A PC user has discovered a serious flaw in what was considered quantum-proof encryption, potentially opening up a whole new avenue of attack for hackers.
Last month, The National Institute of Standards and Technology (NIST) announced the winners after years of competition to develop new encryption standards. These standards have been designed to protect against a hypothetical threat—quantum computers.
Although not invented, this is still considered a significant issue that needs precautionary measures. So-called “quantum computers” will be so powerful one day that they will easily decrypt our present-day public-key encryption (standards such as RSA and Diffie-Hellman).
To combat future dangers, the U.S. government has invested in developing more substantial encryption standards that tomorrow’s technology can’t decode.
NIST chose four encryption algorithms that will create sufficient protections against outside threats and plan to standardize them, meaning all future products seeking NIST compliance will be held up to these standards. NIST announced four additional finalists being considered for standardization after the original four finalists had been selected.
Unfortunately, one of the four extra algos does not appear as robust—SIKE, which stands for Supersingular Isogeny Key Encapsulation. A recently discovered cyberattack was able to break SIKE relatively simply.
What’s worse, the computer attackers used was as far from a quantum computer as possible. Instead, it was a single-core PC (meaning that it wasn’t as quick as your typical PC, which has a multi-core processor), and it only took an hour for the little machine to decrypt SIKE’s supposedly tricky encryption.
“This is really bad news for those of us who were hoping that SIKE would be one of the quantum-proof algorithms standardized by NIST,” says Scott Aaronson, a computer scientist at the University of Texas at Austin.
The attack on SIKE was carried out by a team from Inria, France’s national research institute for computer science and applied mathematics. They detailed their findings in a paper presented at the Cryptographers’ Track at the RSA Conference, which took place last week in San Francisco.
“It’s not often that you see an attack that works against all possible instantiations of an algorithm,” Aaronson says. “In this case, if you’re going to use SIKE, you need to be careful about how you instantiate it.”
NIST has not yet responded to the Inria team’s paper, and it’s not clear what, if anything, will come of it. The agency may decide that the attack is not serious enough to warrant abandoning SIKE as a possible standard.
“I would be surprised if NIST didn’t at least take a second look at SIKE in light of this attack,” Aaronson says.
In the meantime, the Inria team’s paper has cast a shadow over an algorithm once considered one of the most promising quantum-proof encryption schemes. “It just goes to show that even when you have a lot of people thinking about something for a long time, there can still be nasty surprises,” Aaronson says. “That’s why we need cryptanalysts.”
More Stories
Killnet and AnonymousSudan Collaborate to Launch Cyber Attacks on Western Organisations
In recent news, it has been reported that two Russia-sympathetic hacktivist groups, Killnet and AnonymousSudan, have allegedly launched a series...
$4000 Gone In An Instant: Mother Defrauded in Facebook Marketplace Car Deal
A mother of four is warning others to be cautious after believing she had purchased a safe and dependable car...
Shocking Scam: Sydney Family Loses $200K Life-Savings in Suncorp Spoofing Fraud
A family from Sydney has lost their life savings worth $200,000 due to a fraudulent scam. Peter and Madison, who...
Mysterious Money Transfer Leaves Couple Speechless: How They Got an Unsolicited $4000
A young couple in Melbourne claims their bank is making up a personal loan they do not understand. Ashley and...
Phishing + AI + Voice Cloning= Big Trouble: The New Way Criminals are Stealing Your Money
New Alert: Criminals use AI and voice cloning to trick you out of your money. Earlier this year, Microsoft unveiled...
‘Impossible to Spot’ Delivery Scam Email Targets Australia Post Customers – Don’t Fall Victim!
Unsuspecting shoppers should be cautious as a parcel delivery scam that is hard to distinguish targets Australia Post customers. Email...