View previous topic :: View next topic 
Author 
Message 
BlueFin Just Arrived
Joined: 08 Jun 2004 Posts: 0

Posted: Tue Jun 08, 2004 5:44 pm Post subject: Latest trends in Cryptography 


Hello to everyone.
I'm doing my undergraduate project on cryptography and I wanted to ask if anyone knows an good resource, or even tell me what the latest trends are in cryptography.
Regards


Back to top 


data Forum Fanatic
Joined: 08 May 2004 Posts: 16777211 Location: India

Posted: Wed Jun 09, 2004 9:25 am Post subject: 


hi,
Bruce scheier's book on Applied Cryptography is a good resource on protocols and algorithms in C. I suppose Justin will have an encyclopedia list of excellent pointers to crypto sites.
Its even better that you do theorotical work in crypto and come with a result, comparison or analysis. My university was never happy unless they see code. So,check up justin case.
Data.


Back to top 


JustinT Trusted SF Member
Joined: 17 Apr 2003 Posts: 16777215 Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Posted: Wed Jun 09, 2004 10:24 am Post subject: A lot to talk about. 


Be careful when reading Schneier's Applied Cryptography. It is the seminal work on how to approach cryptography from the ecyclopaedic angle, but it was written over a decade ago, and much of the information was based on prefresh knowledge of cryptographic concepts, and often incorrect. In some cases, it's only mild, where cryptanalysis has only enhanced minimally for a given area. On the other hand, in different cases, it's severe, where cryptanalysis has enhanced monumentally since the mid '90s, thus changing the entire perspective of security for a given area. This title was informative and the best of what we knew about cryptography in the public scene, for the time period it arose in. You're going to have to take this book with a grain of salt, and consider the 10+ year gap since it first went into print. What we know now, compared to what we knew then, is exponential. We now have a myriad of algorithms and protocols that weren't yet published back then, which is a result of what this gap has rendered. A bulk of it is still sound, and it makes for a great primer, but if you want something similar, with the familiar encyclopaedic feel, consider Modern Cryptography, by Wenbo Mao. It contains much more mathematics and security proofs than Applied Cryptography, and is just as dissimilar as it is similar, but as an undergraduate, you should have enough baseknowledge of mathematics to follow along. It's really a great read, overall.
Aside from these, and other titles that I've suggested throughout this forum, I also recommend anything by SpringerVerlag, which I briefly discussed in this particular thread. If you are looking for the absolute latest "trends" and cryptanalytical advancements, this is the de facto source. If it isn't financially practical to, or you don't have the time to, spend the time and cash to obtain books, lecture notes, white papers, et cetera, you may want to peruse our section on cryptographyrelated links, and refer to the sites of Terry Ritter and John Savard, for highly extensive, and informative, sections on cryptographic concepts, both textual and graphical, as well as all the necessary terminology to help you along the way. Many of the other links are extremely useful as well. Another route would be to directly refer to the cryptanalyses of the pioneers of cryptography, which are trivially found via Google, such as Biham, Shamir, Schneier, Preneel, Knudsen, Rivest, Adleman, Wagner, Rogaway, Bellare, Matsui, Vanstone, Menezes, van Oorschot, Lai, Massey, Rijmen, Daemen, Diffie, Hellman, Merkle, Anderson, Ferguson, and Lucks, just to name a very small handfull.
Setting aside resources for a moment, many of the latest "trends" we use aren't really new at all. Many of them stem from ideas tossed around in the 1970's (which ultimately has foundational ties to centuries upon centuries ago), and many are just now being trusted from more postconception analysis within the last two decades. In cryptography, everything is an extension of a past something, so to understand the latest, you'll need to go nostalgic with it.
To narrow things down  what are the constraints of your project? What type of things did you have in mind? Do you want to be specific, or general? A little about a lot of things or a lot about a single thing or two? There are many interesting concepts you could discuss, as trends that have turned the community's cryptanalytical eye as of late, and if you could let us know a bit more about what you're after, or lend any ideas you have of your own, we could point you to such concepts.


Back to top 


BlueFin Just Arrived
Joined: 08 Jun 2004 Posts: 0

Posted: Wed Jun 09, 2004 3:05 pm Post subject: 


Thanks for info, JustinT & datah.
Just to give a background on my dissertation it's related to applying permissioning to a inhouse realtime distribution system. Basically a design and build project but I've broken down the permissioning aspect to three topic literature review;
Authentication
Access Control Models
Cryptography
So my depth of cryptography will be limited, I'd say to application, rather then mathematics of it and which would be suitable to applying to the realtime system.


Back to top 


data Forum Fanatic
Joined: 08 May 2004 Posts: 16777211 Location: India

Posted: Wed Jun 09, 2004 4:50 pm Post subject: 


hi,
Authentication can be done using digital signatures. Google for FIPS 1802 and DSA( Digital Signature Algorithm)
Access control modes usually comes with multi level security. See that you always follow the star property, i.e no read up and no right down.
Secrecy is another component of cryptography that can be acheived by encryption. You might need to implement both symmetric and asymmetric key algorithms for that since asymetric algorithms are multi magnitude slower that symmetric algorithms. So, we use asymmetric algorithms for key sharing and symmetric algorithms there after.
Since its a distributed system, key management will be difficult if you have a large number of nodes.
For each node to share a secret key with every other node, we need
[n(n1)]/2 keys in all. So think about how you are going to distribute the keys as well as manage them.
Hope this helps.
Data.


