Japanese Researchers Crack Supposedly Hack-Proof Cryptography

Discussion in 'privacy technology' started by burebista, Jun 20, 2012.

Thread Status:
Not open for further replies.
  1. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    225
    Location:
    Romania
    -http://www.dailytech.com/Japanese+Researchers+Crack+Supposedly+HackProof+Cryptography/article24965.htm-
    Encryption you say? :doubt:
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Tried and true encryption, yes. PBC seems relatively new, and I don't see any of the staples (TC, PGP, Etc...) listed in this document:

    http://crypto.stanford.edu/pbc/

    I'm no crypto expert, but I do not believe that brute forcing a 256bit AES key has gotten any easier because of this discovery.

    PD
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    You would be correct. This discovery has nothing to do with AES or RSA/DSA, etc. It's a totally different animal.
     
  4. accessgranted

    accessgranted Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    205
    Hi,

    So there's no relation between this brute force decryption and, say, Truecrypt or other opensource security, right? How about public key crypto?

    Thxs
     
  5. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi
    this was a brute force attack on a next generation type of encryption, http://www.geek.com/articles/chips/252-processing-cores-used-to-crack-encryption-in-record-time-20120620/
    pairing-based crpto uses "identity-based encryption," which allows you to use things about yourself as your key in a secure way.
    I think Steve Gibson sums it up best....

    STEVE: "Many people picked up on the story of Fujitsu cracking 978-bit crypto. Well, so everyone's like, okay, is this bad? What does this mean? And a lot of people picked up on the report. It was supposed to take umpteen millions of years, and they did it in some 120-some hours. So this isn't a problem. Nothing about the crypto we're using today is affected. This is a completely different crypto technology known as pairing-based crypto. It is very much next-generation crypto. There are cryptographic libraries that implement it. It's still deep in academia. It's a cool technology which potentially solves the certificate authority trust problem, so it's got everybody interested. It offers something called "identity-based encryption," which allows you to use things about yourself as your key in a secure way. It's incredibly complicated.

    But there were theoretical beliefs about the strength of it. And so what Fujitsu did, and this is very good for it, was they showed it wasn't as strong as people thought. And a perfect analogy is the factorial problem. The reason, and we're talked about this before, the reason we need 2048-bit keys for asymmetric encryption is the difficulty we believe there is in factoring an integer that large. The reason we only need 256-bit or 128-bit symmetric keys is that it's an entirely different problem to crack it.

    So cracking symmetric encryption is entirely different from cracking prime factor-based asymmetric encryption which requires factorization. So similarly, this pairing-based crypto is yet again an entirely different means of encrypting, and so it's got unknown key length requirements. We know what the key lengths are for symmetric. We've settled on what they should be for traditional asymmetric that requires factorization in order to crack it. Now we're looking at a third type. And so it's still in academia.

    So what happened is there were assumptions about how long it would take to crack a 978-bit key. And that's a weird number all by itself. And it turns out Fujitsu used, like, hundreds of cores, operators had 200-some, 248 cores cranking away. And in what was a surprisingly short time for the academic researchers of this next-generation potential, next-generation technology, Fujitsu had a breakthrough.

    So that's good. That means, oops, 978 bits is not enough. We'll just add some more. So we're determining the required strength for this key of pairing-based crypto. Interesting, but doesn't affect us in any way today."

    This explanation set my mind at ease, But with increasing processing power who knows what the future holds....
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'm still not worried. A 256bit Symmetric AES key, using Titan (20 Peta-FLOP Super Computer), would still take 3x10^51 years to search the entire key space. I don't want to get into Side Channel, Birthday, etc.. attacks, but as it sits today *generally*, the math is still beating the hardware. When that changes, something else will come along.

    PD

    Edit: Small correction - at a billion billion keys per second (10^Eighteen), it would take 50 Titan's 3x10^51 years.
     
    Last edited: Jun 24, 2012
  7. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Gotta agree PD,
    been devils advocate...just hope we know when it changes ;)
     
  8. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    No there is no link. PBC is a totally different technology with totally different problems involved. RSA uses factoring as its "hard problem." Factoring large numbers into their prime components is a problem that has been studied since ancient Greece. Mathematicians have made some headway in speeding up the process, but nothing that completely "breaks" it.

    AES is a block cipher and it uses things like substitutions and permutations as its problem (AES is known as a substitution permutation network or SPN). Block ciphers are the best understood crypto primitives known to man and have been studied since just after WWII. This attack has no bearing on block ciphers.

    So, this is merely an academic exercise and has no bearing on most real world systems currently in use. I just wish the tech media understood this and reported it as such.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.