adversary - Commonly used to refer to the opponent, the enemy, or any other mischievous person that desires to compromise one’s security.

AES - The Advanced Encryption Standard that will replace DES (The Data Encryption Standard) around the turn of the century.

algorithm - A series of steps used to complete a task.

ANSI - American National Standards Institute.

API - Application Programming Interface.

attack - Either a successful or unsuccessful attempt at breaking part or all of a cryptosystem.

authentication - The action of verifying information such as identity, ownership or authorization. 

certificate - In cryptography, an electronic document binding some pieces of information together, such as a user's identity and public key.  Certifying Authorities (CA's) provide certificates.

certificate revocation list - A list of certificates that have been revoked before their expiration date.

Certifying Authority (CA) - A person or organization that creates certificates.

cipher - An encryption - decryption algorithm.

ciphertext - Encrypted data.

collision - Two values x and y form a collision of a (supposedly) one-way function F if x  y but F(x) = F(y).

collision free - A hash function is collision free if collisions are hard to find. The function is weakly collision free if it is computationally hard to find a collision for a given message x.  That is, it is computationally infeasible to find a message y  x such that H(x) = H(y).  A hash function is strongly collision free if it is computationally infeasible to find any messages x, y such that x  y and H(x) = H(y).

collision search - The search for a collision of a one-way function.

time - Referring to the temporal constraints involved in a certain computation.

cryptanalysis - The art and science of breaking encryption or any form of cryptography.  See attack.

cryptography - The art and science of using mathematics to secure information and create a high degree of trust in the electronic realm.  See also public-key, secret-key, symmetric-key, and threshold cryptography.

cryptology - The branch of mathematics concerned with cryptography and cryptanalysis.

cryptosystem - An encryption  decryption algorithm (cipher), together with all possible plaintexts, ciphertexts and keys.

decryption - The inverse (reverse) of encryption.

DES - Data Encryption Standard, a block cipher developed by IBM and the U.S. government in the 1970’s as an official standard.  See also block cipher.

Diffie-Hellman key exchange - A key exchange protocol allowing the participants to agree on a key over an insecure channel.

digest - Commonly used to refer to the output of a hash function, e.g. message digest refers to the hash of a message.

digital envelope - A key exchange protocol that uses a public-key cryptosystem to encrypt a secret key for a secret-key cryptosystem.

digital fingerprint - See digital signature. 

digital signature - The encryption of a message digest with a private key.

digital timestamp - A record mathematically linking a document to a time and date.

discrete logarithm - Given two elements d, g, in a group such that there is an integer r satisfying g^r = d, r is called the discrete logarithm.

distributed key - A key that is split up into many parts and shared (distributed) among different participants.  See also secret sharing.

DMS - Defense Messaging Service.

DOD - Department of Defense.

DSA - Digital Signature Algorithm.  DSA is a public-key method based on the discrete log problem.

DSS - Digital Signature Standard.  DSA is the Digital Signature Standard.

ECC - Elliptic Curve Cryptosystem; A public-key cryptosystem based on the properties of elliptic curves.

EDI - Electronic (business) Data Interchange.

electronic commerce (e-commerce) - Business transactions conducted over the Internet.

electronic mail (e-mail) - Messages sent electronically from one person to another via the Internet.

electronic money - Electronic mathematical representation of money.

elliptic curve - The set of points (x, y) satisfying an equation of the form y² = x³ + ax + b, for variables x, y and constants a, b.

encryption - The transformation of plaintext into an apparently less readable form (called ciphertext) through a mathematical process.  The ciphertext may be read by anyone who has the key that decrypts (undoes the encryption) the ciphertext.

exclusive or - See XOR.

exhaustive search - Checking every possibility individually till the right value is found.  See also attack.

expiration date - Certificates and keys may have a limited lifetime; expiration dates are used to monitor this.

exponential function  A function where the variable is in the exponent of some base, for example, b^N where N is the variable, and b is some constant.

exponential running time - If the running time, given as a function of the length of the input, is an exponential function, the algorithm is said to have exponential running time.

export encryption - Encryption, in any form, which leaves its country of origin.  For example, encrypted information or a computer disk holding encryption algorithms that is sent out of the country.

hacker - A person who tries and/or succeeds at defeating computer security measures.

handshake - A protocol two computers use to initiate a communication session.

hash-based MAC - MAC that uses a hash function to reduce the size of the data it processes.

hash function - A function that takes a variable sized input and has a fixed size output. 

iKP - Internet Keyed Payments Protocol.

ISO - International Standards Organization, creates international standards, including cryptography standards.

identification - A process through which one ascertains the identity of another person or entity.

impersonation - Occurs when an entity pretends to be someone or something it is not.

import encryption - Encryption, in any form, coming into a country.

Internet - The connection of computer networks from all over the world forming a worldwide network.

ITEF - Internet Engineering Task Force.

ITU-T - International Telecommunications Union - Telecommunications standardization sector.

