Information can be protected by cryptographic tools and it is assumed to be secure if it is not possible for the adversary to defeat the information security. So the question "How is a cryptographic tool secure?" is answered in this section by using the complexity theory in [1].
2.3.1 Complexity Theory
The complexity of the computations in cryptography has two main parameters called space and time. The space parameter is the amount of storage of the in-formation you need, and the time parameter is the amount of time to do the computations by using the information in the space. The time parameter come first in the complexity assuming that you have enough space to do your compu-tation.
An algorithm is a well-defined computational procedure that takes a vari-able input and halts with an output. The running time of an algorithm on a particular input is the number of primitive operations or steps executed. The
worst-case running time of an algorithm is an upper bound on the running time for any input, expressed as a function of the input size. In complexity theory, the running time is approximately evaluated by Big-O notation O and it is classified in three classes: polynomial-time, exponential-time and sub-exponential time.
Definition 12. Let f and g be functions on Z+. Then f (n) = O(g(n)) if there exists a positive constant c and a positive integer n0 such that 0 ≤ f (n) ≤ cg(n) for all n ≥ n0.
Definition 13. Let n be the input size of the algorithm and k be a constant.
A polynomial-time algorithm is an algorithm whose worst-case running time function is of the form O(nk). Any algorithm whose running time cannot be so bounded is called an exponential-time algorithm. A subexponential-time algorithm is an algorithm whose worst-case running time function is of the form eO(n).
Polynomial-time algorithms are regarded as efficient algorithms, while exponential-time algorithms are considered inefficient. A subexponential-time algorithm is asymptotically faster than an algorithm whose running time is fully exponential in the input size, while it is asymptotically slower than a polynomial-time algorithm.
The complexity theory restricts its attention to decision problems which have either YES or NO as an answer.
Definition 14. The complexity class P is the set of all decision problems that are solvable in polynomial time. The complexity class NP is the set of all decision problems for which a YES answer can be verified in polynomial time given some extra information, called a certificate. The complexity class co-NP is the set of all decision problems for which a NO answer can be verified in polynomial time using an appropriate certificate.
2.3.2 Models for evulating security
After defining the terms in complexity theory, the security of the cryptographic tools can be evaluated under some security models:
• Unconditional security. The question here is whether or not there is enough information available to defeat the system when the adversary is assumed to have unlimited computational resource. This model is also called as perfect secrecy.
• Complexity-theoretic security. The adversary has polynomial compu-tational power to defeat the information security. Usually the worst-case analysis is used. Polynomial attacks may be feasible under the model but still be computationally infeasible in practice.
• Provable Security. A cryptographic tool is said to be provably secure if the adversary defeats the system when he solves a well-known and suppos-edly difficult problem. This problem is typically number-theoretic such as integer factorization or the computation of discrete logarithms.
• Computational Security. The system is said to be computationally se-cure if the perceived level of computation required to defeat it, even using the best attack known, exceed by a comfortable margin, the computational resources of the hypothesized adversary. This is sometimes called practical security.
• Ad-hoc security. This approach consists of any variety of convincing arguments that every successful attack requires a resource level such as time and space greater than the fixed resources of a perceived adversary.
It is also called as heuristic security, with security here typically in the computational sense.
In this thesis, we mostly used the models of complexity-theoretic security, provable security and ad-hoc security.
2.3.3 Some perspective for computational security
Some certain quantities are often considered to evaluate the security of crypto-graphic tools.
Definition 15. The work factor W is the minimum amount of work required to defeat the information security. It is measured in appropriate units such as elementary operations or clock cycles in computers.
In that sense, if W is t years for sufficiently large t, the cryptographic tool is a secure system. For comparing the sufficiency for large t, Table 2.4 can be used.
Reference Magnitude Magnitude
(as power of 10) (as power of 2)
Seconds in a year ≈ 3 × 107 ≈ 225
Age of our solar system (years) ≈ 6 × 109 ≈ 232 Seconds since creation of solar system ≈ 2 × 1017 ≈ 257 Electrons in the universe ≈ 8.37 × 1077 ≈ 2259 Number of 75-digit prime numbers ≈ 5.2 × 1072 ≈ 2241 Binary strings of length 64 ≈ 1.8 × 1019 264 Binary strings of length 128 ≈ 3.4 × 1038 2128 Clock cycles per year, 50 MHz computer ≈ 1.6 × 1015 ≈ 250
Clock cycles per year, 1 GHz computer ≈ 3 × 1016 ≈ 254 In the fastest super-computer (as of Nov 2013),
Float operations per second ≈ 33.86 × 1015 ≈ 255 Float operations per year ≈ 1.01 × 1024 ≈ 280 Table 2.4: Reference numbers comparing relative magnitudes