An encryption algorithm should be computationally secure, i.e., even by using parallel computers, the brute force attack would take a significantly large time to break it. It should also be secure against Know plaintext attacks, Known Ciphertext attacks and so on. In addition to this, the encryption algorithm must follow the Avalance effect.

If you only have plaintext and ciphertext pairs you must reconstruct the algorithm first. As all good, and even a considerable number of bad algorithms produce a ciphertext that is indistinguishable from random, this will be a difficult undertaking.

If you can influence the plaintext, look for chosen plaintext attacks.

When the algorithm is found and new, evaluate all attacks from the literature. and keep in mind that intelligence organisations may have some unpublished tricks in their sleeves.

Briefly, an encryption algorithm should be:

(i) free from active as well as passive attacks.

(ii) shouldn't be cryptanalyzed in polynomial time.

There are several ways to evaluate an encryption algorithm, including the following:

Overall, there are many factors to consider when evaluating an encryption algorithm, and the specific criteria used will depend on the specific context and requirements of the application.

In general, we analyze the complexity of communication and processing in cryptography algorithms: (Memory, energy consumption, Processing time, communication, etc). Asymmetrical cryptosystems in particular are not always size-preserving.

Strong encryption schemes -

•Algorithm must be in public domain (strength is not in secrecy)

•Algorithm must stand test of time (necessary for thorough examination by larger and wider collection of people)

–Weakness not found

–Months to break through brute force

Evolution Outlook -

– Strong security (with sufficiently large key)

– High speed

– Portability (particularly for smaller computing devices)

Dear Mohammed Majid

To assess security, I recommend knowing the different attacks out there and assessing the resilience to those attacks.

Depends on the type of criptographic algorithm

Symmetrical or asymmetrical?

Symmetrical stream or Block cipbers?

Asymmetric RSA or ECC?

There are also attacks that depend on the platform in which it is deployed.(software or hardwarw)

Kind regards

Professor Legón

For example

Block encryption must meet the "avalanche" criteria (SAC and BI),

But these criteria have been extended to flow But these criteria have been extended to stream ciphers.

Imple. Implementation of these tests?

https://github.com/ezielramos/parallel-sac-bic

Teoría?

https://doi.org/10.3390/app10217668

https://doi.org/10.3390/app11209646

For example

For block ciphers you must evaluate resistance to differential and linear attacks.

AES is resistant to these attacks But Your Implementation can be vulnerable to side-channel attacks, (such as power attacks, And failure attacks)

For RSA, its security is based on the proven theoretical complexity of factoring an integer that is the product of 2 "large" prime numbers, however classical implementations of modular exponentiation can be vulnerable to "timing" side channel attacks.

The output of the stream ciphers must be "Pseudorandom ", at least they must pass all the tests of the randomness batteries, such as the NIST etc.(Necessary but not sufficient condition)

Ejemplo

Elliptic Curve Implementation (ECC) May Be Vulnerable to Time Side Channel Attacks

You need to define two things: 1) What information security objectives do you need to satisfy with your cryptographic scheme and 2) What are the adversary models (capabilities of an attacker) that you assume you must face to achieve your security objectives.

Starting from the above, it is that you must begin your evaluation.

To summarize "evaluate":

• How good is an unknown algorithm? (probably not very good)
• Is an algorithm suitable for my application?
• How good is the implementation of the chosen algorithm? (side channel, fault injection)

Encryption strength is often described in terms of the size of the keys used to perform the encryption: in general, longer keys provide stronger encryption. Key length is measured in bits.

Musadaq Hadi Key length is only part of the security.

A monoalphabetic substitution has a theoretical key space of 26! but is not very secure.

A one time pad (where the key length is the same as the message length) is very secure until you send 2 different messages with the same key.

In general, keep to the recommendations of the likes of NIST and ENISA

here are several ways to evaluate an encryption algorithm, including:

Security analysis: This involves analyzing the algorithm's mathematical properties to determine its level of security and resistance to attacks.

Performance evaluation: This involves measuring the algorithm's speed, memory usage, and other performance metrics to determine its efficiency.

Interoperability testing: This involves testing the algorithm's compatibility with other encryption systems and standards to ensure it can be used in a variety of different contexts.

Resistance to side-channel attacks: This involves testing the algorithm's resistance to attacks that exploit information leaked through side channels, such as power consumption or electromagnetic radiation.

Implementations analysis: This involves analyzing the software or hardware implementation of the algorithm to ensure it is free of vulnerabilities or weaknesses.