Provable security and other problems in modern cryptography

Step 3: Implement the Functions Using Generic Procedures

This step refers to the basic cryptographic building blocks, such as private key encryption, message authentication codes, hash functions, or signature schemas. Defining generic procedures helps you understand which security property of the underlying building block is used to achieve a certain security property of the new system.

The design has to work independently of specific procedures, since it is always possible for individual procedures to be broken. For example, researchers recently found the first attacks on the SHA-1 hash function. Developing a completely new system because individual components have been broken is simply too expensive. Moreover, the insecurity of individual instances does not alter the fact that the concept as such is secure. To illustrate this point, just briefly think about the example of fire protection. Just because the material of an individual door proved not to be fireproof does not mean that the entire strategy, which envisaged a fireproof door at a particular location, is wrong.

Step 4: Formal Mathematical Proof of Security

After the formal specification of the security properties and the design, formal mathematical proof of security follows in the fourth step. This step confirms that the design satisfies the desired safety properties. Formal proof provides a one-to-one mapping between the security properties of the underlying cryptographic building blocks and the security properties that the system is intended to achieve. Formally verifying the security uncovers design flaws. If the security properties of the underlying cryptographic building are not applied, there is a flaw in the design, and there is most likely a more efficient solution.

Step 5: Instantiate the Implementation

Once the formal security of the system has been established, it is necessary to instantiate the generic cryptographic building blocks with specific cryptographic procedures. For example, a generic encryption schema with a private key is introduced, and this building block is implemented in practice using AES. Since generic building blocks work with abstract objects (such as "a private key" or "a ciphertext"), you need to translate these objects into concrete instances. For example, the object "public key encryption scheme" is instantiated with an ElGamal encryption scheme [2].

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Web Cryptography API

    The controversial Web Cryptography API offers flexible encryption for web applications, but it also lays the groundwork for content providers to implement more powerful access restrictions through DRM.

  • Quantum Computing and Encryption

    The encryption methods we use today are no match for tomorrow's quantum computers. We'll show you why and what's ahead for cryptography in the post-quantum era.

  • DM-Crypt

    If you’re serious about keeping secrets, try hard disk encryption with DM-Crypt and LUKS.

  • OpenSSH 5.2 Secured and Tuned

    Even though the OpenSSH project emphasizes that the focus of 5.2 is bug fixes to the 5.1 version, 5.2 does contain some notable enhancements.

  • Cryptomator

    Make files fit for the cloud with Cryptomator by encrypting content and obscuring the name and size of each file.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More