Cryptography Reference
In-Depth Information
10. The algorithm must not use
weak keys
, and if it does, then they should
be easy to determine.
11. With a product algorithm,
one round must not be breakable if the other
rounds are not broken
. Compare RC5 with the
pkzip
cipher. Though
the latter is not a product algorithm, the individual steps can be broken
one after the other; the attack against RC5-32/1/* is not usable on a
method with several rounds.
12. The algorithm must not be attackable by
algebraic methods
(e.g., the
ciphertext bits must not be linear functions of the plaintext bits). Good
algorithms mix 'incompatible' operations, such as addition, XOR, and
multiplication.
13. The implementation must guarantee a sufficiently
large key space
. This
requirement is very important but hard to implement (Section 5.1.4).
14. Also,
initialization vectors must not repeat
themselves.
15. Try to find out whether
timing attacks or power analyses
could be a
threat, and implement countermeasures accordingly.
An algorithm that meets all the points above is a good algorithm based on cur-
rent standards. An
ideal
algorithm would also have to be
theoretically
secure,
i.e., it must not be vulnerable to novel attacks or special hardware.
I currently know of only two methods that ensure both practically and theoreti-
cally secure message communication: one-time pad and quantum cryptography.
The latter, however is not an algorithm in the strict sense, but rather a type of
cryptographic protocol.
