Cryptanalysis vs. Reality presented at BlackHatAbuDhabi 2011

by Jean-Philippe Aumasson,


Summary : It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to:
Side-channel leakage (padding oracle attacks, etc.)
Attacks on the implementation (key extraction through fault attacks, etc.)
Complete bypass (after theft of keys à la DigiNotar, etc.)
Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.