Concrete Security

Traditionally, of any Computationally Bounded adversary is Negligible . While such a theoretical guarantee is important, in practice one needs to know exactly how efficient a reduction is because of the need to instantiate the Security Parameter - it is not enough to know that "sufficiently large" security parameters will do. An inefficient reduction results either in the success probability for the adversary or the resource requirement of the scheme being greater than desired.

Concrete security parametrizes all the resources available to the adversary, such as running time and memory, and other resources specific to the system in question, such as the number of plaintexts it can obtain or the number of queries it can make to any Oracles available. Then the advantage of the adversary is upper bounded as a function of these resources and of the problem size. It is often possible to give a lower bound (i.e, an adversarial strategy) matching the upper bound, hence the name exact security.

REFERENCES

M. Bellare, A. Desai, E. Jokipii and P. Rogaway. [http://www-cse.ucsd.edu/users/mihir/papers/sym-enc.html A Concrete Security Treatment of Symmetric Encryption: Analysis of the DES Modes of Operation].

M. Bellare and P. Rogaway. The Exact Security of Digital Signatures: How to Sign with RSA and Rabin

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

	CATEGORIES ABOUT CONCRETE SECURITY

	cryptography

Information About

Concrete Security