October 18, 2006

Evils of Crypto Buzzword Plague -- AES is Pareto-secure but ECB is not

One of the points behind Pareto-secure, if not *the* point (disagree here), is that only a few components ever achieve the strength to be rated Pareto-secure or even Pareto-complete. In short, that means they are so good that you don't need to worry about them in your design within your context (Pareto-secure) or even forever, in any reasonable scenario (Pareto-complete).

The headline component for this treatment is today's encryption algorithms. AES and the like are so strong we don't need to worry about them. But the corollary is that the protocols we use them in are nowhere near so secure, and our faith in Pareto-secure components has to be very carefully contained.

That extends to "modes," being those short protocols to create streams out of blocks. Which brings us to this very nice description from Mark Pustilnik of how short the distance between "strong" and "ridiculous" is with cipher modes.

Figure 2a Plaintext

Figure 2b ECB Encryption

Figure 2c CBC Encryption

Just spotted, another excellent exposition of mathematics in pictures on Nick Szabo's site.

Posted by iang at October 18, 2006 07:55 PM | TrackBack

Great stuff, Ian! The best illustration to the modes of operation concept I've ever seen.

Posted by: SATtva at October 20, 2006 07:12 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.