We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Interview with Michael Walter at EuroCrypt 2018 on the Topic of Bit Security

Kristina Perunicic Managing Editor

Michael Walter is currently working on his post doctoral research at the Institute of Science and Technology (IST) in Austria. I caught up with him at the EuroCrypt 2018 conference in Tel Aviv, where he gave a talk titled – On the Bit Security of Cryptographic Primitives.

Michael Walter - EuroCrypt 2018

Bit Security has received a lot of criticism lately – can you explain why that is?

So, there are a few different issues here. One is there are loss of precisions that you have versus the concrete security approach where you can take a more detailed look at the resources and advantages, and you take these numbers and bit security compresses them into one. There you will lose something; this is a simplification, and a valid one in my opinion in many cases, but certainly not in all.

An additional aspect to note is the study conducted by Bernstein and Lange, which addressed concerns related to the non-uniformity of adversaries. These are adversaries that we are aware of their existence, yet we are uncertain about how to detect them. (For instance, we don’t understand how to program these).

What is the focus of your research?

In this work we look at a different aspect essentially. As I said Bernstein and Lange have proposed several counter measures that one can do, but they didn't look at the advantage functions, this quantity that most people think of as the distinguishing advantage. We think that if you quantify security in terms of bit security, what you should be looking at is the quantity alpha times delta squared (that correspond to the adversaries output probability (alpha) and conditional distinguishing advantage squared (delta^2)).

Your research is redefining the decision problems?

Not the problems itself, but how you would measure the security of decision primitives.

What are the real-life implications based on your work, if any?

So, that is kind of an interesting question. When talking about real life applications, you usually look at things that have a constant advantage. For example, I have an adversary that with probability ½ will break the scheme or probability ½ is able to distinguish something.

There, it doesn’t really matter that much if you look at the distinguishing advantage or distinguishing advantage². Because if you have a success probability or a distinguishing advantage of maybe ¾, which is very large, then its square will be 9/16, which is still large – and in that sense, if you're talking about real world adversaries that go ahead and break something it won't make much a difference. It's more to get a cleaner way of reducing between primitives.

But also, potentially, there are implications for example, approximate sampling for lattice based cryptography, where this does have real world impact as far as how much precision you'll need in order to prove that your scheme is still secure. So it does have some implications.

But not for your average person

Not really, but that’s really a good a thing – Bit security has been around for a while and people have an intuition about it, which isn't necessarily wrong. The nice thing about bit security is if I tell you something has 100 bits of security you'll be like, oh that’s pretty secure. But if I tell you something has only 50 bits of security you'll probably stay clear of it. And I don’t want to change that at all, I think it's useful to talk about and quantify measure of security in this way.

You can see Michael's complete presentation from EuroCrypt 2018 here.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Kristina Perunicic is a former editor for vpnMentor. She’s a cybersecurity expert with an interest in VPNs and their importance in the digital privacy landscape.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback