# Crate octavo_crypto [−] [src]

Cryptosystems primitives

Cryptosystem is a suite of algorithms that describe particular security service, in most cases used for achieving confidentiality. Typically this is set of three algorithms: key generation, encryption function and decryption function.

Mathematically it can be described as tuple \((\mathcal{P, C, K, E, D})\), where:

- \(\mathcal{P}\) is a set called "plaintext space"
- \(\mathcal{C}\) is a set called "ciphertext space"
- \(\mathcal{K}\) is a set called "key space"
- \(\mathcal{E} = \left\{E_k : k \in \mathcal{K}\right\}\) is a set of functions \(E_k : \mathcal{P} \to \mathcal{C}\) called "encryption functions"
- \(\mathcal{D} = \left\{E_k : k \in \mathcal{K}\right\}\) is a set of functions \(D_k : \mathcal{C} \to \mathcal{P}\) called "decryption functions"

For each \(e \in K\) there is \(d \in K\) such that \(D_d(E_e(p))) = p\). If \(d = e\) then we call that "symmetric cipher" otherwise we call it "asymmetric cipher".

In practise we use "asymmetric ciphers" for which computing \(d\) from \(e\) is computationally hard or impossible.

# Kerckhoff's Principle

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

This is basic law for moder cryptography. Unfortunately many of people understand this as "keeping cryptosystem hidden is bad". That is big misunderstanding of what that principle states. It is nothing bad to keep cryptosystem in secret, it is yet another obstacle to overcome by eavesdropper, just don't rely on secrecy.

# Key lengths

According to ECRYPT II Yearly Report on Algorithms and Keysizes this table presents key-sizes equivalence between types of algorithms:

Symmetric | Factoring Modulus | Discrete Logarithm | Elliptic Curves |
---|---|---|---|

48 | 480 | 480/96 | 96 |

56 | 640 | 640/112 | 112 |

64 | 816 | 816/128 | 128 |

80 | 1248 | 1248/160 | 160 |

112 | 2432 | 2432/224 | 224 |

128 | 3248 | 3248/256 | 256 |

160 | 5312 | 5312/320 | 320 |

192 | 7936 | 7936/384 | 384 |

256 | 15424 | 15424/512 | 512 |

# Security table

Levels of security according to ECRYPT II Yearly Report on Algorithms and Keysizes

Security Level | Security (bits) | Protection | Comment |
---|---|---|---|

1. | 32 | Attacks in "real-time" by individuals | Only acceptable for auth. tag size |

2. | 64 | Very short-term protection against small organizations | Should not be used for confidentiality in new systems |

3. | 72 | Short-term protection against medium organizations, mediumterm protection against small organizations | |

4. | 80 | Very short-term protection against agencies, long-term prot. against small organizations | Smallest general-purpose level, <= 4 years protection |

5. | 96 | Legacy standard level | 2-key 3DES restricted to ~10^{6} plaintext/ciphertexts, ~10 years protection |

6. | 112 | Medium-term protection | ~20 years protection |

7. | 128 | Long-term protection | Good, generic application-indep. recommendation, ~30 years protection |

8. | 256 | "Foreseeable future" | Good protection against quantum computers unless Shor's algorithm applies |

We recommend at least 128-bit security for general purpose.

## Modules

asymmetric |
Public-key (asymmetric) cryptosystems |

block |
Block cryptosystems |

prelude | |

stream |
Stream cryptosystems |