Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is it safe to mandate a new algorithm in a product / standard?

ALGORITHM mandate Product safe standard
0
Posted

Is it safe to mandate a new algorithm in a product / standard?

0 CommentsAdd a Comment

1 Answer

0

In the past, one had to wait years before using a new cryptographic scheme; one needed to give cryptanalysts a fair chance to attack the thing. Assurance in a scheme’s correctness sprang from the absence of damaging attacks by smart people, so you needed to wait long enough that at least a few smart people would try, and fail, to find a damaging attack. But this entire approach has become largely outmoded, for schemes that are not true primitives, by the advent of provable security. With a provably-secure scheme assurance does not stem from a failure to find attacks; it comes from proofs, with their associated bounds and definitions. Our work includes a proof that OCB-E is secure as long as blockcipher E is secure (where E is an arbitrary block cipher and “secure” for OCB-E and secure for E are well-defined notions). Of course it is conceivable that OCB-AES could fail because AES has some huge, unknown problem. But other issues aren’t really of concern. Here we’re in a domain where the

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123