Crypto U3, Theoretical vs. Practical Security

Description

IYM002 (Unit 3 - Further basics of Crypto Design) Mind Map on Crypto U3, Theoretical vs. Practical Security, created by jjanesko on 31/03/2013.
jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko almost 12 years ago
120
12

Resource summary

Crypto U3, Theoretical vs. Practical Security
  1. perfect secrecy
    1. Attacker gets no info about the plaintext by observing the ciphertext, other than what was was known before the ciphertext was cobserved.
      1. Gordon's "flash math" version of perfect secrecy

        Annotations:

        • [Image: https://lh5.googleusercontent.com/-bm3mNTn_vpY/UVf2zUjHt8I/AAAAAAAAAbM/2PH9xvxP4QQ/s582/flashymathdefinitionofperfectsecrecy.png]
      2. in theory, there exists unbreakable cryptosystems
        1. perfectly secret
          1. one time pad
            1. each letter of a plaintext is transformed with a randomly generated key that is the same length as the plaintext
              1. practical problems
                1. key establishment expensive (creating random sequences)
                  1. key distribution a challenge (key changes each time)
                    1. key length potentially very large
                    2. OTP
                  2. practical security
                    1. COVERAGE what is the covertimeneeded for the plaintext?
                      1. design system to protect against known attacks that would result in plaintext compromise in shorter than covertime
                      2. computational complexity
                        1. algorithm complexity
                          1. for each possible input to the algorithm, the amount of time it takes to run
                            1. length of input measured in bits
                          2. mathematical complexity - algorithms can be run in
                            1. polynomial time
                              1. a algorithm that can usually be run in real time with any sized input
                                1. "time taken to execute process for an input of size n is not greater than n^r for some number r"
                                  1. example: multiplication, addition
                                  2. expontential time
                                    1. an algorithm that cannot be run in "real" time with most inputs
                                      1. "if the time taken to execute the process for an input of size n is approximately a^n for some number a"
                                        1. example: factorization
                                          1. Just because an algorithm is exponentially hard, it does not mean that it is impossible to solve for all values.
                                      2. computing exhaustive key search time
                                        1. need
                                          1. algorithm complexity
                                            1. computer speed
                                            2. example
                                              1. general algorithm complexity forkey search is 2^n
                                                1. our example key length is 30, so the complexity for this example is n^30
                                                  1. our example computer does 1,000,000 operations per second
                                                    1. So, 2^30 / 10^6 = roughly 1000 seconds
                                            3. EVOLUTION when designing algorithms, take into consideration current and emerging state of processing power in computers
                                              1. when designing cryptosystems, make sure that the implementation does not undermine the power of the algorithms used
                                                1. practice good key management
                                                Show full summary Hide full summary

                                                Similar

                                                Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
                                                jjanesko
                                                Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
                                                jjanesko
                                                Crypto U1, Basic Principles
                                                jjanesko
                                                Crypto U4, Stream Cipher
                                                jjanesko
                                                Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
                                                jjanesko
                                                Crypto U4, Block Cipher, Counter Mode
                                                jjanesko
                                                Crypto U2, Crypto design principles
                                                jjanesko
                                                Crypto U8, example dynamic password scheme
                                                jjanesko
                                                Crypto U10 (part 1), Key Management & Lifecycle
                                                jjanesko
                                                Crypto U10 (part 2), Key Management and Lifecycle
                                                jjanesko
                                                Crypto U8 (part 3), entity authentication
                                                jjanesko