Why does an algorithm need a keyspace?

Question

Why does an algorithm need a keyspace? I thought the person encrypting would define his/her own key.

Answer 1

An encryption algorithm does not need a keyspace. By definition, however, it has one.

It sound to me like your confusion is mainly terminological. In cryptography, the "keyspace" of an encryption system is defined simply as the set of all possible (distinct) keys that the algorithm can accept.

For example, let's say that we're back in the days of the ancient Romans, and encrypting a message with a simple shift cipher. Obviously, to encrypt and decrypt the message, we need to know the correct key: the number of letters by which the alphabet is shifted.

Clearly, "1" is a valid key for this cipher, since we can indeed shift the alphabet by one letter. So is "2", and "3", and so on. Equally clearly, "1.5" is not a valid key, since it makes no sense to shift the alphabet by one and a half letters. Thus, while the keys 1, 2 and 3 are all part of the keyspace, 1.5 is not. Neither is $\pi$ or $\sqrt{-1}$ or "banana".

(A somewhat more subtle question is whether the keyspace for a shift cipher should include "0" or "-1" or "999". Certainly, an alphabet shift of zero letters is possible; it just doesn't obscure the message in any way, and is thus completely insecure even by ancient Roman standards. Similarly, we could shift the alphabet by 999 letters — but, since neither the modern nor the ancient Roman alphabet actually has that many letters, it will just wrap around and be equivalent to some smaller shift amount. Generally, for cryptanalytic purposes, we'd want to ignore such obviously equivalent keys, and just say that the keyspace of the shift cipher has as many (distinct) keys as the alphabet has letters; or one fewer, if the zero key is not allowed.)

Why do we care about the keyspace, or its size, then? Well, for one thing, a simple way for someone to attack a cipher is to try to decrypt a captured message with every possible key, and see which of the results makes sense. The bigger the keyspace, the more resistant the cipher is to this naïve attack. (Furthermore, in modern crypto, we actually try to design our algorithms so that, hopefully, this naïve attack is the best possible one, or at least close to the best. Thus, unless someone breaks the cipher by finding a more efficient attack, the size of the keyspace is a direct measure of the strength of the algorithm.)

Also, when we do pick our encryption key, we obviously need to pick one that belongs in the keyspace; otherwise, by definition, it will not work. Indeed, the safest choice is generally to pick the key uniformly at random from the entire keyspace. If we don't (and the attacker knows or can guess how we picked our key; which we generally cannot prove isn't the case), then they can speed up their attack by trying the keys we're more likely to have picked first. Thus, it's not enough to just know the size of the keyspace; we also need to know what the keyspace is, or at least enough about it to let us pick random keys from it.

Answer 2

A keyspace is the set of all possible keys that an algorithm can use. So the keyspace for AES-256 for example is $2^{256}$ possible keys. The key chosen by the user exists in this keyspace.

Answer 3

You do supply your own key. This key has a certain format; the keyspace is just the set of valid keys.

Answer 4

• In cryptography, the "keyspace" of an encryption system is defined simply as the set of all possible (distinct) keys that the algorithm can accept. As an example, the keyspace in shift cipher can be 1, 2, 3 and not 1.5 because you can’t shift a word to 1.5 space in the letters. The bigger the keyspace, the more resistant the cipher is to this naïve attack. The encryption key shall also be a part of the space. The safest choice is generally to pick the key uniformly at random from the entire keyspace.