From: Kristian Gj�steen on
Fiziwig <fiziwig(a)gmail.com> wrote:
>Are there educational resources I can consult to learn how to decide
>if a given method of enciphering is strong or weak? As for level, I
>have an MS in comp sci with some graduate level math and number
>theory,

I know only of Schneier's self-study guide,

http://www.schneier.com/paper-self-study.html

which is somewhat old and doesn't (I think) deal with stream ciphers.

--
kg
From: Mok-Kong Shen on
Fiziwig wrote:
> Is there a good source for information about deciding how secure a
> cipher is?

I am ignorant of any really satisfactory answer. I surmise though that
the issue is somewhat yet analogous to that that confronted the
engineers constructing bridges etc. before the begin of mechanical
science. (Note though that some of their works stand fest even to this
day.) But even in modern days, WTC was secure until the technique with
the airplanes was discovered, rendering it to collapse like a child's
toy. RSA is safe because its key length is way ahead of the known
records of factorization, if I don't err. (But can one ever be sure
that there don't exist unknown records?)

M. K. Shen
From: Joseph Ashwood on
"Fiziwig" <fiziwig(a)gmail.com> wrote in message
news:47e3e79b-d9d7-4797-a375-182cf7c445f2(a)o7g2000prg.googlegroups.com...
> Is there a good source for information about deciding how secure a
> cipher is?

There have been a lot of attempts over the years to create a checklist for a
secure cipher, but all they really do is set a bar somewhere below secure.

For specific cipher types there has been more headway. For a Feistel type
cipher there are numerous methods to check the differential and linear
characteristics, although this doesn't dictate that a cipher is secure, it
does form a minimum limit. For Wide Trail designs, Joan Daemen has done
extensive work as a part of a PhD thesis, but again this forms only a
baseline. Both of these have significant weaknesses, Feistels are often
subject to boomerang and slide attacks that are virtually impossible to
systematically check for, Wide Trail designs have a tendancy towards
saturation attacks.

The most widely known examples have always included requirements like the
Strict Avalanche Critereon, but that one in particular there is growing
evidence that SAC is not a requirement for security but instead an artifact
of one particular method of achieving security. If anything such lists
actually make it more difficult.

At an extreme/absurd level there is one option, if you can successfully
prove both P=\=NP and the existence of entropy, then secure ciphers exist.
It is generally believed that both of these are true, but without absolute
proof there is some doubt, however miniscule.

For now the only way of judging that a cipher is secure is to subject it to
open study by thousands of individuals.
Joe