Kerberos - An authentication service developed by the Project Athena team at MIT.

key - A string of bits used widely in cryptography, allowing people to encrypt and decrypt data; a key can be used to perform other mathematical operations as well.  Given a cipher, a key determines the mapping of the plaintext to the ciphertext.  See also distributed key, private key, public key, secret key, session key, shared key, sub key, symmetric key, weak key.

key agreement - A process used by two or more parties to agree upon a secret symmetric key.

key escrow - The process of having a third party hold onto encryption keys.

key exchange - A process used by two more parties to exchange keys in cryptosystems.

key expansion - A process that creates a larger key from the original key.

key generation - The act of creating a key.

key management - The various processes that deal with the creation, distribution, authentication, and storage of keys.

key pair - The full key information in a public-key cryptosystem, consisting of the public key and private key.

key recovery - A special feature of a key management scheme that allows messages to be decrypted even if the original key is lost.

key schedule An algorithm that generates the subkeys in a block cipher.

keyspace - The collection of all possible keys for a given cryptosystem.  See also flat keyspace, linear key space, nonlinear key space, and reduced key space.

life cycle - The length of time a key can be kept in use and still provide an appropriate level of security.

linear keyspace - A key space where each key is equally strong.

Message Authentication Code(MAC) - A MAC is a function that takes a variable length input and a key to produce a fixed-length output.  See also hash-based MAC, stream-cipher based MAC, and block-cipher based MAC.

MIME - Multipurpose Internet Mail Extensions.

MIPS - Millions of Instructions Per Second, a measurement of computing speed.

modulus - The integer used to divide out by in modular arithmetic.

NSA - National Security Agency.  A security-conscious U. S. government agency whose mission is to decipher and monitor foreign communications.

patent - The sole right, granted by the government, to sell, use, and manufacture an invention or creation.

PKI - Public-key Infrastructure.  PKIs are designed to solve the key management problem.  See also key management.

padding - Extra bits concatenated with a key, password, or plaintext.

password - A character string used as a key to control access to files or encrypt them.

PKCS - Public-Key Cryptography Standards. A series of cryptographic standards dealing with public-key issues, published by RSA Laboratories.

plaintext - The data to be encrypted.

privacy - The state or quality of being secluded from the view and or presence of others.

private exponent - The private key in the RSA public-key cryptosystem.

private key - In public-key cryptography, this key is the secret key.  It is primarily used for decryption but is also used for encryption with digital signatures.

protocol - A series of steps that two or more parties agree upon to complete a task.

public exponent - The public key in the RSA public-key cryptosystem.

public key - In public-key cryptography this key is made public to all, it is primarily used for encryption but can be used for verifying signatures.

public-key cryptography - Cryptography based on methods involving a public key and a private key.

quantum computer - A theoretical computer based on ideas from quantum theory; theoretically it is capable of operating nondeterministically.

RSA algorithm - A public-key cryptosystem based on the factoring problem.  RSA stands for Rivest, Shamir and Adleman, the developers of the RSA public-key cryptosystem and the founders of RSA Data Security, Inc.

running time - A measurement of the time required for a particular algorithm to run as a function of the input size.  See also exponential running time, nondeterministic polynomial running time, polynomial running time, and sub-exponential running time.

S-HTTP - Secure HyperText Transfer Protocol, a secure way of transferring information over the World Wide Web.

S/MIME - Secure Multipurpose Internet Mail Extensions.

SSL - Secure Socket Layer.  A protocol used for secure Internet communications.

secret key - In secret-key cryptography, this is the key used both for encryption and decryption.

secret sharing - Splitting a secret (e.g. a private key) into many pieces such that any specified subset of N pieces may be combined to form the secret.

secure channel -  A communication medium safe from the threat of eavesdroppers.

session key - A key for symmetric-key cryptosystems which is used for the duration of one message or communication session

shared key - The secret key two (or more) users share in a symmetric-key cryptosystem.

SMTP - Simple Mail Transfer Protocol.

smartcard - A card, not much bigger than a credit card, that contains a computer chip and is used to store or process information.

standards - Conditions and protocols set forth to allow uniformity within communications and virtually all computer activity.

stream cipher - A secret-key encryption algorithm that operates on a bit at a time.

stream cipher based MAC - MAC that uses linear feedback shift registers (LFSR's) to reduce the size of the data it processes.

sub key - A value generated during the key scheduling of the key used during a round in a block cipher.

S/WAN - Secure Wide Area Network.

symmetric cipher - An encryption algorithm that uses the same key is used for encryption as decryption.

symmetric key - See secret key.

synchronous  - A property of a stream cipher, stating that the keystream is generated independently of the plaintext and ciphertext.

timestamp - see digital timestamp

verification - The act of recognizing that a person or entity is who or what it claims to be.

weak key - A key giving a poor level in security, or causing regularities in encryption which can be used by cryptanalysts to break codes.

WWW - World Wide Web.

XOR - A binary bitwise operator yielding the result one if the two values are different and zero otherwise.