This paper discusses the implications of choosing a computational model to study the cost of cryptographic attacks and therefore quantify how dangerous they are. This choice is often unconscious and the chosen model itself is usually implicit; but it has repercussions on security evaluations. We compare three reasonable computational models: $i$) the usual Random Access Machine (RAM) model; $ii$) the ``Expensive Memory Model'' explicitly introduced by several 3rd-round submissions to the Post-Quantum NIST competition (it states that a single access to a large memory costs as much as many local operations); $iii)$ the venerable VLSI model using the Area-Time cost measure. It is well-known that costs in the RAM model are lower that ...
This work presents a detailed study of the classical security of the post-quantum supersingular isog...
It is currently not possible to quantify the resources needed to perform a computation. As a consequ...
We present the results of research of limiting adversarial budget in attack games, and, in particula...
This paper discusses the implications of choosing a computational model to study the cost of crypto...
This paper makes the case for considering the cost of cryptographic attacks as the main measure of t...
The theoretical view of cryptography usually models all parties, legitimate ones as well as attacker...
Attacks on cryptographic systems are limited by the available computational resources. A theoretical...
The research in complexity theory, for a long time now, has been conscious of memory as a resource i...
The purpose of a model of computation is to provide the algorithm designer with a device for running...
In 1980, Martin Hellman [1] introduced the concept of cryptanalytic time-memory tradeoffs, which all...
peer reviewedThe block cipher Rijndael has undergone more than ten years of extensive cryptanalysis ...
Side-channel attacks are an important class of attacks against cryptographic devices and profiled s...
Attack tree analysis is used to estimate different parameters of general security threats based on i...
Secure computation allows mutually distrusting parties to compute over private data. Such collaborat...
Abstract. Previously, the author has developed a framework within which to quantify and compare the ...
This work presents a detailed study of the classical security of the post-quantum supersingular isog...
It is currently not possible to quantify the resources needed to perform a computation. As a consequ...
We present the results of research of limiting adversarial budget in attack games, and, in particula...
This paper discusses the implications of choosing a computational model to study the cost of crypto...
This paper makes the case for considering the cost of cryptographic attacks as the main measure of t...
The theoretical view of cryptography usually models all parties, legitimate ones as well as attacker...
Attacks on cryptographic systems are limited by the available computational resources. A theoretical...
The research in complexity theory, for a long time now, has been conscious of memory as a resource i...
The purpose of a model of computation is to provide the algorithm designer with a device for running...
In 1980, Martin Hellman [1] introduced the concept of cryptanalytic time-memory tradeoffs, which all...
peer reviewedThe block cipher Rijndael has undergone more than ten years of extensive cryptanalysis ...
Side-channel attacks are an important class of attacks against cryptographic devices and profiled s...
Attack tree analysis is used to estimate different parameters of general security threats based on i...
Secure computation allows mutually distrusting parties to compute over private data. Such collaborat...
Abstract. Previously, the author has developed a framework within which to quantify and compare the ...
This work presents a detailed study of the classical security of the post-quantum supersingular isog...
It is currently not possible to quantify the resources needed to perform a computation. As a consequ...
We present the results of research of limiting adversarial budget in attack games, and, in particula...