Cryptography Reference
In-Depth Information
Primitive-specific attacks
. These are attacks that apply generically to a specific
class of cryptographic primitives. Examples include:
•
Differential
and
linear cryptanalysis
. These two cryptanalysis techniques are
primarily targeted against block ciphers, which are now explicitly designed to try
to resist them.
•
Birthday attacks
. This simple attack can be conducted against any hash function and
is the baseline attack that determines the output length for modern hash functions
(see Section 6.2.3).
•
Statistical attacks
. There is a suite of simple statistical attacks that can be conducted
against deterministic generators (see Section 8.1.4) and any modern deterministic
generator should be resistant to them.
Algorithm-specific attacks
. These are attacks that are designed for use against
a specific cryptographic algorithm. Often such attacks are variants of more
generic attacks that have been tailored to the working of the specific algorithm.
Side-channel attacks
. This is an important class of attacks that are not against
the theoretical design of a cryptographic primitive, but rather the way in which
the primitive is
implemented
. An increasing number of side-channel attacks
are being discovered and thus implementers of cryptography need to pay close
attention to developments in this area. Examples include:
•
Timing attacks
. These exploit the fact that different processor computations take
slightly different times to compute. Hence, by measuring such timings, it may be
possible to learn information about the nature of a computation that a processor is
trying to conduct. For example, it may be possible to determine a key by noting the
timings of several different operations conducted using that key.
•
Power analysis
. These attacks are similar to timing attacks except that power
consumption is used to obtain information about the nature of the underlying
computations.
•
Fault analysis
. These attacks involve an attacker inducing errors in a cryptosystem
and studying the resulting output for useful information.
•
Padding attacks
. These attacks exploit the fact that plaintext usually needs to
be 'padded' before processing (see Section 4.3.2). By manipulating this process
and monitoring resulting error messages it can be possible to learn important
information about the nature of the underlying data.
1.6.6
Academic attacks
It is notable that themajority of attacks onmodern cryptographic algorithms come
from the academic community. However, these are often
academic attacks
in both
their origin and applicability. Recall that the idea of 'breaking' a cryptographic
algorithm is a subjective one and depends on what attack capabilities are
considered to be reasonable. Security of modern encryption algorithms tends
to be set very conservatively, so that even a very good attack that significantly
improves on an exhaustive key search may still be well beyond a practical
