I do think we should feel free to use both styles in the text of articles, unless there are cases where it might cause confusion. For the actual names of articles, we should go with the most popular terminology, which I'd assumed to be the "cryptography is the entire field" style. — Matt 21:38, 14 Jul 2004 (UTC)
PS to my last comment: here's a definition I like: [1] Gwimpey 21:31, Jul 14, 2004 (UTC)
Had a glance in Ferguson and Schneier's. Practical Cryptography (2003). They write: "Cryptography is the art and science of encryption. At least, that's how it started out. Nowadays it is much broader...Cryptography is an extremely varied field. At a cryptography conference..."; this illustrates the distinction of the two styles: Cryptography once meant only "encryption (and encoding)", but now it's a term that gets bandied about for the entire field. — Matt 21:55, 14 Jul 2004 (UTC)

So here's another data point that I stumbled across while looking at other crypto stuff today: RFC2828, Internet Security Glossary. This is the document recommended by the Internet Engineering Taskforce for all authors of Internet Standards Documents. Their definitions of the terms in question are:

cryptanalysis 
The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. (See: cryptology.)
cryptography 
The mathematical science that deals with transforming data to render its meaning unintelligible (i.e., to hide its semantic content), prevent its undetected alteration, or prevent its unauthorized use. If the transformation is reversible, cryptography also deals with restoring encrypted data to intelligible form.
cryptology 
The science that includes both cryptography and cryptanalysis, and sometimes is said to include steganography.

Another data point to ponder. Gwimpey 00:46, Jul 15, 2004 (UTC)

