![[JoGu]](JGU.png) |
Cryptology Today |
|
|
Cryptology Today |
|
Cryptology today is at the basis of information security in our networked world. The mathematicians have done their homework and delivered strong algorithms for each purpose, at last the AES and SHA-3 algorithms.
These modern algorithms are strong enough to defeat direct cryptanalysis, in the sense that there is no practical approach to breaking them. This doesn't mean that their use is necessarily secure: For example people often chose keys that may be guessed, or a hacker can find them in the memory cells of a computer. Or the variations in power consumption of a chip, say in a smart card or other device, reveal some key bits ... This is an instance of so-called side-channel cryptanalysis, and there are many more targets—that however in most cases have nothing to do with the underlying mathematics. They rather afflict the system engineers.
So are mathematicians out of engagement in cryptology? No—for (at least) two reasons:
1. The encryption algorithms seem to be unbreakable. But there is absolutely no mathematical proof for this! Instead there exist lots of problems with the mathematical foundations of cryptology, mainly in complexity theory and number theory. No one really believes in a mathematical breakthrough in cryptanalysis that would make the allegedly secure algorithms obsolete [*]. But no one can exclude such a breakthrough. Therefore mathematical security proofs are badly needed. But there is no compelling idea how to get there. For the time being cryptology is a challenging field of activity for mathematicians.
[*] except that some people believe in quantum computers, see below.
2. Research on symmetric block ciphers has slowed down after the AES competition is finished; developing new symmetric algorithms may be a challenge for researchers but is not imperative from a global perspective. The situation with regard to asymmetric ciphers is somewhat different. We have good and secure algorithms, but it makes much sense trying to improve the efficiency of encryption as well as the cryptanalytic approaches.
And then we have the hash functions whose security is much better understood since the SHA-3 competition, whose mathematical foundations however need further progress.
3. Maybe some day there will be an efficiently working quantum computer. Then cryptanalysis would improve dramatically, making many of the established ciphers more or less obsolete. The proponents of quantum computers herald a breakthrough for the near future. However the physical obstacles seem high and not yet well understood. Nevertheless this promise opened a new research field for mathematicians: develop »quantum resistant« algorithms.
How to perform cryptographic procedures today? Of course no one does complicated calculations in order to encrypt their messages or data. (That's what computers are for.) In many situations the normal user is not even aware of the cryptographic machinery, say in mobile phones or ATMs. But sometimes the cryptography is explicit. Here are three typical scenarios: