Re: what should "k-bit security" mean?
From: David Wagner (daw_at_mozart.cs.berkeley.edu)
Date: 08/30/03
- Next message: John A. Malley: "Re: Possible way to link block cipher distinguishability as PRFs to the inner workings of a product cipher? (LONG)"
- Previous message: David Wagner: "Re: RSA vs AES"
- In reply to: Douglas A. Gwyn: "Re: what should "k-bit security" mean?"
- Next in thread: John E. Hadstate: "Re: what should "k-bit security" mean?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Aug 2003 19:57:47 +0000 (UTC)
Douglas A. Gwyn wrote:
>David Wagner wrote:
>> ... If we
>> rule out all the security metrics that cannot actually be measured,
>> we're left with almost nothing.
>
>Surely it would be better to acknowledge the limitation
>rather than mislead people into thinking that they have a
>genuine security guarantee.
No argument there. But as I stated earlier, we can factor out *what*
we're trying to measure (in principle) from *how* we're going to
measure it. Even if we don't know how to measure security according to
the advantage measure, the advantage measure can still be a very useful
way of understanding the "right" goal to shoot for.
- Next message: John A. Malley: "Re: Possible way to link block cipher distinguishability as PRFs to the inner workings of a product cipher? (LONG)"
- Previous message: David Wagner: "Re: RSA vs AES"
- In reply to: Douglas A. Gwyn: "Re: what should "k-bit security" mean?"
- Next in thread: John E. Hadstate: "Re: what should "k-bit security" mean?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
