Applied Cryptography

Practical Approaches

Theoretical Security vs. Practical Security

Expected use != practical exploitation.

Defective practices can introduce vulnerabilities.

  • Example: reuse of keys.

Computational Security

Computational complexity of break-in attacks

  • Using brute force.

Security bounds:

  • Cost of cryptanalysis.

  • Availability of cryptanalysis infra-structure.

  • Lifetime of ciphertext.

5 Shannon Criteria

  • The amount of offered secrecy.

    • e.g. key length.

  • Complexity of key selection.

    • e.g. key generation, and detection of weak keys.

  • Implementation simplicity.

  • Error propagation.

    • Relevant in error-prone environments.

    • e.g. noisy communication channels.

  • Dimension of ciphertexts.

    • Regarding the related plaintexts.

Confusion

Complex relationship between the key, plaintext, and ciphertext.

  • Output bits (ciphertext) should depend on the input bits (plaintext + key) in a very complex way.

Diffusion

Plaintext statistics are dissipated in the ciphertext.

  • If one plaintext bit toggles, then the ciphertext changes substantially, in an unpredictable or pseudorandom manner.

Avalanche effect.

Always assume the worst-case

Cryptanalysts know the algorithm.

  • Security lies in the key.

Cryptanalysts know/have many ciphertext samples produced with the same algorithm & key.

  • Ciphertext is not secret!

Cryptanalysts partially know original plaintexts.

  • As they have some idea of what they are looking for.

  • Know-plaintext attacks.

  • chosen-plaintext attacks.

PreviousCryptanalysisNextCryptographic Robustness

Last updated