From the amount of computation required to break several reduced round versions of a cryptographic algorithm, extrapolate the amount of extra security each additional round buys you. Plot that against the computation time of the additional round.
Which algorithms are more "efficient" at providing security than which? Which have steep slope?
A cryptographic standard should merely recommend a minimum number of rounds, then the user can (and should) go beyond that depending on computational availability, for example, as many rounds as possible while still remaining imperceptible to the UI. We want the most efficient algorithms in terms of making things difficult for code breakers for the least computational cost.
I don't think I've seen cryptographic competitions (e.g., AES, SHA-3) judged this way.
No comments :
Post a Comment