Gwimpey, There was a decision made amongst the cryptiacs active at the time to merge the existing cryptology article into cryptography and create a pointer to accomodate. My understanding of the relative priority differs from F & S cited above by Matt, and from the 'authoritative' (well,...) info from IETF and RSA and Ritter and .... I think we may have one of those periodic attempts in English to settle on a standard and, while as a speaker of the language I would recognize both IETF and RSA as participants in some such settlement (or attempted settlement) I can't concede that they are language experts in this sense. I suppose if everyone bows to their 'authority' we all might end using words their way.
Given English vast vocabulary, there will be these problems of synonyms and meaning shift and such.
In this case, as there is little possibility of confusion (assuming frank avowals of synonymic use, and perhaps instability in use) the decision to avoid some articles about cryptology and others about cryptography, and two forests of pointers and such, when the content was either similar or identical still seems reasonable for WP. At the present time, there's a redirect cryptology --> cryptography and early and explicit notice at cryptography of the variant usage, the current situation seems reasonable, not destructive of language trends (should one now be in process) and so acceptable for WP policy.
Thoughts, comment? ww 17:14, 17 Jul 2004 (UTC)
The relative obscurity of cryptanalysis is the problem, here. No one is really interested in cryptanalysis, only in cryptography - and thus, effectively, cryptology == cryptography, functionally speaking. However, the distinction is clear and I think the division is elegant - cryptology = cryptography + cryptanalysis. Also, to add another datapoint, Bruce Schneier makes the same division in "Applied Cryptography", which is probably the most widely read book on the subject. Graft 14:48, 22 Jul 2004 (UTC)
To clarify, I'm not sure there's such a language trend, only an apparent one, and I'm in favor of having a separate 'cryptology' article (so should this be WikiProject Cryptology?) Graft 14:50, 22 Jul 2004 (UTC)
I think it may be more correct to say that there is little current interest in cryptanalysis, thanks to the invention of computer ciphers that appear to require unobtainable resources to break. However, cryptanalysis is important from a historical viewpoint. Since Schneier, RSA, and IETF are all important sources for determining usage, I think there is an argument to be made that "cryptography" and "cryptology" are not synonymous in current usage. I think a "cryptology" article would be useful as a place to discuss, for example, the mathematical and linguistic foundations that are common to both cryptography and cryptanalysis (not something I would be qualified to write, though!). I can imagine an brief introduction with a list of links to the main branches ("cryptography", "topics in cryptography", "cryptanalysis", "steganography") followed by the technical discussion. Maybe make a "cryptology box" to put at the bottom of the articles. See my (very) modest proposal here: User:Gwimpey/Cryptology box.
In any case, thanks for all the work you folks are putting into this project! Gwimpey 17:15, Jul 22, 2004 (UTC)
You're right, of course - the historical importance of cryptanalysis can't be denied. What I meant was, in the modern age no one has any practical interest in it except for spooks, and maybe people cracking WEP keys... hrm, never mind altogether. Graft 17:19, 22 Jul 2004 (UTC)
Graft, I would have to strongly disagree with your assertion that there is little interest in cryptanalysis today. If nothing else, there is no way to establish the credibility of those computer cyphers you mention except to attempt to cryptanalyze them. And that is being done (more or less effectively) by several thousand folks in universities and research labs worldwide as we speak. There are also connections to some parts of fundamental mathematics, so... At the user level, perhaps you may be right, but I suspect this was always true for the 'good crypto' of its time.
As for the suggestion that cryptology elegantly subsumes cryptography, we are dealing with word usage styles here and English is notoriously willing to shift one way or another over time. Perhaps not as wildly as its spelling does... At the moment, I do not see the distinction between them as clear (ie, cryptology is not a superset of cryptography), whether elegant or otherwise. They are as nearly as I can make out synonyms and I use them that way in my writing (when I use cryptology at all). The major users of ology that I see are governments (ie, NSA's web site) and assorted other government things (the USN history of crypto sites). The problem with using them synonymously at WP is that we will end up with (and had some of) duplicate article trees. So Matt's observation above is quite relevant in regard to work factor of crypto folk (including you, I hope?) editing here on WP. As for using ology and ography within articles freely as Matt suggests as possible above, that raises only issues of confusion in reader's minds. The subject remains the same whatever its name (didn't Shakespeare say something similar?), but confusion can result when multiple names for the same thing are stirred. Thus if I suggest on the phone you come bare, you will be in some trouble when it turns out I meant bear. Or vice versa.
For the moment, I suggest that we dodge this confusing bullet and follow the decision made some months ago to regard cryptography as the highest class noun for this field and treat cryptology as a mildly exotic synonym. It would, if nothing else, preserve a considerable amount of work. Note the increase in the number and (quality?) of crypto related articles in the past few months. ww 19:47, 22 Jul 2004 (UTC)
Various thoughts: I agree with ww that cryptanalysis is still of great interest to people, and not just hackers and spooks; the majority of papers published on, say, block ciphers are about cryptanalysis of existing designs, rather than proposing new designs. The security of many algorithms is heuristic, and established through "trial by cryptanalysis". I don't see any problem with using "cryptology" in article text — it really isn't that confusing — though we should probably stick to one style within a single article. — Matt 00:47, 23 Jul 2004 (UTC)
Matt, I see that you can't count the damned : either. Good, I'm not alone. I agree that use of either ology or ography shouldn't be that confusing (the context should surely make clear the meaning meant in most cases), but you and I have now been involved in two such muddles in the last month. One, admittedly was due to language differences (Polish cognates =/= English ones) as nearly as I can make out (the discussion at Talk:Rejewski), but the other (this one) does not appear to be so. I think this indicates that there is semantic confusion hither and thither and, as WP editors in the crypto corner, we should all tread carefully lest our Readers be lost in the roundabouts. It seems to be more of a problem than either one of us suspected it to be. ww 14:15, 23 Jul 2004 (UTC)

Slashdot comments awash with Wikipedia links

A recent Slashdot article has been posted regarding the proposed withdrawl of FIPS 46-3 (the standard specifying DES) [2]. The news item itself links to AES, and in several comments there's various links to Wikipedia articles, including DES (naturally), Differential cryptanalysis, One time pad, Quantum cryptography, 3DES and Diffie-Hellman. I know it's only Slashdot, but it's nice to know that people are reading this stuff sometimes ;-) — Matt 20:02, 29 Jul 2004 (UTC)

