• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Latest trends in Cryptography

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
BlueFin
Just Arrived
Just Arrived


Joined: 08 Jun 2004
Posts: 0


Offline

PostPosted: Tue Jun 08, 2004 5:44 pm    Post subject: Latest trends in Cryptography Reply with quote

Hello to everyone.

I'm doing my undergraduate project on cryptography and I wanted to ask if anyone knows an good resource, or even tell me what the latest trends are in cryptography.

Regards
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Wed Jun 09, 2004 9:25 am    Post subject: Reply with quote

hi,

Bruce scheier's book on Applied Cryptography is a good resource on protocols and algorithms in C. I suppose Justin will have an encyclopedia list of excellent pointers to crypto sites.

Its even better that you do theorotical work in crypto and come with a result, comparison or analysis. My university was never happy unless they see code. So,check up just-in case. Smile

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Wed Jun 09, 2004 10:24 am    Post subject: A lot to talk about. Reply with quote

Be careful when reading Schneier's Applied Cryptography. It is the seminal work on how to approach cryptography from the ecyclopaedic angle, but it was written over a decade ago, and much of the information was based on pre-fresh knowledge of cryptographic concepts, and often incorrect. In some cases, it's only mild, where cryptanalysis has only enhanced minimally for a given area. On the other hand, in different cases, it's severe, where cryptanalysis has enhanced monumentally since the mid '90s, thus changing the entire perspective of security for a given area. This title was informative and the best of what we knew about cryptography in the public scene, for the time period it arose in. You're going to have to take this book with a grain of salt, and consider the 10+ year gap since it first went into print. What we know now, compared to what we knew then, is exponential. We now have a myriad of algorithms and protocols that weren't yet published back then, which is a result of what this gap has rendered. A bulk of it is still sound, and it makes for a great primer, but if you want something similar, with the familiar encyclopaedic feel, consider Modern Cryptography, by Wenbo Mao. It contains much more mathematics and security proofs than Applied Cryptography, and is just as dissimilar as it is similar, but as an undergraduate, you should have enough base-knowledge of mathematics to follow along. It's really a great read, overall.

Aside from these, and other titles that I've suggested throughout this forum, I also recommend anything by Springer-Verlag, which I briefly discussed in this particular thread. If you are looking for the absolute latest "trends" and cryptanalytical advancements, this is the de facto source. If it isn't financially practical to, or you don't have the time to, spend the time and cash to obtain books, lecture notes, white papers, et cetera, you may want to peruse our section on cryptography-related links, and refer to the sites of Terry Ritter and John Savard, for highly extensive, and informative, sections on cryptographic concepts, both textual and graphical, as well as all the necessary terminology to help you along the way. Many of the other links are extremely useful as well. Another route would be to directly refer to the cryptanalyses of the pioneers of cryptography, which are trivially found via Google, such as Biham, Shamir, Schneier, Preneel, Knudsen, Rivest, Adleman, Wagner, Rogaway, Bellare, Matsui, Vanstone, Menezes, van Oorschot, Lai, Massey, Rijmen, Daemen, Diffie, Hellman, Merkle, Anderson, Ferguson, and Lucks, just to name a very small hand-full.

Setting aside resources for a moment, many of the latest "trends" we use aren't really new at all. Many of them stem from ideas tossed around in the 1970's (which ultimately has foundational ties to centuries upon centuries ago), and many are just now being trusted from more post-conception analysis within the last two decades. In cryptography, everything is an extension of a past something, so to understand the latest, you'll need to go nostalgic with it.

To narrow things down - what are the constraints of your project? What type of things did you have in mind? Do you want to be specific, or general? A little about a lot of things or a lot about a single thing or two? There are many interesting concepts you could discuss, as trends that have turned the community's cryptanalytical eye as of late, and if you could let us know a bit more about what you're after, or lend any ideas you have of your own, we could point you to such concepts.
Back to top
View user's profile Send private message Visit poster's website
BlueFin
Just Arrived
Just Arrived


Joined: 08 Jun 2004
Posts: 0


Offline

PostPosted: Wed Jun 09, 2004 3:05 pm    Post subject: Reply with quote

Thanks for info, JustinT & datah.

Just to give a background on my dissertation it's related to applying permissioning to a inhouse real-time distribution system. Basically a design and build project but I've broken down the permissioning aspect to three topic literature review;
Authentication
Access Control Models
Cryptography

So my depth of cryptography will be limited, I'd say to application, rather then mathematics of it and which would be suitable to applying to the real-time system.
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Wed Jun 09, 2004 4:50 pm    Post subject: Reply with quote

hi,

Authentication can be done using digital signatures. Google for FIPS 180-2 and DSA( Digital Signature Algorithm)

Access control modes usually comes with multi level security. See that you always follow the star property, i.e no read up and no right down.

Secrecy is another component of cryptography that can be acheived by encryption. You might need to implement both symmetric and asymmetric key algorithms for that since asymetric algorithms are multi magnitude slower that symmetric algorithms. So, we use asymmetric algorithms for key sharing and symmetric algorithms there after.

Since its a distributed system, key management will be difficult if you have a large number of nodes.

For each node to share a secret key with every other node, we need
[n(n-1)]/2 keys in all. So think about how you are going to distribute the keys as well as manage them.

Hope this helps.

