Scribd Logo
Upload

Welcome to Scribd!

  • Twenty Years of Cryptography in The Open Literature

    Uploaded by

    anwar khan
    16 views2 pages
    This document summarizes cryptography research from 1973 to 1999 that was published in open literature. It discusses early works on one-way functions, public key cryptography by Diffie-Hellman and RSA, and the development of threshold schemes and digital signatures. It also notes that while security proofs were hoped for, cryptosystems like DES and knapsack ended up being broken or relying on increasingly long keys. Overall, the document argues that cryptosystems have "lifetimes" of security rather than perpetual proofs.

    Original Description:

    Original Title

    twenty-years-of-cryptography-in-the-open-literature

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes cryptography research from 1973 to 1999 that was published in open literature. It discusses early works on one-way functions, public key cryptography by Diffie-Hellman and RSA, and the development of threshold schemes and digital signatures. It also notes that while security proofs were hoped for, cryptosystems like DES and knapsack ended up being broken or relying on increasingly long keys. Overall, the document argues that cryptosystems have "lifetimes" of security rather than perpetual proofs.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views2 pages

    Twenty Years of Cryptography in The Open Literature

    Uploaded by

    anwar khan
    This document summarizes cryptography research from 1973 to 1999 that was published in open literature. It discusses early works on one-way functions, public key cryptography by Diffie-Hellman and RSA, and the development of threshold schemes and digital signatures. It also notes that while security proofs were hoped for, cryptosystems like DES and knapsack ended up being broken or relying on increasingly long keys. Overall, the document argues that cryptosystems have "lifetimes" of security rather than perpetual proofs.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Twenty Years of Cryptography in the Open Literature

    G. R. Blakley
    Department of Mathematics
    Texas A&M University
    College Station, TX 77843-3368
    blakley@math.tamu.edu

    1. Introduction 2. 1973 to 1980

    This paper concentrates on the real-world problems cre- In 1974, George Purdy [1012] published a high-security
    ated in the last two decades by cryptographers who publish log-in scheme based on sparse polynomials over finite
    in the open literature, and mentions only incidentally what fields, and therein publicized the idea (though not the ter-
    gave rise to these problems – the solutions we gave to vari- minology) of a one-way function.
    ous theoretical problems. often of our own posing. In 1976, Whitfield Diffie and Martin Hellman [0345] in-
    For the last twenty years, the annual IEEE Symposia on troduced the general ideas of one-way function, of trapdoor
    Security and Privacy have provided us with a stimulating one-way function, and of digital signature, and introduced
    and encouraging environment within which to expand cryp- an exponentiation-based key exchange scheme.
    tography’s structure and visibility, while exposing us to crit- The (then) U. S. National Bureau of Standards adopted
    icism from workers in other security-related areas. Cryptog- an algorithm designed largely by IBM as a federal Data En-
    raphy has been an important component of S&P, but seldom cryption Standard in 1977.
    a major one. Much work mentioned below is from confer- In 1978, Ron Rivest, Adi Shamir and Len Adleman
    ences other than S&P. But S&P’s influence has been ubiq- published their public-key (i.e. unsymmetric, i.e. two-key)
    uitous and formative for the worldwide community of open number theoretic cryptosystem based on exponentiation,
    literature cryptographers. which gained lasting celebrity for its bijective feature,
    To set the problems stage, here are six propositions for which suited it well to digital signatures, among other
    consideration, not necessarily for acceptance. things.. That same year, Ralph Merkle and Hellman pub-
    I. Not all secrecy or authentication or integrity systems lished [0857] their trapdoor knapsack public key cryptosys-
    have security proofs, but all have lifetimes. tem.
    II. The signing (decrypting) functions and the sealing In 1979, Adi Shamir [1110] and I [0148] published
    (encrypting) functions of public key cryptosystems or dig- threshold schemes, the type of cryptographic object most
    ital signature schemes are quite different replacements for naturally capable of provably exhibiting Shannon perfect
    glued envelopes or inked signatures. They aren’t merely security.
    variant forms of these old-fashioned objects. By 1980, people were arguing that perhaps even cryp-
    III. Bandwidth expansion is not necessarily either a tosystems could be shown secure – by means of complex-
    drawback or a strength of a system, merely a feature. ity theory or other approaches. However, in 1980, Shimon
    IV. Shannon perfect security of a system is based on the Even and Yacov Yacobi published [0379] an example of a
    (often false) assumption that no attacker can do better than cryptosystem which is NP hard to break but almost always
    model the “random” numbers the system user employs as easy to break. To many, this looked like support for Bob
    independent uniformly distributed random variables. Morris’ asseveration that secrecy systems typically have
    V. The Kerckhoffs principle is neither a correct descrip- lifetimes, rather than proofs which guarantee their security
    tion of, nor a self-evident prescription for, all secrecy sys- forever.
    tem design projects.
    VI. A billion dollars is tons of money. So you can’t loot 3. 1980 through 1999
    a big vault in a trice. “Ponderability” is neither a drawback
    nor a virtue of gold or of paper money. It is merely a feature, Some of the important developments in cryptography
    which can be mimicked electronically. over the twenty year lifetime of S&P to date are the fol-
    lowing. we might want to do a bandwidth-cost/security-benefit anal-
    George Davida, Richard DeMillo and Richard Lipton de- ysis of this approach to cryptosystem design.
    livered a paper [0003] to the first S&P symposium, in 1980. Shannon perfect security imposes a bandwidth expan-
    Davida pointed out at S&P that threshold schemes could sion cost which may be prohibitive in some applications.
    exhibit types of security very far from Shannon perfect se- As regards Proposition IV, secret sharers may want to re-
    curity,viz. merely cryptographic security. In 1983, E. D. place Shannon perfect security with less stringent types of
    Karnin, J. W. Greene and Hellman, also discussed threshold security, as well as to accept degraded modes of secret re-
    schemes involving merely cryptographic security [0662]. covery, in order to enhance various types of functionality.
    In 1984 Catherine Meadows and I generalized thresh- Major, sophisticated governments with important inter-
    old schemes to ramp schemes [0151], which are more eco- ests design cryptosystems secretly in-house. As regards
    nomical than threshold schemes, but exhibit only Shannon Proposition V, we need a less worshipful, more mathemati-
    relative security. In 1987, Ito, Saito and Nishizeki pub- cal, view of the Kerckhoffs approach– perhaps a Kerckhoffs
    lished a paper [0625] on access structures, a generalization “phase diagram” which instructs many of the small players
    of threshold schemes in yet another direction – one in which to use secrecy systems with publicized design principles,
    coalitions of very different size levels have the same power but assures some of the big players that they are well ad-
    to reveal the secret. In the 1990s, Gus Simmons [1141, vised to use home-grown systems whose design principles
    1142, 1145] published very significant real-world-grounded are secret.
    investigations of access structures. Some vaults are, or should be, bulky places full of bulky
    The only PKC to rival knapsack and RSA in popularity things. Access structures constitute a naturally bulky, nat-
    has been the 1985 elliptic curve PKC due to V. S. Miller urally secure cryptographic storage vehicle. They can be
    [0878], and extensively investigated by Neal Koblitz [0695] artificially bulked up to any desired degree of bandwidth
    and others. expansion. As regards Propositions III and VI, Bob Blakley
    In 1994, the National institute of Standards and Tech- [0001] argues that electronic money could be stored elec-
    nology (the successor of NBS) adopted a Digital Signature tronically so that even an allowed coalition can only carry
    Standard, and is now proceeding toward adoption of an Ad- out the vault’s contents at a certain rate because of band-
    vanced Encryption Standard which will to some extent re- width constraints. An access structure vault which could not
    place DES, which is nearing the end of its useful life. release more than a million dollars an hour would be neither
    a blessing nor a curse. It would simply have a depletion-rate
    4. After 1999 feature, which hinders looting.