Matt, I too am cheered by this news. I'm not alone anymore! Bless you Friday! (Or at least not alone except for Matt, anymore.) ww 15:16, 30 Jul 2004 (UTC)

Cryptography clip art analogies

Matt Crypto recently suggested to me that a collection of cryptography "clip art" might be useful for quickly generating consistent diagrams of basic cryptographic principles. I've made these and some others (don't mind the aliasing, etc. - these are not final) so we might have icons, so to speak, representing a cryptographic key, lock, Alice and Bob, etc.

A challenge in such representations is to clearly communicate the desired concept in a language-independent way. While they don't need to be so clear as to require no further explanation, one ought to be able to look at a diagram created using these icons and get a fairly accurate notion of what is happening when Alice sends an encrypted message to Bob.

The keys, lock, and lock-box are fairly standard in the literature I've seen. My attempt at the distinction between public and private keys is a key held in either an open or closed hand (improvements upon this pictorial would be welcomed). I would like some suggestions for the following abstractions:

  • Hash function. Defining attributes: one-way, distinct output.
    • Possible pictorials: A meat grinder (one-way, but indistinct output), a paper shredder (ditto)
  • Plaintext and ciphertext. Difficult to show without using English text. Defining attributes: Plaintext should appear "intelligible", while ciphertext should appear "unintelligible"; it should be in some way apparent that possession of a "key" makes the ciphertext readable.
    • Possible pictorials: Plain and garbled English text (not language-independent); an assembled and scrambled jigsaw puzzle; a string of digits, e.g. "12345" plain, "34152" cipher (looks like simple rearrangement); all of the preceding lack an explanation of how a key helps with recovering the plaintext. Finally, plaintext written on a sheet of paper is placed in a locked box (disguises the fact that a ciphertext is transmitted "in the clear", but possibly the best overall analogy, since key unlocks box).

Ideally, the entire collection would have a minimal amount of metaphor-mixing; if it can all be somehow tied back in with the lock-and-key metaphor, that would be perfect. Obviously this won't be true in all cases, though.

The only other concept that I have in mind at the moment is a random-number generator (probably best represented by a die, six-sided for ease of recognition). I've considered a "black box" for generic functions, but that seems somewhat counter to our purposes, since I would hope to instead explain (and show) what is happening inside the black box. Comments on existing icons is welcomed. Other possibly-needed clip art suggestions are welcomed. -- Wapcaplet 01:39, 7 Aug 2004 (UTC)

I tend to use colours more instead. Back in the 90's when I teached crypto I used to use these basic pictures a lot:
* A golden or yellow key = A symmetric key
* A green key = A public key
* A red key = A secret key
* A white document = Plaintext
* A grey document = Ciphertext
Those colours seemed to be easy to understand for my students and it also worked well when rescaling pictures or viewing a picture from the last row of the class...
--David Göthberg 00:48, 10 November 2005 (UTC)

World War II cryptography

User:Raul654 dropped me a note wondering of WikiProject Cryptography could hack together a World War II cryptography article for use in Wikipedia:World War II wikireader. I think this would be a good article to have anyway:

Matt -- I have a request for your wiki-project. Rather than including seperate articles on Ultra and Purple, I'd much rather have a general article on World War II Cryptography. Do you think you or your project could provide one in the next month or two? →Raul654 05:12, Aug 7, 2004 (UTC)

