Review of the block cipher companion by Lars R. Knudsen and Matthew J.B. Robshaw
暂无分享,去创建一个
Block ciphers serve as fundamental building blocks for much of modern cryptography. They are used extensively in practice for (symmetric-key) encryption, and to a lesser extent for message authentication. Specially designed block ciphers can also be used to construct hash functions, as has indeed been done for, e.g., the SHA family of hash functions. Block ciphers can be used for pseudorandom number generation, as part of challenge/response protocols for entity authentication, and for defining a random-looking mapping between elements. In short, they are both incredibly useful and truly ubiquitous. Several specific block ciphers are also among the most well-known cryptographic primitives. The block cipher DES (the Data Encryption Standard) was perhaps the first modern cryptographic algorithm—it predates RSA—and is certainly one of the earliest to be standardized. Developed in the late ’70s, DES served as a cryptographic workhorse for over 20 years and is still used today in the strengthened form of triple-DES. The Advanced Encryption Standard (AES), the modern replacement for DES, was designed by public competition in the late ’90s and is in widespread use today. DES and AES are among the most heavily analyzed cryptographic algorithms we have. At the most basic level, a block cipher F is an efficiently computable, keyed permutation. That is, F is a function F : {0, 1}n × {0, 1} → {0, 1} where the first input serves as a key, and we let Fk(x) denote F(k, x). The fact that F is a permutation means that for every key k the function Fk : {0, 1} → {0, 1} is a bijection; moreover, F−1 k should be efficiently computable (given k). From a theoretical cryptographer’s point of view, the main security property of a block cipher is that it that should be indistinguishable from a random permutation. A formal definition is somewhat involved, but informally we imagine an attacker interacting with a “black box” that either computes Fk(·) for an unknown, random key k, or that computes f (·) for a permutation chosen uniformly from the set of permutations on {0, 1} . The block cipher F is secure if no efficient attacker can distinguish between these two possibilities with probability significantly better than random guessing. (The book under review—which takes a practical perspective—leaves this notion of security informal and does not focus on it too much. In practice, block ciphers are often required to satisfy even stronger security properties.) The Block Cipher Companion is, to my knowledge, the first book to focus on modern block ciphers. The book is quite thorough, covering block-cipher design principles and cryptanalytic techniques, discussing applications of block ciphers, and providing detailed descriptions of several prominent block ciphers (including DES and AES). The contents of the book are discussed in more detail in the section that follows.