**Alice is sending an encrypted message to Bob. According to Kerckhoffs’ principle, which of the following must be kept secret? (Source: Wentz QOTD)**

A. The cipher mode of operation

B. The unique random value used once to avoid repeating patterns

C. The input used to confuse the relationship with the ciphertext

D. The key used to encrypt data that can only be decrypted by another key

**Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.**

My suggested answer is C. The input used to confuse the relationship with the ciphertext.

The original description of option C is “C. The input used to confuse ciphertext.” I revised it as “C. The input used to confuse the relationship with the ciphertext” to improve semantics.

“The input used to confuse ciphertext” or “The input used to confuse the relationship with the ciphertext” refers to the secret key, which should be kept secret.

Kerckhoffs’s principle (also called Kerckhoffs’s desideratum, assumption, axiom, doctrine or law) of cryptography was stated by Netherlands born cryptographer Auguste Kerckhoffs in the 19th century:

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.Kerckhoffs’s principle was reformulated (or possibly independently formulated) by American mathematician Claude Shannon as “

the enemy knows the system“, i.e., “one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them“. In that form, it is calledShannon’s maxim. This concept is widely embraced by cryptographers, in contrast to “security through obscurity”, which is not.Source: Wikipedia

# Cipher Mode of Operation

The cipher mode of operation is the algorithm. It can go public for open review. AES went through the public selection process by the NIST.

# Initiation Vector (IV)

The unique random value used once to avoid repeating patterns refers to the initiation vector (IV). An effective secret key is typically unique and generated at random, but it can generate fixed patterns in ECB mode. IV is employed to remove repeated patterns. It is not the secret key, so it doesn’t have to be kept secret.

# Public Key Encryption

In asymmetric encryption, ciphers typically use a pair of keys, one for digital signature and the other for encryption. The key used for encryption is called the public key while the key used for signing is the private key. The key used to encrypt data (public key) that can only be decrypted by another key (private key) is a paraphrase of the public key. We don’t have to keep the public key secret.

# Reference

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, *The Effective CISSP: Security and Risk Management*, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

Alice正在向Bob發送加密消息。 根據Kerckhoffs的原則，以下哪項必須保密？

A. 加密器的運算模式

B. 用於避免產生重複樣態的唯一隨機值

C. 用於使密文複雜化的輸入

D. 用於加密只能由另一個密鑰解密的數據的密鑰