dmolnar <[EMAIL PROTECTED]> writes:
> On Wed, 3 Jan 2001, Ben Laurie wrote:
>
> > > A cipher is Conditionally Computationally Secure
> > > (CCS) if the cipher could be implemented with keys
> > > that are not quite "long enough" or with not quite
> > > "enough" rounds to warrant a CS rating. Examples:
> > > SKIPJACK and RSA.
>
> This seems a bit strange to me. I would have expected "conditionally"
> computationally secure to mean "secure if some condition holds."
> For instance, Rabin is secure if factoring is hard.
Yes, I don't think these ratings are terribly coherent. By the
definition you give, of course, we wouldn't be able to name any
unconditionally computationally secure algorithms since we don't even
know wheter P equals NP, but that's as it should be.
We need different metrics for the strength of known attacks (upper
bound on security) and basis in problems believed to be hard (lower
bound on security). Mixing the two seems unhelpful.
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
