Encryption and cryptography terms

In a security system, a trust anchor is a known, trusted entity or value against which others can be evaluated for authenticity and integrity.

Triple DES is a Feistel network-based, symmetric-key encryption algorithm derived from the original Data Encryption Standard.

A transposition cipher is a method of encryption that rearranges the characters or bits in the plaintext according to a certain system (a pattern or a key), while maintaining their original identity.

A terminal master key is a secret code used in secure payment systems to encrypt and protect sensitive information (e.g., debit card data) during transactions.

Symmetric key authentication is like having a secret password that both a sender and receiver know.

A substitution cipher is an encryption method in which each letter in the message is replaced by another letter or symbol according to a secret key.

Strict SSL refers to the strict enforcement of SSL/TLS encryption to ensure that all data transmission occurs over secure connections.

A stream cipher is an encryption technique that operates on a continuous stream of data.

SSL encryption is a security protocol used to create a protected link between websites and the user’s browser.

Signature verification refers to the process of verifying the authenticity of a digital signature, a cryptographic mechanism used to ensure that digital communication hasn’t been tampered with.

SIGMA rules, short for Sign-and-MAC, is a commonly employed protocol for key exchange in cryptography.

Just like in real life, a secret is information kept among people privately.

A session key is a one-use-only key for both encryption and decryption.

A self-signed certificate is a digital document created and signed by the same entity it identifies, rather than being verified by a trusted third party.

Secure Hash Algorithm 2 (SHA-2) is a cryptographic method that transforms data into a unique, secure code.

Secure Hash Algorithm 1 is a cryptographic hash function that produces a 160-bit (20-byte) hash value, commonly represented as a 40-character hexadecimal number.

A secret key is a parameter that can be used to encrypt and decrypt data in symmetric and asymmetric encryption.

SCA scanning, or secure channel assessment scanning, is a technique to assess encrypted communication channels' security strength.

Rijndael, developed by Vincent Rijmen and Joan Daemen, is a symmetric encryption algorithm that gained fame as the Advanced Encryption Standard (AES).

RC6 is a symmetric key block cipher (an encryption method) that uses fixed-size blocks to provide efficient encryption and decryption.

RC5 is a symmetric-key block cipher.

RC4 is a stream cipher.

The rail fence cipher is a simple transposition cipher that encrypts plaintext by rearranging the characters in a zigzag pattern.

Quantum logic gates are tools that perform powerful calculations, allowing researchers to manipulate the state of cubits (bits of information).

Quantum key distribution is a secure method of communication with cryptographic protocols that use quantum mechanics.

Quantum cryptography is an encryption method that uses quantum mechanics’ properties to transmit data in a way that cannot be hacked.

Public key infrastructure is a structure that safeguards communications and confirms the identities of users and devices within a network.

Public key encryption is a cryptography method that uses two paired keys: a public key and a private key.

A product cipher is a cryptographic method combining two or more transformations to encrypt the data.

Post-quantum cryptography is a cryptography discipline dealing with algorithms that are believed to be protected against attacks from powerful quantum computers.

The Playfair cipher is a manual symmetric encryption method once used to secure sensitive military communications.

Phase-shift keying (PSK) is a digital modulation technique that transmits digital data over a carrier wave.

PGP (also known as Pretty Good Privacy) is an encryption system for encrypting sensitive files and data.

A pad character is a special character used to fill or extend a data string.

OpenPGP, also known as Open Pretty Good Privacy, is a protocol that allows for the encryption and decryption of data.

One-way encryption is a type of encryption used to secure and protect passwords and other sensitive data.

A one-time pad (OTP) is a type of encryption that is impossible to crack when used correctly.

Nonlinearity is a property of a system or function where the output is not directly proportional to the input.

Network encryption is a cybersecurity method of encoding data carried over a network to safeguard it from unauthorized access, interruption, or modification.

Multi-authority attribute-based encryption (commonly shortened as “MA-ABE”) is an extension of ABE that uses multiple attribute authorities working in tandem for access control.

MD5 is a cryptographic hash function used to verify the integrity of input data, such as a message or a file.

Malleability is the property of certain data or cryptographic elements (e.g., encrypted messages or digital signatures) to be modified by an unauthorized entity without changing the underlying data.

Logjam is a security flaw targeting the widely-used Diffie-Hellman key exchange encryption method.

Link encryption is a method of securing the communication between two or more parties.

A linear-feedback shift register (LFSR) represents a digital sequence-based mechanism employed in a range of applications such as cryptography, error identification and rectification, and the generation of pseudorandom numbers.

A key schedule is an algorithm that calculates the subkeys for symmetric encryption algorithms.

Key rotation is a best practice of regularly changing cryptographic keys, which reduces the potential damage if a key is compromised.

Key-policy attribute-based encryption (commonly shortened as “KP-ABE”) is a type of ABE that associates access policies with decryption keys rather than ciphertext.

Cryptographic keys work just like regular ones, but they encrypt digital access instead of locking the door.

Key exchange is a cryptography process in which cryptographic keys are exchanged between two parties, allowing them to use these keys for sharing encrypted information via a cryptographic algorithm.

Key escrow is a cryptographic key exchange method where the key is stored by a third party (or held in escrow).

A key encryption key, often shortened as KEK, is a cryptographic key that protects other keys.

A key derivation function is a cryptographic algorithm that creates one or more derived keys from an original input key or password.

Kerckhoffs' principle is a fundamental concept in cryptography.

