Cryptography Reference
In-Depth Information
cryptographers who are only able to talk about stream ciphers, cryptographers who
are only able to talk about block ciphers, cryptographers who are only able to talk
about modes of operation for these block ciphers, cryptographers who only work
on RSA, cryptographers who only work on ECC, and so on. There are plenty of
cryptographical fields of study that are populated with small research communities.
This development goes hand in hand with the maturity level of a particular science. If
somebody wants to get into cryptographic research, then he or she must first select a
particular problem on which to work. Sometimes these problems are so specific that
it is difficult to see the forest for the trees.
21.1
THEORETICAL VIEWPOINT
From a theoretical viewpoint, a central theme in cryptographic research is provabil-
ity. How can one define security, and how can one prove that a given cryptographic
system is secure in exactly this sense? Shannon introduced information theory to
precisely define the notion of perfect secrecy (see Definition 10.1). Other researchers
have done similar things for PRBGs, asymmetric encryption systems, DSSs, and
many other cryptographic systems.
In modern cryptography, one often assumes that a particular (mathematical)
problem is intractable, and one then shows that a cryptographic system is secure as
long as this intractability assumption holds. For example, assuming that the DHP
is intractable, we showed that the ElGamal public key cryptosystem is secure (see
Theorem 14.2). Furthermore, it is sometimes assumed that a cryptographic hash
function behaves like a random function (in addition to the intractability assumption
of the underlying mathematical problem), and one is then able to show that a
cryptographic system is secure in the random oracle model (see Section 13.3 for
a corresponding overview). There are other ideas to define the notion of security
with respect to a particular cryptographic system or class of such systems (e.g.,
computational indistinguishability). Furthermore, formal methods play a central role
when one elaborates on the security of complex cryptographic protocols. In many
areas, we are only at the beginning of understanding and defining the notion of
security in a mathematically precise sense. But this is what modern cryptography
is all about: finding definitions for security and proving that certain cryptographic
systems meet these definitions.
Against this background, it is important to note that it has not been possible
to provide an absolute proof for the security of a cryptographic system. We are
only able to prove the security (properties) of a cryptographic system if we make
assumptions. Some of these assumptions are implicit (and appear too trivial to be
mentioned in the first place). For example, when we talk about encryption systems,
