You are looking at a specific version 20130306:091534 of this paper. See the latest version.

Paper 2012/318

Non-uniform cracks in the concrete: the power of free precomputation

Daniel J. Bernstein and Tanja Lange

Abstract

There is a flaw in the standard security definitions used in the literature on provable concrete security. The definitions are frequently conjectured to assign a security level of 2128 to AES, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a far lower security level to each of these primitives and protocols. This flaw undermines security evaluations and comparisons throughout the literature. This paper analyzes the magnitude of the flaw in detail, showing how it varies across cryptosystems and across cost metrics, and analyzes several strategies for fixing the definitions.

Note: Revised intro, added FAQ.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Published elsewhere. Unknown where it was published
Keywords
provable securityconcrete securitynon-uniform algorithmsalgorithm cost metrics
Contact author(s)
tanja @ hyperelliptic org
History
2013-09-14: last of 4 revisions
2012-06-05: received
See all versions
Short URL
https://ia.cr/2012/318
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.