depends on how the algo designed to be used in a crypto system -- usually but not always : - simple exhaustive attacks studied , see if its even worth it to get more serious , OR , is it in the criteria of the "process" to continue that path and trim down the cost by increasing the positive chances within realistic time/budget/technology - more known attacks such as differentials and birthday or so will be studied . a possibility to tackle the algo and/or the crypto system with TMTO could be categorized here as well . refer to books like "elementary cryptanalysis" to surf common attacks to algo - if the algo is serious and crypto system has complex regulations , efforts to find bugs within "implementation" of the algo or the built of crypto system is another approach -- math dudes do not consider this as an "attack" , which in that abstract realm they are right - reading the algo and efforts to identify useless or destructive portions of the code whether by human eye or a standard automatic system is also an approach . a mistake in placement of some SBox somewhere , with assumptions that are not always correct , as an example , may help the attacker shorten the complexity of the attack in time , memory or computation power required . - in reality , most of the attacks hurt the security using flaws in crypto system , whether design of built , and not the also itself . for engineers , this is a quick and usually fruitful try with high chance of "getting plain data outa some encrypted channel the way makes bosses happy and sell 9-10 figure price tags at ISS" , again , math dudes are not much friendly here , when Shamir says " *Cryptography* is typically *bypassed*, not penetrated" he is kinda referring to this , or other methods like using human stupidity and not a pure math problem in an algo , - NIST has published detailed regulation and specs how to examine an algo against sets of modern attacks . take a look . "code" must pass these tests to even consider a crypto algo nowadays . NATO and ASEAN also have stuff in this regard -- that i dont know much about . all public afaik
finally , confronting a crypto is not a black magic . knowledge is always built upon knowledge and on these expensive and very intellectual areas , a simple handbook is next to impossible to author . one morning your SIGINT alarms that a new signal , a new channel , a new paper or a microfilm hidden inside someone's butt is bring to their attention and its apparently CODE . people with previous experince on both math and engineering angle of crypto cracking ( e.g HPC ) study the signal and with various methods , subject to signal analysis , at some point , revelations will be made about the general concept of the CODE . now there is a system analyst , an engineer and a math snob sit together see about the similarities of the CODE with other systems they have broken in the past . if no ? dunno , maybe they pray ? if yes , the rest is almost always the same . usually the crypto echosystem has a flaw or offers an opportunity to make bosses happy , if not , above mentioned process on algo starts . when i was young , the most important stage was getting from "we have a CODE" to that room where "math snob , the engineer and an analyst -- usually a telecom expert with deep DSP and system design skills" get together . no offense to algo , by the way . not sure if this style still applies well or what . regards -mh On Thu, Dec 26, 2013 at 2:37 PM, Kevin <kevinsisco61...@gmail.com> wrote: > Maybe it's just me, but the "soup to nuts" cryptanalysis process is black > magic. So I am curious...does one start with side channel attacks? Which > attacks are tried on an algorithm first and how is that decided? > > -- > Kevin > > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
