Re: New crypto from IBM...

[C Matthew Curtin <cmcurtin () interhack net>]

> > > > > "Darren" == Darren Reed <avalon () coombs anu edu au> writes:

Darren> http://www.ibm.com.au/news/encrypt.html
Darren> Unfortunately, it's a press release.  Does anyone know any
Darren> real details ?

As expected, the press release overstates the security of the system,
calling it "unbreakable".  Sigh.  Nothing is "unbreakable" without a
long list of qualifiers or a glossary to tell you how the vendor's
usage of terminology differs from everyone else's.

Cramer and Shoup's cryptosystem is one that is provably secure against
adaptive chosen ciphertext attacks.  (The `adaptive chosen ciphertext
attack' is an attack against a system where you look for shortcuts by
throwing cleartext at the system and seeing what ciphertext comes
back.  Theoretically, by doing enough of this analysis, you can figure
out what's going on inside the cryptosystem enough to break other
messages going through that system without having to search for a key
by brute-force, factor huge prime numbers, or whatever the designers
of the cryptosystem want you to have to do in order to break it.)

The paper notes that this isn't the first cryptosystem provably secure 
against adaptive chosen ciphertext attacks, but it is believed that
this is the first practical system.

You can read all the details you like from the paper itself at
<http://www.zurich.ibm.com/Technology/Security/publications/1998/CS.pdf>

-- 
Matt Curtin cmcurtin () interhack net http://www.interhack.net/people/cmcurtin/