Conversation

Notices

1. Embed this notice
   Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 15-Jan-2025 01:47:54 JST Soatok Dreamseeker

   @risottobias @dalias @khm @ambiguous_yelp @sammi @joelanman We use a lot of analytic approaches (e.g., bit diffusion in reduced rounds to compare ARX constructions, which help quantify the statistical confusion between inputs and outputs in the full round of a scheme) which are derived from successful attacks against insecure designs. A cipher is a secure as the cost of the best attack (exhaustive key search a.k.a. brute force is the default attack to consider).

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 15-Jan-2025 01:48:15 JST Rich Felker

     in reply to

     • sammi
     • Risotto Bias
     • Joe Lanman
     • 🌱@ambiguous_yelp:ahimsa.chat

     @soatok @risottobias @khm @ambiguous_yelp @sammi @joelanman Thankfully that's false, but we'll likely never prove it.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 15-Jan-2025 01:48:16 JST Soatok Dreamseeker

     in reply to

     • Rich Felker
     • sammi
     • Risotto Bias
     • Joe Lanman
     • 🌱@ambiguous_yelp:ahimsa.chat

     @risottobias @dalias @khm @ambiguous_yelp @sammi @joelanman It's not just the security against known attacks, it's "how does each component of this primitive behave, and what are the best strategies for defeating it?"

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 15-Jan-2025 01:48:16 JST Soatok Dreamseeker

     in reply to

     • Rich Felker
     • sammi
     • Risotto Bias
     • Joe Lanman
     • 🌱@ambiguous_yelp:ahimsa.chat

     @risottobias @dalias @khm @ambiguous_yelp @sammi @joelanman With asymmetric cryptography, you have even more uncertainty from a proofs perspective.

     There is no proof that any given number theory operation is a good trapdoor. That's as true for RSA as it is for ECC.

     Lattices, codes, isogenies, multivariate schemes, etc. were all considered candidates because they rely on mathematical structures that, even with quantum computers, are not breakable in 2128 queries (or more).

     But then SIKE was broken by a laptop on a weekend. And so too was Rainbow.

   • Embed this notice
     Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 15-Jan-2025 01:48:16 JST Soatok Dreamseeker

     in reply to

     • Rich Felker
     • sammi
     • Risotto Bias
     • Joe Lanman
     • 🌱@ambiguous_yelp:ahimsa.chat

     @risottobias @dalias @khm @ambiguous_yelp @sammi @joelanman In that respect, symmetric cryptography is more boring than anything asymmetric, but a proof that P=NP would eventually utterly destroy both.