Matt, It sounds quite attractive, and I'd be in favor of such an idea myself, but I think such an article will pose sufficient problems as to be impractical.
In the past, several articles have tried to take a 'larger context' viewpoint, at least as from a non-crypto perspective. There has been considerable objection (in the form of progressive edits) to reduce such attempts and concentrate crypto articles on specific crypto topics, not a larger perspective. In addition, the two cases cited -- Purple (ie, Magic) and Ultra -- are not really parallel, given the differences between the cypher side (German v Japan) and the cryptanalytic side (US (with the competing girls' schools) and UK (with an integrated effort centered at BP). Not to speak of the difference in coverage between assorted Engimas and Purple (one was military, expionage, strategic, tactical, ...), the other was diplomatic traffic alone.
I'd like such an article, agree with Raul64 that it would be useful to Readers (at least some), but don't think it will be possible. Not a happy evaluation, I'm afraid. ww 14:25, 10 Aug 2004 (UTC)

List of crypto publications

I notice we have a list of books on crypto, but I don't see any list of journals for current crypto research. I would create one, but I wonder if perhaps we should move "books on cryptography" to "publications on cryptography" and then we can include journals as well instead of creating two separate yet related lists. Headings could possibly include:

  1. Conference proceedings and associated publications (e.g. Advances in Cryptology for the annual Crypto conference)
  2. Journals dedicated to crypto (e.g. Journal of Cryptology)
  3. Journals dedicated to other subjects that have papers on crypto (e.g. IEEE Transactions on Computers)
  4. Online repositories (e.g. eprint.iacr.org)

What do you all think? CryptoDerk 20:31, Oct 21, 2004 (UTC)

Also, I guess it would be prudent to include standards documents (e.g. IEEE 1363 , the standard for public key crypto, if I remember correctly). CryptoDerk 23:39, Oct 21, 2004 (UTC)
This sounds like a good idea to me. The actual history of "Publications in cryptography" is an interesting story by itself, of course, given how reluctant the spooks were to allow open study of cryptography. For standards, I think we already have Cryptography standards, so maybe we could just link there for that? — Matt 17:35, 23 Oct 2004 (UTC)

Proofs in cryptology

To my mind the most urgent need is a page explaining the role that proof plays in our understanding of the security of the algorithms that we use. We need a page explaining security reductions, concrete security, asymptotic reductions, and pages for IND-CPA, IND-CCA, IND-CCA2 and so on. I wanted to correct the egregious errors on the Rabin page, but without these pages to refer to all I can really do is delete all the assertions about security.

This is much more important than collecting every piffling block cipher that never got used!

And yes, I'll try and make a start when I can... — ciphergoth 09:43, 2004 Nov 18 (UTC)

*g*...Yes, this is a significant gap in Wikipedia, and it'd be great to have it filled. Another thing we might want to do is think of possible articles that need to be written in this area and dump them in the "Some open tasks/Start from scratch" table in Wikipedia:WikiProject Cryptography. And I'll try and avoid starting too many new piffling block cipher articles, but I can't guarantee I'll be successful...! — Matt 10:45, 18 Nov 2004 (UTC)
Having just noticed C's comment, I have to chime in and agree with Matt. On several points... C is right, we do need such coverage. Whether it should be as notes distributed amongst several articles or as one or more distinct articles or both, I am unsure just now. But my endorsement comes with the caveat that there is a two-fold aspect to our current lack in this regard.
Academic coverage is, I think, useful and encyclopedic, but so also is a less academic appreciation for the context of such results. For instance, Rabin proved (in 2002?) a result having to do with the preserved entropy of broadcast random sequences available to all, including Mallory, to hear (further details escape). It was reported on the front page of the NYT (if memory serves -- it was certainly prominent placement if not above the fold). Like many such proofs, there is a certain fascination for many of us here in the crypto corner. But, also as with many such proofs, it is important, for the benefit of the Average Reader (who is NOT a crypto corner habituee), to note that this proof does not make all crypto systems using some implementation of the technique trivially secure. Nor is it likely to in future since ... all still remain as possible security breaches.
This is a pitfall in the appreciation, by such lay folks, of this or that neato crypto result. "Proof" means much (and much of it does not apply) to the non technical; it also seems to connote that some problem (often not that to which the proof applies) is now a finished issue to which no further attention is required. Even the OTP is not, shall we say, the be all and end all of crypto concern nor applicable to much in a practical crypto context.
Perhaps, in the mental template of points to make when writing up this or that proof, editors might keep in mind the less crypto cognizant, and make an effort to include a comment or two on practical effect in the miasma of real life as opposed to the limpid clarity of crypto proofs? Perhaps there could even be a formal template for this? And, of course, we can hope (probably in vain) that all editors will follow it... ww 22:47, 13 December 2005 (UTC)

