Recap of Theoretical versus Practical Security

Here’s a look at a summary of the chapter.

We'll cover the following

Summary

In this chapter, we have investigated the difference between providing security in theory and providing security in practice. We introduced the concept of perfect secrecy, which is in some sense the best security a cryptosystem can ever provide. We described various versions of the only cryptosystem which has perfect secrecy and then explained why it cannot normally be used in real applications. We then explored the notion of practical security. We looked at ways of measuring the strength of a cryptosystem in terms of the difficulty of executing attacks against it. Finally, we commented on the difficulty of proposing a precise notion of practical security.

A number of important points arose during this discussion:

  • It’s impossible to guarantee the security of a cryptosystem. Even if it’s theoretically secure, it may be insecure in practice.

  • It’s quite acceptable (even necessary) in practice to use cryptosystems that are theoretically breakable.

  • Every attempt should be made to formulate a notion of practical security for a given environment. This will inevitably involve trade-offs, estimates, and evaluations of what levels of risk to accept. Formulating this notion will be difficult.

Get hands-on with 1200+ tech skills courses.