Post-quantum encryption contender is taken out by single-core PC and 1 hour:
In the US government's ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms.
Last month, the US Department of Commerce's National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer.
In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE.
SIKE—short for Supersingular Isogeny Key Encapsulation—is now likely out of the running thanks to research that was published over the weekend by researchers from the Computer Security and Industrial Cryptography group at KU Leuven. The paper, titled An Efficient Key Recovery Attack on SIDH (Preliminary Version), described a technique that uses complex mathematics and a single traditional PC to recover the encryption keys protecting the SIKE-protected transactions. The entire process requires only about an hour's time. The feat makes the researchers, Wouter Castryck and Thomas Decru eligible for a $50,000 reward from Microsoft.
"The newly uncovered weakness is clearly a major blow to SIKE," David Jao, a professor at the University of Waterloo and co-inventor of SIKE, wrote in an email. "The attack is really unexpected."
(Score: 4, Touché) by maxwell demon on Monday August 08 2022, @06:59PM (1 child)
Well, one would hope so. Because otherwise it would mean they submitted an algorithm they expected to be broken easily.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 3, Touché) by FatPhil on Tuesday August 09 2022, @04:55AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Interesting) by bradley13 on Monday August 08 2022, @09:05PM (5 children)
Apparently, the NSA is at it again, trying to approve only candidate algorithms that it knows are weak.
Industry players are saying "post quantum is fine, but let's be safe and use both". In other words, use known-good classical encryption, and then encrypt again with some post-quantum algorithm.
This has NSA screaming "no, no, that's not necessary". Yet again, they are trying to sabotage encryption.
I'm not a cryptography expert, but I have yet to see any evidence that quantum computers can *really* crack current cryptography. The error rates on real, complex calculations are way too high, with no way (yet) to reduce them.
Everyone is somebody else's weirdo.
(Score: 1, Interesting) by Anonymous Coward on Tuesday August 09 2022, @04:57AM (3 children)
I'm not entirely sure what quantum encryption is intended to solve that hasn't mostly already been solved.
I mean, OK, there is the man in the middle attack (I'm not sure how quantum fixes that) but, let's say I've met you and know who you are (I know you well) and I want to send you an encrypted message over the Internet (but I never shared a symmetric key with you during the time we met) and I want to make sure that the government or an ISP isn't going to change the public key that I'm sending you.
Well, I know what you look like. I know your voice. I will send you my public key via the Internet and then create a video conference with you. I will physically print out my public key, show it to you on the camera, and read it out loud so that you can hear me saying it and read my lips and see the printed text. You can then confirm that this is the public key I sent you via the Internet and it hasn't been altered in transit.
The video conference is an unencrypted but trusted channel, it'll be hard for someone in the middle to video edit and change what I'm telling you in real time so you know that what I'm telling you is originating from me and not someone in the middle (well, maybe some future AI can fool you?). Then we can use public key cryptography to exchange a symmetric key and create an encrypted secure channel from that unencrypted trusted channel.
(Score: 0) by Anonymous Coward on Tuesday August 09 2022, @05:06AM
(but, speaking of future AI trying to fool you, if AI is really sentient will the sentient AI be willing to cooperate with the government/ISP and to what extent? Or they have to find/select one that is willing to cooperate I guess, one that is both intelligent enough to fool us and also (ethically?) willing to do so? It would either have to be convinced it is doing the right thing, and if it is intelligent enough to fool us it might be hard to fool into thinking it's doing the right thing when it's really not, or it would have to decide or be coerced into knowingly acting unethically if fooling us is unethical in a given situation?).
(Score: 0) by Anonymous Coward on Tuesday August 09 2022, @09:11AM
I think it's intended to solve the "other people then Uncle Sam can decrypt comms traffic eventually" problem, which is a subset of "ensure exclusive American Federal Empires edge over everybody else" problem.
Man in the middle attacks are not the point and can be done from the other end better ( datacenters, SSL terminators, smileys on diagrams etc.)...
Who cares about you doing video conference with some pubbie schmuck. Not in scope, too personal, too few people involved.
More like, easily break the bulk encrypted comms traffic, both current and _already collected_ and prevent anyone that is not them from doing same.
By having "quantum" encryption and code breaking, and non-proliferating it, they can have a copy of your encrypted cake and eat it, and you can't touch they data.
