Cryptography Reference
In-Depth Information
a message, then he or she must certainly be considered to be successful.
There are, however, also weaker notions of successful attacks. For example, in
modern cryptography one usually defines a theoretically perfect ideal system
and says that the adversary is successful if he or she can tell it apart from a real
system (i.e., decide whether he or she is interacting with a real system or an
ideal system). If he or she cannot tell the systems apart, then the real system
has all relevant properties of the ideal system (at least for a computationally
bounded observer), and hence the real system is arguably as secure as the ideal
one. Many security proofs follow this line of argumentation.
Strong security definitions are obtained when the adversary is assumed to be
as powerful as possible, whereas the task he or she must solve is assumed to be as
simple as possible. Taking these notes into account, a secure cryptographic system
can be defined as suggested in Definition 1.8.
Definition 1.8 (Secure cryptographic system)
A cryptographic system is
secure
if
an adversary with specified capabilities is not able to break it, meaning that he or
she is not able to solve the specified task.
Depending on the adversary's capabilities, there are two basic notions of
security for a cryptographic system.
Unconditional security:
If the adversary is not able to solve the task even with
infinite computing power, then we talk about
unconditional
or
information-
theoretic security
. The mathematical theories behind this type of security are
probability theory and information theory, as briefly introduced in Chapters 4
and 5.
Conditional security:
If the adversary is theoretically able to solve the task, but it
is computationally infeasible for him or her (meaning that he or she is not able
to solve the task given his or her resources, capabilities, and access to a priori
or side information), then we talk about
conditional
or
computational secu-
rity
. The mathematical theory behind this type of security is computational
complexity theory, as briefly introduced in Chapter 6.
Interestingly, there are cryptosystems known to be secure in the strong sense
(i.e., unconditionally secure), whereas there are no cryptosystems known to be
secure in the weak sense (i.e., computationally secure). Not even the existence of
conditionally or computationally secure cryptosystems has formally been proven
so far. The underlying problem is that it is generally not possible to prove lower
bounds for the computational complexity of a problem (this is an inherent weakness
of complexity theory as we know and use it today).
