Cryptography Reference
In-Depth Information
could be viable. Indeed, it is widely believed that the Washington-Moscow
hotline used to be protected by a one-time pad. The term
pad
dates back to
the physical media on which espionage agents in the field used to store one-
time pad keys during high security missions. It is, however, unlikely that a
one-time pad is still used in many such applications, largely because more
conventional cryptosystems have become much more advanced and hence the
key management costs and inconvenience are no longer justified. It is possible,
although far from certain, that we may see more use of one-time pads in future
environments supporting quantum key establishment (see Section 10.4.3 for
further discussion).
For very short messages
. The key management problems of a one-time pad are
greatly reducedwhen the plaintext is short. If Alice wishes to send ten randomly
generated bits to Bob then she can easily randomly generate a 10-bit key using
a manual technique (coin tosses, for example). Secure key establishment and
storage are still necessary, but aremuchmoremanageable for ten bits compared
to, say, the number of bits required for encryption of a hard disk.
Although one-time pads are rarely used in modern applications, some of the
properties of a one-time pad are highly attractive, not the least its simplicity
of encryption. The most practical instantiation of a one-time pad, the Vernam
Cipher, is very fast to use since encryption and decryption consist of XOR
operations. We will see in Section 4.2 that there is an important class of symmetric
encryption algorithms (namely,
stream ciphers
) that essentially 'emulate' a
one-time pad in order to obtain this property.
3.2.2
Cover time
With the exception of those based on a one-time pad, all the cryptosystems
that we will discuss, and that will be encountered in real-world systems, are
theoretically breakable. This might, at first, sound rather alarming. However,
keeping in mind the deficiencies of a one-time pad, this statement should be
interpreted as pragmatic, rather than disturbing.
So what do we mean by 'theoretically breakable'? Or, looking at it from the
other perspective, what might we mean by 'practical security'? This very complex
question is one that we will attempt to answer throughout the remainder of this
topic. We will see that most modern cryptosystems are regarded as secure in
practice because the known theoretical attacks take too much operational time
to conduct. In other words, conducting these attacks in 'reasonable' operational
time requires resources that are unrealistic for any imaginable attacker of the
cryptosystem.
There is no universal notion of practical security that is meaningful for every
possible application environment. However, there are some useful concepts
that can help us work towards such a notion within a particular application
context.
