I was wondering about new trends in cryptography. Which algorithms are new ? Which are improved and which died beacuse of the time that past ? For example EEC ( Elliptic Curve Cryptography ) is quite new approach, but definitly not the only one. Could you name some of them ?
+3
A:
Currently there is the NIST hash function competition running with the goal to find a replacement for the older SHA-1 and SHA-2 functions. So this is about a cryptographic hash function.
You can have a look at the list of the accepted algorithms for round two, and you can get whitepapers to all of the algorithms taking part there.
I am not up-to-date, but I doubt that there are any completely new approaches for the algorithms.
EDIT: Well, one of the candidates was the Elliptic curve only hash, but it is listed under "Entrants with substantial weaknesses" ^^
tanascius
2010-05-25 12:17:04
+8
A:
The main problem of contemporary cryptography is not finding algorithms but whole concepts and approaches for different situations (but of course the algorithms are continually improved too).
We have today
- Symmetric algorithms (AES)
- Asymmetric algorithms (RSA, ECC)
- Key exchange (Diffie-Hellman-Key-Exchange, Shamir's no key protocol)
- Secret sharing (intersection of n-dimensional planes)
- Cryptographic hash functions (SHA)
Some have proven insecure and were improved
- DES due to a much to small key-space
- MD5
and some are broken
- Merke/Hellman knapsack cryptosystem
- Monoalphabetic subsitution
- Naive Vigenère
Which particular algorithm is chosen is often a question of available resources (elliptic curves need smaller keys that RSA algorithm for comparable safety) or just of standardization (as tanascius pointed out, there are competitions for such algorithms). Totally new trends usually start when a whole class of cryptosystems has been shown vulnerable against a specific attack (man-in-the-middle, side-channel) or scientific progress is made (quantum cryptography).
Of course, there is also steganography which doesn't attempt so conceal the content but the existence of a secret message by hiding it in other documents.
Dario
2010-05-25 12:20:09
+1. Very complete answer imho.
ereOn
2010-05-25 12:22:46
If you want a good primer for how AES works, http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html is a solid explanation.
Wayne Werner
2010-05-25 12:29:03
Note that steganography is orthogonal to encryption: Traditional steganography just hides the plaintext, even though you can additionally hide the ciphertext. It's also different to plausible deniability, e.g. as used by TrueCryupt.
tc.
2010-05-25 17:40:36
+10
A:
ECC actually originates from the 80's; it is not exactly new.
In the context of asymmetric encryption and digital signatures, there has been in the last few years much research on pairings. Pairings open up the next level. Conceptually: symmetric cryptography is for problems with one entity (all entities share a secret key, thus they are the "same" entity), asymmetric cryptography is for problems with two entities (the signer and the verifier), and pairings are a tool for protocols with three entities (for instance, electronic cash, where there are the bank, the merchant and the buyer). The only really practical pairings found so far use elliptic curves, but with a much higher dose of mathematics.
As for more classical asymmetric encryption and signatures, there has been some work on many other algorithms, such as HFE, which seems especially good with regards to signature sizes, or lattice-based cryptography. This is still quite new. It takes some time (say a dozen years or so) before a newly created algorithm becomes mature enough to be standardized.
Following work by Bellovin and Merritt in 1992, some Password Authenticated Key Exchange protocols have been described. These protocols are meant to allow for password-based mutual authentication immune to offline dictionary attacks (i.e. the protocols imply that an attacker, even if actively masquerading as one of the parties, cannot obtain enough information to test passwords at his leisure; each guess from the attacker must go through an interaction with one of the entities who knows the password). IEEE group P1363 is working on writing standards on that subject.
In the area of symmetric encryption, the AES has been a bit "final". A few stream ciphers have been designed afterwards (stream ciphers are supposed to provide better performance, at the cost of less generic applicability); some were analyzed by the eSTREAM project. There has been quite some work on encryption modes, which try to combine symmetric encryption and integrity checks in one efficient system (see for instance GCM and CWC).
Hash functions have been a hot subject lately. A bunch of old hash functions, including the famous MD5, were broken in 2004. There is an ongoing competition to determine the next American standard hash function, codenamed SHA-3.
An awful lot of work has been done on some implementation issues, in particular side-channel leaks (how secret data leaks through power consumption, timing, residual electro-magnetic emissions...) and how to block them.
Thomas Pornin
2010-05-25 12:33:00
Re: "pairings", there are also secret sharing protocols where any n of m shares can be used to reconstruct a secret. Debian uses Shamir's Secret Sharing (implemented by gfshare) to store the revocation certificate and a backup of the key. It's also trivial to extend DH and RSA to an arbitrary number of keys, although I'm not sure what the advantages there are.
tc.
2010-05-25 17:36:01