Kerckhoffs's principle is one of the basic principles of modern cryptography. It was formulated in the end of the nineteenth century by Dutch cryptographer Auguste Kerckhoffs. The principle goes as follows: A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.
Kerckhoffs’s best known publications are two journal articles published in 1883 in the French "Le Journal des Sciences Militaires" under the common title "La Cryptographie Militaire" (Military cryptography). The articles covered the solutions of military cryptography that were most up-to-date at that time. They gave a practical, experience-based approach, including six design principles for military ciphers:
- The system must be practically, if not mathematically, indecipherable.
- It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience.
- Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents.
- It must be applicable to telegraphic correspondence.
- Apparatus and documents must be portable, and its usage and function must not require the concourse of several people.
- Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.
The second axiom is currently known as Kerckhoffs's principle.
Kerckhoffs's principle is applied in virtually all contemporary encryption algorithms (DES, AES, etc.). These algorithms are considered to be secure and thoroughly investigated. The security of the encrypted message depends solely on the security of the secret encryption key (its quality).
Keeping algorithms secret may act as a significant barrier to cryptanalysis, but only if such algorithms are used in a strictly limited circle, which protects the algorithm from being revealed. Most government ciphers are kept secret. Commercial encryption algorithms, released to the market, have mostly been broken quite swiftly.
Kerckhoffs's principle was reformulated (perhaps independently) by Claude Shannon as "The enemy knows the system". In that form it is called Shannon's maxim.