    DES offered no security proofs. The hoped-for proofs 5. References


    to back up knapsack or RSA security never materialized.
    The one is, for many practical purposes, broken. And the 0001 Bob Blakley, The emperor’s old armor, in Proceedings of the
    other relies on increasingly lengthening keys (thousands of ACM New Security Paradigms Workshop, 1996, ACM Press
    (1977), pp.
    bits for some current applications). As regards Proposition
    I above, it looks as if Morris was right. Security proofs 0002 G. R. Blakley and I. Borosh, A General theory of codes,
    haven’t lived up to our hopes. But lifetimes are everywhere. I, Basic concepts, in Contributions to General Algebra 10,
    Proceedings of the Klagenfurt Conference, May 29 - June
    As regards Propositions I and II, systematic purposeful
    1, 1997, Verlag Johannes Heyn, Klagenfurt, Austria (1988),
    routine disavowal of PKC keys does not get enough atten-
    pp. 1–29.
    tion. And the real worth of PKCs may not be fully realized
    0003 G. I. Davida, R. DeMillo and R. Lipton, Protecting shared
    in the real world until we look more closely at every way in
    cryptographic keys, in Proceedings of the 1980 Symposium
    which digital signatures differ from inked or stamped sig-
    on Security and Privacy, IEEE Computer Society, Long
    natures, and public key encryption differs from sealed en- Beach, California (1980), pp. 100–102.
    velopes. Also, individual PKC encryptions and digital sig-
    0004 A. J. Menezes, P. C. van Oorschot and S. A. Vanstone, Hand-
    natures, or even the keys used, may have to bear “use by”
    book of Applied Cryptography, CRC Press, Boca Raton,
    dates like those on dairy products. Florida (1997), xxviii + 780 pages.
    Memory and bandwidth are cheap. Who needs slavish
    adherence to the no-bandwidth-expansion paradigm which To keep this paper short, every other reference is of the
    has recently been so dominant in cryptosystem design? The form [wxyz], and is one of the 1276 serially numbered ref-
    general theory of codes [0002] suggests that we can now erences to be found on pages 703 - 754 of reference [0004]
    incorporate homophone and polyphones, nulls and voids immediately above. Thus [0345] is the 1976 Diffie/Hellman
    [0002] into today’s cryptosystem design in such a manner New directions in cryptography IEEE IT paper cited on
    as to increase unicity distance. As regards Proposition III, page 717 of [0004].

    You might also like