Non-uniform cracks in the concrete: the power of free precomputation

D.J. Bernstein, T. Lange

Research output: Book/ReportReportAcademic


There is a flaw in the standard security definitions used in the literature on provable concrete security. The definitions are frequently conjectured to assign a security level of 2^128 to AES, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a far lower security level to each of these primitives and protocols. This flaw undermines security evaluations and comparisons throughout the literature. This paper analyzes the magnitude of the flaw in detail and discusses several strategies for fixing the definitions.
Original languageEnglish
Number of pages21
Publication statusPublished - 2012

Publication series

NameCryptology ePrint Archive


Dive into the research topics of 'Non-uniform cracks in the concrete: the power of free precomputation'. Together they form a unique fingerprint.

Cite this