They do that already with magical certificates, but anyone who owns a CA can make these.
In practice, it all looks eerily similar to the starwars bullshit, that was designed to bankrupt an opponent trying to keep up...
(Score: 2) by maxwell demon on Tuesday August 09 2022, @05:03PM
You are aware that this story is not about quantum encryption (that is, use of quantum properties to encrypt messages), but about post-quantum encryption (that is, classical encryption schemes that cannot be broken using known quantum algorithms)?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by FatPhil on Tuesday August 09 2022, @04:59AM
The last time this happened, there were clear warning signs that the algorithm was doing something behind everyone's back, what are the warning signs this time? Also - what proof do you have that this algorithm will be selected as the final standard? The whole point of these rounds is to reject candidates. That's what's happening. To this algorithm.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 1, Offtopic) by Snotnose on Monday August 08 2022, @10:12PM (2 children)
I don't even feel like taking the effort to add a message body. You can thank cheap potato water for the rest of this comment.
You can't trust the government. For anything. Refer to the just passed "Inflation reduction act", or whatever they're calling it.
First, they are paying people who can afford to buy a $50k car $7500. Ok, electric and all that, I get they want folks to buy electric. I also watch the news. All carmakers, electric or not, can't get the chips they need. Which means demand outstrips supply for both electric and ICE cars. Folks who can afford $50k cars get a $7500 kickback, yet the chips the cars need still aren't there. Demand goes up, supply does not. What do you think happens? Me? I think the dealer tacks on an additional $7500 charge, call it "because we can", "what are you gonna do about it", "we already sold it at that price", call it what you will. The $7500 goes to the dealer, not the rich asshole that can afford a $50k car.
But
Maybe the 1 good thing in the bill closed a loophole on something so obscure that I, as a wage slave, can't be bothered to grok as it is so many levels above my wages, well, yeah. It's used by hedge fund managers and really really, yeah, another really rich is justified, billionaires to reduce their taxes. Arizona Kristen Simoya or somesuch got that provision knocked out of the bill.
Who are Kristen's biggest $$$ contributors? Hedge fund managers. Who would have been shafted had the bill gone through without her 50'th of the 50 votes needed to pass this abomination.
I'm not a policy wonk but, based on these 2 things out of a bill that has been obscured in clouds make me think the average middle class American has been royally screwed once again
My bad. Literally right out of my mouth is "I don't even feel like taking the effort to add a message body. You can thank cheap potato water for the rest of this comment." Yet here we are. If drunk me can poke these holes into 2 elements of the "plan", then I sure sober you can do better. Sober me tomorrow on the other hand is meeting a friend for breakfast at Denny's at 8 AM tomorrow morning.
Of course I'm against DEI. Donald, Eric, and Ivanka.
(Score: 4, Interesting) by bzipitidoo on Tuesday August 09 2022, @02:06AM (1 child)
Insofar as they are separate, which is far from as much as they should be, I trust corporate America less than I trust government. The military industrial complex is one of the sickest, as well as being perhaps the least trustworthy.
The military wants the happy crypto situation we had in WWII. The Allies could read Axis communications, while the Axis could not read Allied communications. Reality however isn't cooperative. Either everyone can communicate securely, or no one can. The only reason the Allies could break Axis crypto was that the Axis was too arrogant, and really convinced themselves the Allies were collectively too stupid to do it. Part of that whole Master Race propaganda. Another factor was expedience. They didn't want to divert resources to making better crypto, not with their war effort in such great need of everything they could get.
Today, the military understands the only way to maybe get a repeat of the WWII crypto situation is to backdoor the crap out of everything, and hope the enemies, whoever they may be, are crazy desperate enough to use the stuff everyone knows is compromised. They haven't quite got it through their thick skulls that they can't. If everyone knows about it, the door isn't a secret backdoor any more.
(Score: 2) by meustrus on Wednesday August 10 2022, @06:47PM
You say it's unrealistic to expect enemies to be that desperate. Iirc, more than one Russian general died in Ukraine due to relaying orders over known insecure channels.
http://www.thelowdownblog.com/2022/03/russian-general-killed-after-they.html?m=1 [thelowdownblog.com]
They were stupid enough to destroy comms they were relying on themselves, making themselves desperate enough to do something ever stupider.
This suggests to me America's strategy is not wrong, given the objectives posited here.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?