National Treasure

A book cipher appears in the new movie, National Treasure ("Ottendorf cipher"). The key is Benjamin Franklin's Silence Dogood letters. In case it attracts people's attention, we may want to flesh out that article a bit. (The movie also features invisible inks, though oddly uses lemon juice the developer). Securiger 19:45, 27 Nov 2004 (UTC)

Pictures

I dug up some pictures from Crypto 2k3 and added pictures to the Adi Shamir article and the CRYPTO article. I have a picture of Whitfield Diffie, but we already have a picture in that article that's under a suitable license (CC 2.0). I have a couple more pictures, one of Jean-Jacques Quisquater and one of Matt Franklin, although we don't currently have articles on them. You can see all the pictures here (there are some other pictures there not related to crypto). Let me know if you want me to upload the Diffie, Quisquater, or Franklin pictures.

Quisquater (I hope that's easier to type in French!) was a member of the Nessie team and certainly is important cryptogrpahically enough to justify a WP article. Please, create a stub and include the picture if it has appropriate permissions. And add it to the list of cryptographers list. And so on for others...
I have observed that people (including myself) are less inhibited about editing an existing article than creating a new one. Which may be why the list of articles needed is so long and not melting as rapidly as some glaciers. ww 18:32, 11 Feb 2005 (UTC)

New Mathematics Wikiportal

I know I've posted this on most of your user talkpages, but I felt it was important to add to the project page as well.

I wanted to point out to you the new Mathematics Wikiportal- more specifically, to the Mathematics Collaboration of the Week page. I'm looking for any math-related stubs or non-existant articles that you would like to see on Wikipedia. Additionally, I wondered if you'd be willing to help out on some of the Collaboration of the Week pages.

I encourage you to vote on the current Collaboration of the Week, because I'm very interested in which articles you think need to be written or added to, and because I understand that I cannot do the enormous amount of work required on some of the Math stubs alone. I'm asking for your help, and also your critiques on the way the portal is set up.

Please direct all comments to my user-talk page, the Math Wikiportal talk page, or the Math Collaboration of the Week talk page. Thanks a lot for your support! ral315 02:54, Feb 11, 2005 (UTC)

Cryptotourism

I hope nobody minds if I plug another wiki: Cryptotourism, a project to collect information about crypto-history sightseeing, like Bletchley Park or the National Cryptologic Museum. It's in very early stages at the moment, but if anyone is interested in chipping in, it would be most welcome. — Matt Crypto 16:17, 15 Feb 2005 (UTC)

Wikipedia:WikiProject Cryptography/February 2005

Hi! I've created a summary of the activity within the Project this month. I find it quite difficult to keep track of major changes to articles: the big things tend to get lost within small changes. Thanks to everyone for their contributions! — Matt Crypto 11:32, 28 Feb 2005 (UTC)

Same deal this month! See: Wikipedia:WikiProject Cryptography/March 2005. — Matt Crypto 16:54, 1 Apr 2005 (UTC)

Portal!

