Read Time:2 Minute, 31 Second
A PC user has discovered a serious flaw in what was considered quantum-proof encryption, potentially opening up a whole new avenue of attack for hackers.
Last month, The National Institute of Standards and Technology (NIST) announced the winners after years of competition to develop new encryption standards. These standards have been designed to protect against a hypothetical threat—quantum computers.
Although not invented, this is still considered a significant issue that needs precautionary measures. So-called “quantum computers” will be so powerful one day that they will easily decrypt our present-day public-key encryption (standards such as RSA and Diffie-Hellman).
To combat future dangers, the U.S. government has invested in developing more substantial encryption standards that tomorrow’s technology can’t decode.
NIST chose four encryption algorithms that will create sufficient protections against outside threats and plan to standardize them, meaning all future products seeking NIST compliance will be held up to these standards. NIST announced four additional finalists being considered for standardization after the original four finalists had been selected.
Unfortunately, one of the four extra algos does not appear as robust—SIKE, which stands for Supersingular Isogeny Key Encapsulation. A recently discovered cyberattack was able to break SIKE relatively simply.
What’s worse, the computer attackers used was as far from a quantum computer as possible. Instead, it was a single-core PC (meaning that it wasn’t as quick as your typical PC, which has a multi-core processor), and it only took an hour for the little machine to decrypt SIKE’s supposedly tricky encryption.
“This is really bad news for those of us who were hoping that SIKE would be one of the quantum-proof algorithms standardized by NIST,” says Scott Aaronson, a computer scientist at the University of Texas at Austin.
The attack on SIKE was carried out by a team from Inria, France’s national research institute for computer science and applied mathematics. They detailed their findings in a paper presented at the Cryptographers’ Track at the RSA Conference, which took place last week in San Francisco.
“It’s not often that you see an attack that works against all possible instantiations of an algorithm,” Aaronson says. “In this case, if you’re going to use SIKE, you need to be careful about how you instantiate it.”
NIST has not yet responded to the Inria team’s paper, and it’s not clear what, if anything, will come of it. The agency may decide that the attack is not serious enough to warrant abandoning SIKE as a possible standard.
“I would be surprised if NIST didn’t at least take a second look at SIKE in light of this attack,” Aaronson says.
In the meantime, the Inria team’s paper has cast a shadow over an algorithm once considered one of the most promising quantum-proof encryption schemes. “It just goes to show that even when you have a lot of people thinking about something for a long time, there can still be nasty surprises,” Aaronson says. “That’s why we need cryptanalysts.”
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
