Cryptography Reference
In-Depth Information
exclude keys that create such differences. This method is ingenious and very
strong — its successes include the best known attack against IDEA [Skipana].
The authors succeeded in attacking the Skipjack variant reduced to 31 rounds
more effectively by this method than by brute force. However, this is irrelevant
for practical purposes. You'd require 2 34 (128 Gbytes) chosen plaintexts and
2 78 steps. Even if you executed one billion steps per second on one million
processors in parallel, this cryptanalysis would still take 9.5 years.
On the other hand, the result is enormously significant for self-confidence in
public research. Take a minute and compare this with the cryptanalysis of the
five final AES candidates: none of them can be attacked faster than by brute
force, if you reduce it by only one round. What you usually do is consider
some security reserve in your planning. Since the NSA didn't, the conclusion
that they didn't know this attack suggests itself. Let's sum things up:
Biham, Biryukov, and Shamir presumably found a cryptanalytic method that
the NSA didn't know.
Together with Matt Blaze's attack against the Clipper protocol and the conse-
quential disclosure of the algorithm, the NSA no longer appears as almighty
as you might be led to believe.
5.8 Probabilistic and Quantum Cryptography
This section will show you that cryptographic algorithms can sometimes come
along in rather exotic shapes. What we will be dealing with are ingenious ideas
rather than specific algorithms.
Probabilistic Cryptography
Probabilistic algorithms contain randomness, as the name suggests. They can
generate many possible ciphertexts from one fixed plaintext; which one of them
will be output is totally accidental. The reverse procedure — decryption — must
remain unambiguous, of course.
'What's the point?', you may ask. For one thing, such an algorithm is useful
as an improvement of asymmetric methods . If encryption with the public key
is probabilistic, nobody can prove that a certain ciphertext belongs to a certain
plaintext, unless they know the public key. Something like this can be desirable
in many a situation!
Search WWH ::




Custom Search