I can't resist fads, and WikiPortals appear to be the latest WikiFad. Accordingly, I've hacked up Wikipedia:Wikiportal/Cryptography for a bit of fun. — Matt Crypto 15:30, 8 Mar 2005 (UTC)

Caesar cipher as a Featured Article candidate

I've nominated Caesar cipher as a Featured Article candidate. See Featured article candidates/Caesar cipher. — Matt Crypto 09:33, 28 Mar 2005 (UTC)

Completeness

Why is completeness listed under boolean functions and S-boxes? What I understand by completeness is: "requiring no further assumptions", as in oblivious transfer is a complete primitive for secure multiparty computation. Is there a totally unrelated sense of the word within cryptography?! Arvindn 02:59, 23 July 2005 (UTC)

Yes, in S-box design, it's a desireable property of Boolean functions; it means that each output bit depends on all the input bits, and not just a subset [3]. — Matt Crypto 09:44, 29 July 2005 (UTC)

Bit streams cryptology

The deletion of this article is currently being discussed at Wikipedia:Votes for deletion/Bit streams cryptology. Uncle G 04:09:08, 2005-07-29 (UTC)

See also: Wikipedia:Votes for deletion/Decryption matrix. — Matt Crypto 09:34, 29 July 2005 (UTC)

Articles listed for deletion

The deletion of the above article is currently being discussed. Uncle G 11:28:47, 2005-09-02 (UTC)

Getting started

2005-10-03 I would like to get started contruibuting to wikipedia. I want to start with the todo.

  1. Images: Diagrams explaining public key cryptography

Please give me a hint of what type of diagram I could make. Also, is this the appropriate place to be posting questions?

You can reach me at wikipedia.org (a t) phor.net

Thanks for wanting to help out! There are several places to ask questions. If you're wanting to ask general questions about Wikipedia, then you can use the Wikipedia:Help desk (or you can ask me on my talk page, I'd be glad to help). If you're wanting to ask a general question about some non-Wikipedia topic, then you can post it on the Wikipedia:Reference desk. If you're wanting to discuss general topics about cryptography articles on Wikipedia, this is a good page for it.
It's great that you're interested in illustrating public key cryptography. You might take the approach of the "postal analogy"; see Public_key_cryptography#A_postal_analogy. A while ago, User:Wapcaplet made a few bits and pieces of crypto "clipart" for use in such diagrams. Check out Image:Crypto_clipart2.png and Image:Cryptography clipart1.png. I also hacked together a mock-up of a diagram for Diffie-Hellman key exchange using some of the clipart in this diagram: Image:Dh-mockup.png (clearly I have no artistic talent!). One image off the Internet which we might use for inspiration (although we can't copy it outright) is: [4] (symmetric crypto, we could adapt for the postal analogy). — Matt Crypto 18:15, 4 October 2005 (UTC)

Crypto wiki/Wikipedia discussion on cryptography mailing list

There's a discussion on Wikipedia's crypto articles, and/or a Crypto wiki on the Cryptography mailing list: http://www.mail-archive.com/cryptography%40metzdowd.com/msg05367.html — Matt Crypto 15:03, 13 December 2005 (UTC)

spam link??????

In the Beale ciphers section, the last link on the links page seems to be spam. It may be leglimate, I don't know, but its worth the looking at. If it is legilimate, then at least correct the link so someone would know what they are looking at. —Preceding unsigned comment added by 69.22.224.249 (talkcontribs) 05:52, 29 December 2005

Thoughts on a short definition page

I was thinking it would be nice to have a page that gives short informal definition on the main terms in cryptography (e.g. Asymmetric key, receiver anonymity, sender anonymity, etc.), something like Glossary of graph theory but much shorter and more informal. Are there any thoughts as to if this would be useful? Batman900 23:52, 5 January 2006 (UTC)

Go for it, sounds as if it could be quite useful. — Matt Crypto 00:44, 6 January 2006 (UTC)

Marian Rejewski on FAC

I've nominated the article on Polish codebreaker Marian Rejewski on Featured Article Candidates. Please add any comments/criticism/review to Wikipedia:Featured article candidates/Marian Rejewski. — Matt Crypto 00:44, 6 January 2006 (UTC)

question about public keyservers

(Apologies for treating this page as a reference desk.) Does anyone know, if I upload a key to a public keyserver (e.g. http://pgp.mit.edu/), roughly how long it would take to propagate to other keyservers? Thanks Dmharvey 02:16, 11 January 2006 (UTC)

Crypto article naming conventions

Hi! I just joined the group, and have written a few articles, and I've noticed that many articles about cryptography are strangely named. In particular, hyphenation is a difficulty. Many people will use "public-key" while others may use "public key." First of all, let me explain the proper use of hyphenation in this setting.

