What are some innovative encryption methods? A friend of mine is doing PhD and in-need of some latest and innovative encryption methods for the thesis. Could anyone please recommend something? |
What are some innovative encryption methods? A friend of mine is doing PhD and in-need of some latest and innovative encryption methods for the thesis. Could anyone please recommend something? |
[0] http://www.cs.utsa.edu/~wagner/laws/pad.html
<strike>edit to clarify: "unbreakable" is the wrong word, since it could be brute-forced with enough time and energy, like any encryption method.</strike>
yes it is completely unbreakable.
An envelope key is a securely, randomly generated key used to encrypt the large payload. Then the envelope key (much smaller than the payload) can be encrypted using a one time pad.
The result is that the precious bits of encryption provided by the one time pad are used up at a predictable rate.
Guessing the envelope key is more probable than guessing the one time pad key, but that only breaks a single message's encryption.
Regardless, here's what I think are interesting areas in recent crypto:
- Performance improvements in fully homomorphic encryption, starting with Gentry's work in 2009.
- Practical applications of secure multiparty computation, e.g. Dyadic Security and Google's SMC work.
- Non-NIST standards with actual adoption like Curve25519 and Chacha20-Poly1305
- Functional Encryption: http://eprint.iacr.org/2010/543
- Post-quantum crypto like New Hope (https://eprint.iacr.org/2015/1092) and Supersingular Isogenies (http://eprint.iacr.org/2011/506)
- Candidate functions for Multilinear Maps, e.g. https://eprint.iacr.org/2012/610
- Hardware-based secure enclaves like SGX
But methods of gathering entropy can range from a microphone recording a city street to the classic keyboard/mouse.
Both are valid, but not as practical.
Personally I have the OneRNG, an open source usb-stick that gathers entropy by generating RF noise.
There are other devices like that out today.
[0]: https://z.cash/technology/zksnarks.html
[1]: https://en.wikipedia.org/wiki/Non-interactive_zero-knowledge...
[2]: https://z.cash/
Check out the Open Quantum Systems implementation, they've got a suite incorporating a number of quantum resistant algorithms: https://github.com/open-quantum-safe/liboqs
They have the SIDH implementation you mentioned (https://github.com/open-quantum-safe/liboqs/blob/master/docs...), and a test harness for comparing performance.
http://www.stephenwolfram.com/publications/academic/cryptogr...
https://en.wikipedia.org/wiki/ID-based_encryption
"Identity-based systems allow any party to generate a public key from a known identity value such as an ASCII string. A trusted third party, called the Private Key Generator (PKG), generates the corresponding private keys...."
I think it's innovative and a bit of "thinking outside the box". You do need to ultimately trust a 3rd party (same as in PKI or WOT I guess?).
There is a lot of interesting work in privacy preserving databases as well.
This was how an early break-through in breaking the Enigma was achieved (tangentially, as the Enigma isn't a one-time-pad, but the analysis is similar): Codes were rotated daily, but the first message sent out every morning with the new codes was a weather-report. Thus, the team could immediately cull the search-space to keys that would decrypt to "Weather on [date]" for the first n characters.
An attacker can ‘simply’ try all possible keys and use statistics to filter out those that look like natural language.
If the encrypted text is large enough, chances are you will be left with only one plausible plaintext.
Also, AFAIK, we don’t know whether good encryption using a key much shorter than the plaintext, in the sense that an attacker can’t use statistics on the encrypted text to learn something about the key, exists at all.
As you say, there doesn't seem to be a way to guess the key length from the ciphertext. Ignoring side channel attacks for the moment, it does seem like the one time pad could encrypt the entire message simply by using some clever way of "extending" the key.
Any way of meaningfully extending the key will be vulnerable to a kind of analysis well understood 70 years ago.
This is basically what almost the entire field of cryptography is about: Figure out how you can effectively and securely encrypt things with a key that's a lot shorter than your cleartext.
Both extend the key by repeating it. That is not a good idea.