Last summer, at a workshop on "Security Metrics," conducted
by NIST's Computer System Security and Privacy Advisory
Board, Landgrave Smith, Institute of Defense Analysis, reported
on a pilot study of "the metrics used for determining the
strength of cryptography."
http://csrc.nist.gov/csspab/june13-15/sec-metrics.html (the workshop)
http://csrc.nist.gov/csspab/june13-15/Smith.pdf (Smith's presentation)
Five catergories of algorithm strength were established for
the pilot:
Unconditionally Secure (US)
Computationally Secure (CS)
Conditionally Computationally Secure (CCS)
Weak (W)
Very Weak (VW)
Smith stated: "A cipher is Unconditionally Secure (US)
if no matter how much ciphertext is intercepted, there
is not enough information in the ciphertext to
determine the plaintext uniquely."
No examples for this strength were given, and it was
not clear from Smith's presentation whether there is
such a cipher or the category was only provided
as a theoretical premise.
Question: is there a cipher that is Unconditionally
Secure?
Mr. Smith defined the other categories:
[Quote]
A cipher is Computationally Secure (CS) if it cannot
be broken by systematic analysis with available
resources in a short enough time to permit
exploitation. Examples: DES and 3 DES.
A cipher is Conditionally Computationally Secure
(CCS) if the cipher could be implemented with keys
that are not quite "long enough" or with not quite
"enough" rounds to warrant a CS rating. Examples:
SKIPJACK and RSA.
A Weak (W) cipher can be broken by a brute force
attack in an acceptable length of time with an
"affordable" investment in cryptanalytic resources
(24 hours and $200K). No examples.
A Very Weak (VW) cipher is one that can be broken
by determining the key systematically in a short
period of time with a small investment (8 hours
and $20K). No examples.
[End quote]
DES - CS
3 DES - CS
SKIPJACK - CCS
RSA - CCS
