Prehistory of Cryptography - A Classical Introduction to Cryptography: Applications for Communications Security

Cryptography Reference

In-Depth Information

Therefore, the security analysis of the cryptosystem must assume that the algorithm

is public.

Note that despite what cryptographers regularly claim, the Kerckhoffs Principle

does not mean that we should make the cryptosystem public.

Auguste Kerckhoffs, a French professor of grammar, stated other principles about

cryptography in the nineteenth century, but this one is the most popular one.

The Moore Law

Secret keys can be tried exhaustively. With technological improvements, comput-

ers are faster and faster. Moore stated an empirical law which says that the speed

of CPUs doubles every 18 months. If a cryptosystem is designed for long-term se-

crecy, the secret key must thus be long enough to resist exhaustive search using future

technologies.

The Murphy Law

If there is a single security hole, the exposure of a cryptosystem will make sure that

someone will eventually find it. Even if this person is honest, this discovery may

ultimately leak to malicious parties. By extension we should keep in mind that security

does not add up: systems are as secure as their weakest part.

1.2.3 Adversarial Models

For studying the security of a cryptosystem we must consider its whole environment.

Security analysis identifies several famous threat models. Here are a few attack models

against ciphers. We can, of course, consider any combination of them.

Ciphertext-only attack. The adversary tries to break the system by wiretapping the

ciphertext messages.

Known plaintext attack. The adversary obtains the ciphertext and succeeds to get

the corresponding plaintext in a way or another (for instance, if the plaintext

is a standard message). She then tries to exploit this extra information to break

the system.

Chosen plaintext attack. The adversary can play with the encryption device and

submit appropriately chosen plaintexts, and get the corresponding cipher-

texts in return. She then tries to exploit this experiment by breaking the

system.

Chosen ciphertext attack. The adversary can play with the decryption device, and

thus decrypt any chosen cryptogram. She then tries to exploit this experiment

in order to decrypt other cryptograms without using this access model.

We distinguish adversary capabilities (as above) from adversary goals. In the case of

attack models against ciphers, we can, for instance, consider key recovery attacks (in

Search WWH ::

Custom Search

Home