International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 05 June 2012

Daniel J. Bernstein, Tanja Lange
ePrint Report ePrint Report
There is a flaw in the standard security definitions used in the literature on provable concrete security. The definitions are frequently conjectured to assign a security level of 2^128 to AES, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a far lower security level to each of these primitives and protocols. This flaw undermines security evaluations and comparisons throughout the literature. This paper analyzes the magnitude of the flaw in detail and discusses several strategies for fixing the definitions.

Expand

Additional news items may be found on the IACR news page.