Security proving is certainly one of the most remarkable achievement of modern cryptography. Benefit from our expertise to ensure built-in security in your applications.
Establishing a security proof is done in 4 steps:
1. Formally capture the threat model of the target application or protocol into a security model. This consists in properly defining what a successful attacker would be doing to destroy the security of the application and may results in several adversarial goals and attack scenarios.
2. Identify security assumptions, namely things that no computer or human can ever do in an efficient way (extract discrete logarithms or e-th roots modulo an RSA modulus, break a tamper-resistant memory, etc.).
3. Build a reduction between an exploit in the threat model and breaking at least one of the security assumptions. This step is often referred to as establishing the security proof.
4. Interpret the proof in terms of concrete bounds on the security parameters (key sizes, security margins). This leads to a mapping between security parameters and the concrete security level targetted by the application, and gives back what key size or parameter value are needed to reach it.
Security proving provides a strong form of evidence that an application does or does not reach the required security strength (80 bits, 128 bits, 256 bits, etc.).
Now widely adopted by certification bodies and standardization groups, security proofs may also serve just as an eye-opener for security architects.
We are experts at providing security proofs for any cryptographic scheme, protocol or application.
Please contact us for more information.
