Cryptography Reference
In-Depth Information
tion phase, individual keys can be found much more quickly. TMTO attacks were
originally proposed by Hellman [91] and were improved with the introduction of
distinguished points by Rivest [145]. More recently rainbow tables were proposed
to further improve TMTO attacks [131]. A limiting factor of TMTO attacks in prac-
tice is that for each individual attack it is required that the same piece of known
plaintext was encrypted, e.g., a file header.
Block Ciphers and Quantum Computers
With the potential rise of quantum
computers in the future, the security of currently used crypto algorithms has to be
reevaluated. (It should be noted that the possible existence of quantum computers in
a few decades from now is hotly debated.) Whereas all popular existing asymmetric
algorithms such as RSA are vulnerable to attacks using quantum computers [153],
symmetric algorithms are much more resilient. A potential quantum computer us-
ing Grover's algorithm [87] would require only 2
(
n
/
2)
steps in order to perform a
complete key search on a cipher with a keyspace of 2
n
elements. Hence, key lengths
of more than 128 bit are required if resistance against quantum computer attacks
is desired. This observation was also the motivation for requiring the 192-bit and
256-bit key lengths for AES. Interestingly, it can be shown that there can be no
quantum algorithm which performs such an attack more efficiently than Grover's
algorithm [16].
5.5 Lessons Learned
There are many different ways to encrypt with a block cipher. Each mode of
operation has some advantages and disadvantages.
Several modes turn a block cipher into a stream cipher.
There are modes that perform encryption together together with authentication,
i.e., a cryptographic checksum protects against message manipulation.
The straightforward ECB mode has security weaknesses, independent of the un-
derlying block cipher.
The counter mode allows parallelization of encryption and is thus suited for high-
speed implementations.
Double encryption with a given block cipher only marginally improves the resis-
tance against brute-force attacks.
Triple encryption with a given block cipher roughly
doubles
the key length.
Triple DES (3DES) has an effective key length of 112 bits.
Key whitening enlarges the DES key length without much computational over-
head.
