slides9

slides9 - CS 531, Fall 2007 Unconditional Security (Cont.)...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
in general, encryption schemes do not offer perfect secrecy Unconditional security (cont. ..) each ciphertext character observed descreases the theoretical uncertainty in the plaintext and the encryption key T 1 Unconditional Security (Cont. ..) CS 531, Fall 2007 Copyright © William C. Cheng public-key encryption schemes cannot be unconditionally secure given a ciphertext c , the plaintext can in principle be recovered by encrypting all possible plaintexts until c is obtained cannot do this with secret-key schemes because the key is not available
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
T 2 Complexity-theoretic Security CS 531, Fall 2007 Copyright © William C. Cheng adversaries are modeled as having polynomial computational power i.e., they mount attacks involving time and space polynomial in the size of appropriate security parameters Complexity-theoretic security asymptotic analysis & worst-case analysis is often used care must be exercised to determine when proofs have practical significance security analysis may not be of practical value in all cases but may leads to better overall understanding polynomial attacks which are feasible under the model might be computationally infeasible in practice complexity-theoretic analysis is invaluable for formulating fundamental principles and confirming intuition (after techniques are discovered)
Background image of page 2
a cryptographic method is said to be provably secure if the diffuculty of defeating it can be shown to be essentially as difficult as solving a well-known and supposedly difficult (typically number-theoretic) problem Provable security such as integer factorization or discrete logarithm some considers this to be the most practical analysis provable subject to assumptions T 3 Provable Security CS 531, Fall 2007 Copyright © William C. Cheng
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
T 4 Computational Security CS 531, Fall 2007 Copyright © William C. Cheng measures the amount of computational effort required to defeat a system by the best currently-known methods Computational security must be assumed that the system has been well-studied to determine which attacks are relevant a technique is said to be computationally secure if the perceived level of computation required to defeat it (using the best attack known) exceeds, by a comfortable margin, the computational resources of the hypothesized adversary often methods in this class are related to hard problems but no proof of equivalence is known most of the best known public-key and symmetric-key schemes in current use are in this class (sometimes called practical security )
Background image of page 4
T 5 Ad Hoc Security CS 531, Fall 2007 Copyright © William C. Cheng consists of convincing arguments that every successful attack requires a resource level greater than the fixed resources of a perceived adversary claims of security generally remain questionable and unforeseen attacks remain a threat Ad hoc security cryptographic primitives and protocols which survive such analysis are said to have heuristic security (typically in the computational sense)
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/05/2008 for the course CSCI 531 taught by Professor Cheng during the Spring '08 term at USC.

Page1 / 20

slides9 - CS 531, Fall 2007 Unconditional Security (Cont.)...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online