<<< Date Index >>>     <<< Thread Index >>>

Re: Secure Science issues preview of their upcoming block cipher



[The From: header is a broken-autoresponder defense; use the address in
the signature if you want to write to me.]

[quoting order repaired manually -dM]
>> [...] CS2-128 cipher is a 128-bit block cipher with a 128 bit key.
>> This cipher is [...] provably just as secure as AES-128.
> Really?  How does one go about proving the security of a block
> cipher?

Proving it just as secure as another cipher is very different from
proving its security in any kind of absolute sense.

If I wanted to prove two ciphers to be of equivalent security ("just as
secure as"), I would try to find a way to use a break of either to
break the other (with sufficiently trivial transformation cost, of
course).  If I show that any break of CS2-128 can be trivially used to
break AES-128, then I have shown that CS2-128 is at least as secure
than AES-128; if I do the same in the other direction too, I have shown
that it is just as secure.

> My understanding is that you, and others, perform attacks against it,
> and see how it holds up.

That is how to probe its security in absolute terms; it cannot prove
anything in the mathematical sense that is apparently being used here.
(Well, okay, it _can_ prove that a cipher is *in*secure.)  "Provably
just as secure as" has little to nothing to do with the kind of
demonstration of security derived from withstanding skilled attacks.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse@xxxxxxxxxxxxxxxxxxxxxx
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B