An initialization vector is a fixed-size random or pseudo-random value that is used as an input parameter for cryptographic algorithms, like block ciphers and symmetric-key encryption algorithms.

Identity-based encryption (or IBE) is a method that encrypts messages with a user’s identity (like their email address) instead of a public key.

Hybrid encryption is a cryptographic technique that combines symmetric and asymmetric encryption algorithms to make communication or data transmission secure.

Homomorphic encryption is a type of encryption that allows computations to be carried out on ciphertext, generating an encrypted result that, when decrypted, matches the result of operations performed on the plaintext.

Hashing is a process where you transform a key or a series of characters into another, different value.

A hash function refers to a mathematical function that takes an input (often a large amount of data) and produces a fixed-size output, called a hash value or hash code.

A hash chain is a computer security process by which a cryptographic hash function (CHF) is repeatedly applied to a data asset.

Garlic routing is an encryption tool that can enhance users’ online anonymity and favor their confidentiality.

Full disk encryption is a method of data protection that encrypts everything on a storage device except for the code necessary to start the operating system.

A finite field, or Galois field, is a mathematical construct that consists of a finite number of elements and follows specific arithmetic rules.

A Feistel network is a symmetric structure used in the construction of block ciphers.

End-to-end encryption is a method of transmitting data where only the communicating parties can access the information.

An encryption key is a piece of data used to convert plaintext information into ciphertext or to reverse the process, turning ciphertext back into plaintext.

Encryption as a service (EaaS) is a cloud-based service that provides encryption capabilities to users or organizations.

Encrypting File System is a component of Microsoft Windows that permits users to cipher individual files or directories.

Encrypted file transfer is a secure way of sharing files from one device to another or using a network to ensure the confidentiality and integrity of the data.

Elliptic-curve cryptography is a public key cryptography that employs the mathematics of elliptic curves.

The Digital Signature Algorithm (DSA) is a cryptographic algorithm that is used to generate and verify digital signatures.

A digital envelope (or a digital wrapper) is a secure digital data container that protects an electronic message through data authentication and encryption.

A digital certificate is an electronic document or password that proves the authenticity and validity of a device, server, user, website, or software application.

The Diffie-Hellman protocol, frequently called the Diffie-Hellman key exchange, is a robust procedure used to exchange cryptographic keys across an open network safely.

Decryption is the process of converting previously encrypted data into information that can be read by humans and/or computers.

Decoding is the reverse of encoding.

A data recovery agent is a Windows security feature that helps organizations recover data locked away by the Encrypting File System (EFS).

A data key is a string of data representing a variable value that is used for encryption and decryption.

Data-in-transit encryption is a type of encryption that companies and individuals can use to protect their data while it is transported from sender to receiver.

A cryptosystem combines cryptographic algorithms and protocols to safeguard important data and ensure secure communication.

A cryptographic protocol is a type of protocol that performs many different types of security functions.

A cryptographic key is a piece of information that is used in combination with an algorithm to transform plaintext into ciphertext (encrypted text) or vice versa.

A cryptographic hash function (CHF) is a hash algorithm that uses a mathematical equation to validate and verify data.

Cryptographic algorithms, or ciphers, are mathematical procedures used to encrypt and decrypt data.

Cryptanalysis refers to the practice of analyzing codes and ciphers with the aim of deciphering them.

A critical security parameter is data that is essential to the secure operation of a cryptographic module.

In cybersecurity, a cookie hash is the hashed value derived from the contents of a cookie (a small piece of data with information about the user).

Military or government agencies usually use controlled cryptographic items (CCI) to describe communication equipment associated with classified information and various encryption and decryption processes.

The Clipper chip refers to a chipset developed in the early 1990s in the U.S.

Ciphertext is encrypted information created by running plaintext through an encryption algorithm (a cipher).

Ciphertext-policy attribute-based encryption (commonly shortened as “CP-ABE”) is a type of ABE cryptographic scheme that incorporates the access policy into the ciphertext.

A cipher suite is a collection or combination of cryptographic algorithms, protocols, and key exchange methods used to secure network communications.

A chosen plaintext attack is a method hackers use to break a secret code or encryption system in order to gain unauthorized access to information.

Chaffing and winnowing is a cryptographic concept that provides confidentiality without using traditional encryption techniques.

ChaCha20 is an encryption algorithm that works in a symmetric way.

Certificate-based authentication is a way to verify the identity of users or devices.

Certificate authority server is an easy-to-use and secure solution for creating and storing asymmetric key pairs, which are used for public-key infrastructure (PKI), decryption, signing, and validation.

A block cipher is a symmetric-key encryption method that processes fixed-length blocks of plaintext data into encrypted ciphertext blocks of the same length.

BitLocker refers to encryption software developed by Microsoft and included with most Windows operating systems.

Attribute-based encryption (ABE) is a cryptographic method that encrypts data based on characteristics instead of traditional keys.

AES encryption, or Advanced Encryption Standard, is a symmetric encryption algorithm widely used for securing data in transit and at rest.

The ADFGVX cipher is a field cipher that was developed in 1918 and used by the German army during World War I.

3DES involves applying the Data Encryption Standard (DES) algorithm to each data block three times to secure it.

In the field of cybersecurity, 256-bit encryption refers to the specific encryption process that uses a 256-bit long key to encode and decode data or files.

128-bit encryption is a type of encryption algorithm that uses a 128-bit key to encrypt and decrypt data.