[Cryptography] Which big-name ciphers have been broken in living memory?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Aug 28 08:46:59 EDT 2014
Bear <bear at sonic.net> writes:
>Math doesn't go stale.
Crypto isn't really maths though. PKCs are *based* on maths, but block
ciphers... oh dear, this is going to quickly go down a rathole on what
something like a proof in the standard model actually proves so I won't make
any statements on that, but in any case you're not proving a mathematical
theorem for which either your proof succeeds or fails (with a third case, it
fails but you think it's succeeded due to error) but starting with a
mathematical model and then quickly moving from maths to engineering.
In your mathematical model, computing C = M^e mod n is an O( 1 ) atomic
operation, but in your engineering model it's a non-atomic Montgomery modexp
that's vulnerable to timing attacks, and if you fix that you're still
vulnerable to memory-access-pattern (e.g. cache) attacks, and if you fix that
then you're vulnerable to EM side-channels, and so on.
So maths doesn't go stale, but it's also a very non-representative
representation of what the crypto is doing.
Peter.
More information about the cryptography
mailing list