Back to top 


super Just Arrived
Joined: 27 Apr 2003 Posts: 0

Posted: Thu Jun 10, 2004 9:46 pm Post subject: 


The original edition of Applied Cryptography may have been written over a decade ago but I believe the latest edition (the "red" book) is relatively contemporary.
Recently, DNA computing has been receiving a considerable amount of attention. Although the technology is still in its developmental phases, it will be quite useful as it relates to cryptanalysis and other areas of study.
Len Adleman, the "A" in the RSA algorithm, has shown that 56bit DES
can be easily cracked in O(1) time complexity. Other researchers are applying this to various algorithms. My home page currently contains links to introductory and research documents in this area.
http://www.innu.org/~super


Back to top 


data Forum Fanatic
Joined: 08 May 2004 Posts: 16777211 Location: India

Posted: Sun Jun 13, 2004 4:48 pm Post subject: 


Quote: 
Len Adleman, the "A" in the RSA algorithm, has shown that 56bit DES
can be easily cracked in O(1) time complexity. 
O(1) means a constant c*1 time=C amount of time. What is the value of the constant. The statement doesnt make mush sense.
Its like saying a 448 bit blowfish encrypted message needs a constant time to be bruteforced,i.eO(1) time='c' time, which happens to be the same time for an exhaustive key search. Otherwise what you are saying is that breaking the algorithm is independent of the key length, what did you mean by the statement?
Data.


Back to top 


super Just Arrived
Joined: 27 Apr 2003 Posts: 0

Posted: Tue Jun 15, 2004 8:23 am Post subject: 


datah wrote: 
O(1) means a constant c*1 time=C amount of time. What is the value of the constant. The statement doesnt make mush sense.

Right, O(1) is constant time. Typical complexity notation is a simplified recurrence relation with unbound variables and loworder terms dropped. Therefore, O(k) = O(1) where k is a constant natural number. I suppose one could write O(2) but that is rather ambiguated because algorithmic complexity is computed as a function of the input size. Note that the algorithm will not know the dimensions of the given input until the time of invocation. So, yes, O(1) will take only one step no matter what the size of the input happens to be.
datah wrote: 
Its like saying a 448 bit blowfish encrypted message needs a constant time to be bruteforced,i.eO(1) time='c' time, which happens to be the same time for an exhaustive key search. Otherwise what you are saying is that breaking the algorithm is independent of the key length, what did you mean by the statement?
Data. 
Not exactly. A brute force search on a sequential computing device such as a silicon computer is an NPcomplete problem. This means that it executes in nondeterministic polynomial time and belongs to both the NP and NPhard problem classes. The upper bound for an NPC problem is exponential as denoted by the omicron expression O(k**n) where k is constant and n is an unbound natural number.
Breaking a symmetric block cipher in this manner is dependent upon both the implementation of the algorithm and the key length. In the case of cracking DES with DNA, the time complexity really is only one step. For a biological lab procedure two test tubes are simply poured together and the key is read with something like 2DGE. This is possible because one gram of the organic material contains enough DNA strands to represent the entire DES keyspace. In other words, it's like looking down on all the keys at once. See Adleman's paper "On Applying Molecular Computation to the Data Encryption Standard" for a more thorough treatment of this technique. I did not mean that breaking any encryption has already been proved to be in O(1). Nevertheless, it has been shown that DES can be broken in O(1). I can imagine that writing an efficient algorithm to break 448bit Blowfish would be a daunting task, let alone in constant time. Until such a program is implemented I will keep an open mind.


Back to top 


Matt Crypto Just Arrived
Joined: 17 May 2004 Posts: 0

Posted: Tue Jun 15, 2004 4:44 pm Post subject: 


For new trends in crypto, you can find disucssion at the Stork project ("strategic roadmap for crypto"):
http://www.stork.eu.org/documents.html


Back to top 


DarkAvenger Just Arrived
Joined: 21 Apr 2003 Posts: 0 Location: France

Posted: Tue Jun 15, 2004 6:21 pm Post subject: 


Koblitz's books are very goods


Back to top 


JustinT Trusted SF Member
Joined: 17 Apr 2003 Posts: 16777215 Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Posted: Wed Jun 16, 2004 3:44 am Post subject: Still not fresh enough. 


super wrote: 
The original edition of Applied Cryptography may have been written over a decade ago but I believe the latest edition (the "red" book) is relatively contemporary.

Relatively contemporary for whom?
The short time span between the editions was still much too short to have captured the significant cryptanalysis that followed. Even though this book is a definitive and friendly musthave, on top of being the seminal work of its kind, it is just as dangerous as it is useful. There are many critical flaws in the philosophies proposed, and most who read the book fail to realize this gap of research, yet take it for the gospel, from cover to cover. It used to be a book fit for beginner's to read; now, it takes a seasoned researcher of the field, to be able to discern between which sections of advice are secure or insecure.
Doing a quick juxtaposition of the second edition of Bruce Schneier's Applied Cryptography, and Wenbo Mao's Modern Cryptography, will easily show this. If you want a similar tone, and updated followup on just how serious this is, juxtapose it with Practical Cryptography, which was coauthored by Schneier as well.


Back to top 


