Non-uniform Cracks in the Concrete: The Power of Free Precomputation [chapter]

Daniel J. Bernstein, Tanja Lange
2013 Lecture Notes in Computer Science  
There is a flaw in the standard security definitions used in the literature on provable concrete security. The definitions are frequently conjectured to assign a security level of 2 128 to AES, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a far lower security level to each of these primitives and protocols. This flaw undermines security evaluations and comparisons throughout the literature. This paper analyzes the magnitude of
more » ... e flaw in detail, showing how it varies across cryptosystems and across cost metrics, and discusses several strategies for fixing the definitions.
doi:10.1007/978-3-642-42045-0_17 fatcat:eh677w5xbbcfnlfq25642mfeyq