Section: Application Domains

Security Estimates for Cryptography

An important application of cryptanalysis is to evaluate the concrete security of a given cryptosystem, so that key sizes and parameters are chosen appropriately. In some sense, cryptanalysis is the crash test of cryptography. When one uses cryptography, the first thing that one does is to select parameters and key sizes: in the real world, several well-known cryptographic failures happened due to inappropriate key sizes. Cryptanalysis analyzes the best attacks known: it assesses their cost (depending on the platform) and their performances (such as success probability). Sometimes the exact cost of an attack cannot be evaluated accurately nor rigorously, but fortunately, it is often possible to give an order of magnitude, which allows to select key sizes with a reasonable security margin.

On the other hand, it must be stressed that cryptanalysis depends on the state of the art: today's best attack may be completely different from tomorrow's best attack. The case of MD5 is a good reminder of this well-known fact.