  • When the issue comes up for peoples' names, it is standard to add a hyphen between the names. Usually this is used for two author results, but it can be used for more. Thus, "Diffie-Hellman" rather than "Diffie Hellman" when referring to a particular paper, proof, algorithm, et cetera.
  • "Public-key" is an adjective phrase, as in "public-key algorithm" or "public-key cryptosystem," whereas "public key" is a noun phrase, as in "Alice sends Bob her public key." In general this exemplifies the use of hyphens in these terms. Thus, "chosen-ciphertext attack" rather than "chosen ciphertext attack" and "zero-knowledge proof" rather than "zero knowledge proof."
  • Some words are compound words and should not have hyphens in them. The only examples I can think of at the moment are ciphertext, plaintext, and pseudorandom, but I'm sure there are others.
  • Hyphenating more than two words becomes trickier. Try to look at the papers in the crypto literature for these cases. Personally, I think you can hyphenate 3 but not 4 or more all together, for instance "chosen-ciphertext-secure cryptosystems" is probably okay, but "non-interactive zero-knowledge proofs" is rightly split up.
  • On capitalization -- Recall that WP:NAME encourages us to not capitalize first letters of words that aren't proper nouns. This also makes sense, as the second word in a hyphenated phrase should not be capitalized unless it is a proper noun. Thus, "Public-key" may begin a sentence, not "Public-Key", but in "Diffie-Hellman" it is appropriate to capitalize.

Finally, I have one more point, about algorithms or primitives named after their creators. These should be given a title that represents more than just the author names: for instance, "Diffie-Hellman key exchange" is a good title for the article while "Diffie-Hellman" would be a bad one. I recommend that what follows be a simple description of the technique, and not include the words "technique", "protocol", "algorithm", et cetera, unless absolutely necessary.

Naturally, redirects and moves will solve most of this issue, but I feel it's especially tricky for crypto articles. We crypto people use very complicated words. Cheers! Mangojuice 02:33, 21 January 2006 (UTC)

I'm a stickler for proper hyphenation as well :) I fully endorse your naming notes, except I am not sure about the last one. To clarify, you mean 'don't use "protocol"/"algorithm"/etc in the name of the article', right? Can you give examples of articles that should have "algorithm" removed? Quarl (talk) 2006-01-21 06:47Z
It's harder to think of examples than I thought. I guess my point is that we should use "Diffie-Hellman key exchange" than "Diffie-Hellman key exchange protocol," or "Encryption" rather than "Encryption technique." In some cases, the word is unavoidable: for example, "Bach's algorithm." (Hmm, just noticed there's not an algorithm on that one).Mangojuice 15:37, 22 January 2006 (UTC)
Follow-up. As an example where this issue might be a problem: "Luby-Rackoff construction" is on the "tasks" list right now, but the right name for the article would be Luby-Rackoff block cipher. (Don't worry about that one, though, I'm taking care of it right now.) Mangojuice 20:51, 23 January 2006 (UTC)
With the wonder of redirects, you can have both names end up in the same place ;-) — Matt Crypto 08:10, 24 January 2006 (UTC)
See also: Talk:Man in the middle attack#Spelling of article title wrt hyphens. — Matt Crypto 08:10, 24 January 2006 (UTC)

Ah, you guys seem to think the same as me. So I guess I will go right ahead and do what I was thinking of doing: Moving Davies-Meyer construction to Davies-Meyer hash and Miyaguchi-Preneel scheme to Miyaguchi-Preneel hash. And if I get around to it creating Matyas-Meyer-Oseas hash. --David Göthberg 08:33, 25 January 2006 (UTC)