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
super
Just Arrived
Just Arrived


Joined: 27 Apr 2003
Posts: 0


Offline

PostPosted: Thu Jun 10, 2004 9:46 pm    Post subject: Reply with quote

The original edition of Applied Cryptography may have been written over a decade ago but I believe the latest edition (the "red" book) is relatively contemporary.

Recently, DNA computing has been receiving a considerable amount of attention. Although the technology is still in its developmental phases, it will be quite useful as it relates to cryptanalysis and other areas of study.
Len Adleman, the "A" in the RSA algorithm, has shown that 56-bit DES
can be easily cracked in O(1) time complexity. Other researchers are applying this to various algorithms. My home page currently contains links to introductory and research documents in this area.

http://www.innu.org/~super
Back to top
View user's profile Send private message Visit poster's website
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Sun Jun 13, 2004 4:48 pm    Post subject: Reply with quote

Quote:
Len Adleman, the "A" in the RSA algorithm, has shown that 56-bit DES
can be easily cracked in O(1) time complexity.


O(1) means a constant c*1 time=C amount of time. What is the value of the constant. The statement doesnt make mush sense.

Its like saying a 448 bit blowfish encrypted message needs a constant time to be bruteforced,i.eO(1) time='c' time, which happens to be the same time for an exhaustive key search. Otherwise what you are saying is that breaking the algorithm is independent of the key length, what did you mean by the statement?

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
super
Just Arrived
Just Arrived


Joined: 27 Apr 2003
Posts: 0


Offline

PostPosted: Tue Jun 15, 2004 8:23 am    Post subject: Reply with quote

datah wrote:

O(1) means a constant c*1 time=C amount of time. What is the value of the constant. The statement doesnt make mush sense.


Right, O(1) is constant time. Typical complexity notation is a simplified recurrence relation with unbound variables and low-order terms dropped. Therefore, O(k) = O(1) where k is a constant natural number. I suppose one could write O(2) but that is rather ambiguated because algorithmic complexity is computed as a function of the input size. Note that the algorithm will not know the dimensions of the given input until the time of invocation. So, yes, O(1) will take only one step no matter what the size of the input happens to be.

datah wrote:

Its like saying a 448 bit blowfish encrypted message needs a constant time to be bruteforced,i.eO(1) time='c' time, which happens to be the same time for an exhaustive key search. Otherwise what you are saying is that breaking the algorithm is independent of the key length, what did you mean by the statement?
Data.


Not exactly. A brute force search on a sequential computing device such as a silicon computer is an NP-complete problem. This means that it executes in non-deterministic polynomial time and belongs to both the NP and NP-hard problem classes. The upper bound for an NPC problem is exponential as denoted by the omicron expression O(k**n) where k is constant and n is an unbound natural number.

Breaking a symmetric block cipher in this manner is dependent upon both the implementation of the algorithm and the key length. In the case of cracking DES with DNA, the time complexity really is only one step. For a biological lab procedure two test tubes are simply poured together and the key is read with something like 2DGE. This is possible because one gram of the organic material contains enough DNA strands to represent the entire DES keyspace. In other words, it's like looking down on all the keys at once. See Adleman's paper "On Applying Molecular Computation to the Data Encryption Standard" for a more thorough treatment of this technique. I did not mean that breaking any encryption has already been proved to be in O(1). Nevertheless, it has been shown that DES can be broken in O(1). I can imagine that writing an efficient algorithm to break 448-bit Blowfish would be a daunting task, let alone in constant time. Until such a program is implemented I will keep an open mind. Wink
Back to top
View user's profile Send private message Visit poster's website
Matt Crypto
Just Arrived
Just Arrived


Joined: 17 May 2004
Posts: 0


Offline

PostPosted: Tue Jun 15, 2004 4:44 pm    Post subject: Reply with quote

For new trends in crypto, you can find disucssion at the Stork project ("strategic roadmap for crypto"):
http://www.stork.eu.org/documents.html
Back to top
View user's profile Send private message
Dark-Avenger
Just Arrived
Just Arrived


Joined: 21 Apr 2003
Posts: 0
Location: France

Offline

PostPosted: Tue Jun 15, 2004 6:21 pm    Post subject: Reply with quote

Koblitz's books are very goods
Back to top
View user's profile Send private message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Wed Jun 16, 2004 3:44 am    Post subject: Still not fresh enough. Reply with quote

super wrote:
The original edition of Applied Cryptography may have been written over a decade ago but I believe the latest edition (the "red" book) is relatively contemporary.


Relatively contemporary for whom?

The short time span between the editions was still much too short to have captured the significant cryptanalysis that followed. Even though this book is a definitive and friendly must-have, on top of being the seminal work of its kind, it is just as dangerous as it is useful. There are many critical flaws in the philosophies proposed, and most who read the book fail to realize this gap of research, yet take it for the gospel, from cover to cover. It used to be a book fit for beginner's to read; now, it takes a seasoned researcher of the field, to be able to discern between which sections of advice are secure or insecure.

Doing a quick juxtaposition of the second edition of Bruce Schneier's Applied Cryptography, and Wenbo Mao's Modern Cryptography, will easily show this. If you want a similar tone, and updated follow-up on just how serious this is, juxtapose it with Practical Cryptography, which was co-authored by Schneier as well.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register