Cryptography Reference
In-Depth Information
data stream can be identified. When they introduced the
High-Order DPA
in
their work, the authors went even a step further. This method can process data
streams from different measuring series concurrently (for instance, it addition-
ally determines the electromagnetic radiation). For the time being, this attack
is mainly interesting for designers, since current systems are not resistant to
SPA. You can find details in
txt/cryptana/dpa
on our Web site.
Timing attack, SPA, and DPA all show how hard it is to build secure sys-
tems, even when using algorithms that are secure by current standards. Such
'side-effect attacks' are a marginal field of cryptology: in contrast to the usual
cryptanalysis, they do not attack the algorithm directly, but they differ with
regard to computer security by their typical cryptanalytic methods.
However, smartcard designers have not been idle either: visit
www.research.
ibm.com/intsec/side-channel.html
for an overview of current research
work.
5.11 What Is a Good Ciphering Method?
Five increasingly difficult chapters were necessary before we can finally ask
this question. Only now is it clear how much a statement like 'algorithm XYZ is
secure' depends on time and the state-of-the-art, i.e., officially published results.
The race between cryptography and cryptanalysis gets increasingly faster, but
we have to live with that. Though key lengths of 128 bits and higher are
theoretically secure, future developments in cryptanalysis may have surprises
undreamt of in store.
This
circumstance forces us to be careful, and
not
the
increasingly faster computer technology.
In addition, cryptology has to struggle with the nasty problem that encrypted
data can be stored. If you secure a money transporter based on the current state-
of-the-art in both technology and logistics, the money will probably arrive at
its destination, and you can forget about the matter. If you wire sensitive RC5-
or AES-encrypted data, they will most likely not be jeopardized by an attacker.
However, an attacker can store this data and cause unexpected problems many
years later if and when RC5 or AES may have been broken. Perhaps one day,
quantum cryptography will help create accomplished facts. So far, cryptanalysts
have had new and unusual ideas anyhow. The timing attacks discussed in
Section 5.10 are a typical example.
No single algorithm (except the one-time pad) known today can claim that it
will be secure with absolute certainty in ten years from now. What we do know
