Single-Core PC Breaks Post-Quantum Encryption Candidate Algorithm in One Hour
Researcher in the Computer Security and Industrial Cryptography Group (CSIS) at KU Leuven succeeded in breaking (opens in new tab) One of the late candidate algorithms for post-quantum cryptography. Algorithm, SIKE (short for) Encapsulation of hypersingular isogenic keys (opens in new tab)), passed most stages of the US Department of Commerce’s National Institute of Standards and Technology (NIST) competition. It aims to define a standardized post-quantum algorithm (opens in new tab) Against the threat posed by quantum computers that make current cryptography schemes obsolete.
The researchers approached the problem from a purely mathematical perspective, attacking the heart of the algorithm’s design rather than potential code vulnerabilities.
For mathematicians, researchers were able to handle SIKE by attacking the basic cryptographic mathematics Supersingular Isogeny Diffie-Hellman (SIDH). they showed (opens in new tab) SIDH is believed to be vulnerable to the “glue splitting” theorem, developed in 1997 by mathematician Ernst Kani and using additional mathematical tools devised in 2000. An attack that still sits squarely in the realm of mathematics uses curves of genus 2 to attack elliptic curves (genus 1 curves). According to David Jao, co-inventor of SIKE and professor at the University of Waterloo, “the newly discovered weakness is clearly a blow to his SIKE.” But he added that all of this goes back to cryptographers’ imperfect dominance of pure mathematics, in that the approach taken by the researchers was “genuinely unexpected.”
For the rest of us, all of this means that researchers were able to use mathematics to understand SIKE’s encryption scheme and predict and retrieve its encryption keys.
About their troubles and the title paper An Efficient Key Recovery Attack Against SIDH (Preliminary) (opens in new tab)the researchers received a $50,000 NIST-sponsored bounty.
SIKE is one of four additional candidates being considered by NIST after NIST formally announced four algorithms last month to replace the RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellman algorithms currently in use. It attracted attention after becoming Most of the world’s cybersecurity is based on these algorithms, which, if not compromised by other means, are invaluable in protecting information from malicious parties. I have an underlying problem. The point is that if a quantum computer scales up enough, it will be easily defeated. And it is no longer a matter of “if” but “when”.
With “when” expected to occur within the next decade, the race to harden future computing systems and update the encryption methods applied to today’s information is in full swing.
To outline the big question, consider this: Current estimates suggest that humans Manufacturing/storage 64 zettabytes (opens in new tab) (1,000 bytes to the 7th power) of data will grow by 2020. Currently, that information is mostly unquantized. For now, however, the complexity of the technology has somewhat insulated us from the quantum-powered hacking cascade. Only the finest corporations and prosperous states have the brains, people, and financial capital for these systems.
But the cost will come down. Ultimately, there will be near-“off-the-shelf” solutions. In that case, all the data protected by traditional algorithms has as good protection as the skin of an apple from sinking your teeth into its core.
But it seems that a single-core computer and some quirky application of advanced mathematics are all it takes to break certain cutting-edge designs—SIKE. Are you ready to create standards in this fast-growing computing space, where new approaches and breakthroughs are announced every day?
Jonathan Katz, IEEE member and professor in the Department of Computer Science at the University of Maryland, wrote in an email to Ars Technica: “It’s perhaps a little worrying that this is the second example in the last six months of a scheme reaching the third round of the NIST review process before being completely broken using conventional algorithms.” The candidate he refers to, Rainbow, went bankrupt in February of this year, but only at the theoretical level. He continued: “Since three of the four PQC schemes rely on relatively new assumptions whose exact difficulty is not well understood, the latest attack indicates that the standardization process going forward It’s just that you probably still need to be cautious/conservative.”
Whether the time for standardization is ripe or not, one thing is certain. Think about the systemic damage that if his single attack against a medium-sized bank were successful (e.g. zeroing out all information for that bank), it would do very human customers and the financial system as a whole. please look. We’re talking about everything from a single parent home to he 401,000 savings accounts to small and not-so-small businesses.
There are some equally important issues. First, its cryptographically and mathematically sound search is paramount.