Cryptography Reference
In-Depth Information
The first of these concerns the intended lifetime of a plaintext. The
cover time
is the length of time for which a plaintext must be kept secret. Clearly the cover
time of different plaintext data varies considerably. For example:
• the cover time for a daily password might be twenty-four hours;
• some financial records need to be stored by law for seven years, hence this is
likely to also be their cover time;
• the cover time for some stored government records could be one hundred
years.
A very basic design principle for determining practical security could thus be to
ensure that no known attack on the cryptosystem can be conducted in less than
the cover time of the plaintext. We saw in Section 1.6.4 that exhaustive key search
is one known attack that can be applied to any cryptosystem, hence this design
principle certainly includes the requirement that an exhaustive key search takes
longer than the cover time.
One drawback of defining practical security in such terms is that it is framed
in terms of
known
attacks. If a new attack is developed after some data has been
encrypted that results in it becoming possible to attack a ciphertext in less than
the cover time of the underlying plaintext, then we have a problem. We can of
course re-encrypt the plaintext data, but any attacker who has managed to get
hold of the original ciphertext will now be in a strong position.
Nonetheless, cover time is one example of a useful concept that helps people
who are protecting data to make decisions about how best to apply cryptography
to it.
3.2.3
Computational complexity
The next aspect of practical security that is worth formalising concerns the time
taken to conduct an attack. This requires an understanding of two separate pieces
of information:
1. what computational processes are involved in known attacks on the crypto-
system;
2. how much time it takes to conduct these processes.
The first of these is the task of a cryptanalyst. However, for modern established
cryptosystems that have already undergone a rigorous analysis, the computational
processes involved should be fairly well understood. This is because, in order
to demonstrate security, a well-designed cryptosystem is usually built around
a computational problem that is widely perceived to be hard to solve. Such a
cryptosystem will have, at its heart, at least one computational process that is
understood and widely believed to be very slow to conduct.
Establishing the time required to conduct an attack against a cryptosystem thus
requires a formal way of measuring how long the computational process required
