Stories
Slash Boxes
Comments

SoylentNews is people

Open Sourcing FNR an Experimental Block Cipher

posted by janrinok on Monday June 23 2014, @08:13PM   Printer-friendly
from the who-would-have-trusted-them-if-it-hadn't-been-opened? dept.

AnonTechie writes:

CISCO is offering up an experimental cipher which, among other things, could help preserve the anonymity of data in cloud environments. In putting what it calls "FNR" (Flexible Naor and Reingold) into the hands of the public ( http://blogs.cisco.com/security/open-sourcing-fnr-an-experimental-block-cipher/ ), CISCO says its work is currently experimental rather than production software.

The FNR specification, described here ( http://eprint.iacr.org/2014/421.pdf ) (PDF), explains that privacy of fixed-length fields (such as collected in NetFlow formats) is an emerging challenge for cloud providers, who collect lots of telemetry for analysis and don't want to change their field formats to encrypt the information.

 
This discussion has been archived. No new comments can be posted.
Open Sourcing FNR an Experimental Block Cipher | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by stormwyrm on Tuesday June 24 2014, @01:53AM

    by stormwyrm (717) on Tuesday June 24 2014, @01:53AM (#59207) Journal

    Why should I use FNR instead of AES/Rijndael or a stream cipher derived from it if I really needed to encrypt arbitrarily small pieces of data smaller than the 128 bit block size? Who the invented it, and why should I trust them? What kind of security analysis has been done on it? While AES has the blessing of the US government, it was not invented or modified by the US government, and the world's best cryptographers have had a go at it for the past sixteen years and and have not found any practical attacks. An academic break is one thing, a break that can actually produce plaintext given only ciphertext with practical resources is another: all those attacks on AES published so far still require unrealistic computing resources and/or storage. Apparently this even includes the NSA's own cryptographers, else why would they have given their blessing to use it on classified information (meaning they have to use it themselves)?

    --
    Numquam ponenda est pluralitas sine necessitate.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by juggs on Tuesday June 24 2014, @05:50AM

    by juggs (63) on Tuesday June 24 2014, @05:50AM (#59257) Journal

    An academic break is one thing, a break that can actually produce plaintext given only ciphertext with practical resources is another: all those attacks on AES published so far still require unrealistic computing resources and/or storage. Apparently this even includes the NSA's own cryptographers, else why would they have given their blessing to use it on classified information (meaning they have to use it themselves)?

    Let's think this through.

    Scenario: Super-secret NSA skunkworks department breaks AES

    Given that the people in the said skunkworks likely have the highest level of security clearance possible (ergo trusted to see all that encrypted classifed NSA junk), what are they going to do?

    A. Declare they broke AES
    B. Shut the hell up and use their breakology to look at everyone's junk, including improving internal NSA "transparency" for those in the know.

    At this point it seems to have got to the point of the question being "How paranoid do you want to be?". As I type this I become suddenly aware of two, what I previously assumed to be, ferrite rings moulded into my monitor cable - but are they? They're certainly large enough to contain all manner of electronic wizardry. Perhaps I'll cut them open one day in a fit of paranoid melt down.

    • (Score: 0) by Anonymous Coward on Tuesday June 24 2014, @07:05AM

      by Anonymous Coward on Tuesday June 24 2014, @07:05AM (#59273)

      If the NSA was in possession of a practical break of AES and allowed the US government to use it for classified information anyway, then that would be the height of stupidity and arrogance. Do you really think that they are so stupid and arrogant as to believe that they cannot be penetrated by another foreign intelligence agency or whistleblower (FYI, they already have), or that someone, somewhere, be it the academic community or their counterparts elsewhere, will not independently discover their break? The NSA has been accused of many things, but stupid is not one of them. No, my guess is that they would have done A instead, as they did back in the days of DES, when some apparently suspicious changes they made to the DES s-boxes resulted in the algorithm actually becoming stronger.

  • (Score: 2) by VLM on Tuesday June 24 2014, @11:44AM

    by VLM (445) on Tuesday June 24 2014, @11:44AM (#59339)

    For the very specific answer, you may want to read the second paragraph of the intro in the paper which discusses that exact topic.

    Your general observations are correct. The real question isn't "why use a weird unknown algo with the feature of not having to change anything else" but "why not implement a secure system". It absolutely reeks, stinks, of security as a checkbox on some bureaucrats checklist. This would imply its almost certain to be a failure.

    The specific idea is none the less interesting. I suppose not being limited to 128 bit blocks adds something to steganography, precise lengths of random data look "fishy" but a random length of random data could plausibly be random... This is probably much more useful for the people embedding secret messages into exif fields in pr0n pix than to bank DBAs.