Models for evaluating security (ctd) Computational security(Practical security) We might define a cryptosystem to be computationally secure if the best algorithm for breaking it requires at least N operations, where n is some specified, very large number The problem is that no known practical cryptosystem can be proved to be secure under this definition neither the Shift Cipher, the Substitution Cipher nor the Vigenke Cipher is computationally secure against a ciphertext-only attack(given a sufficient amount of ciphertext) Ad hoc security(heuristic security) any variety of convincing computational security unforeseen attacks may remainModels for evaluating security (ctd) • Computational security (Practical security) – We might define a cryptosystem to be computationally secure if the best algorithm for breaking it requires at least N operations, where N is some specified, very large number. – The problem is that no known practical cryptosystem can be proved to be secure under this definition. – neither the Shift Cipher, the Substitution Cipher nor the Vigenke Cipher is computationally secure against a ciphertext-only attack (given a sufficient amount of ciphertext). • Ad hoc security (heuristic security) – any variety of convincing computational security – unforeseen attacks may remain