Cryptography Reference
In-Depth Information
A
B
C
D
E
Figure 1.4.
Taxonomy of publicly known encryption algorithms
To emphasise these points, Figure 1.4 presents a conceptual taxonomy of
publicly known encryption algorithms. While this taxonomy is artificial, it is
designed to emphasise the prudent 'conservatism' of adoption of publicly known
encryption algorithms. The zones in the figure can be interpreted as follows:
Unstudied algorithms
(Zone A). This consists of a substantial number of
encryption algorithms that have been proposed by designers, but never
subjected to any serious analysis. There may well be some very good algorithms
in this zone, but they have not been scrutinised enough to be relied upon.
Algorithms in this zone include those used by a number of commercial
products that claim to have designed their own encryption algorithm. Great
caution should be applied before relying on such products.
'Broken' algorithms
(Zone B). This consists of themany publicly known encryption
algorithms that have been analysed and subsequently found to be flawed.
Partially studied algorithms
(Zone C). This consists of a reasonable number of
publicly known encryption algorithms that have undergone some analysis
without significant security weaknesses being found, but which have not
subsequently attracted a great deal of attention. The most likely reason for this
is that they do not appear to offer any significant benefits over algorithms in the
next two zones. As a result, even though there may be very good algorithms in
this zone, the extent to which they have been studied is probably not sufficient
to justify deploying them in an application without good reason.
Respected algorithms
(Zone D). This consists of a very small number of publicly
known encryption algorithms that have been subject to a great deal of expert
scrutiny without any flaws being found. These algorithms might reasonably
be regarded as being secure enough to deploy in an application. Some of
the algorithms in this zone may appear in standards. However, they are not
'default' encryption algorithms and so there is the potential for interoperability
problems when they are used, since they are not as widely deployed as
encryption algorithms in Zone E.
