Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan SimpleX Chat ThePornDude
Home Artists Posts Import Register
Join the new SimpleX Chat Group!

Post Quantum Encryption Standard DOA - ThreatWire (Patreon)

Published:
2022-08-10 19:00:06
Imported:
2022-11

Downloads

Content

By Shannon Morse, ThreatWire

In some news that makes me wanna say “oof, that hurts”, a potential post quantum encryption standard is now basically DOA due to an attack that used 1 hour of time and a single core PC to recover it’s encryption keys.

Ironically, the name of this encryption algorithm is called SIKE. It’s short for Supersingular Isogeny Key Encapsulation and it’s very fascinating how it works. SIKE works on SIDH, which is short for Supersingular Isogeny Diffie Hellman. It used one step to generate the encryption key, and SIKE’s co inventor, David Jao, told ArsTechnica that the attack that broke it uses mathematics from the 1990’s and 2000’s. The attack uses genus 2 curves to attack elliptic curves, which was unexpected. SIKE could potentially be made to take two steps instead of one to prevent this attack. Jao explained that this is definitely a blow to SIKE, and was very transparent about their understanding of cryptography but not the mathematics involved to recognize this kind of potential attack.

This attack came to light during the US Dept of Commerce’s National Institute of Standards and Technology or NIST’s campaign to find post quantum computer encryption algorithms that could replace the current algos that include RSA, Diffie Hellman, and elliptic curve DH. NIST already chose four replacements called CRYSTALS Kyber, CRYSTALS Dilithium, FALCON, and SPHINCS+.

NIST also chose four more as potentials for further testing, and SIKE was one of those. From there, researchers from the Computer Security and Industrial Cryptography group at KU Leuven published a paper explaining how they broke the encryption using math! The paper is called An Efficient Key Recovery Attack on SIDH. Microsoft also published a bounty for breaking this encryption, which could reward up to $50,000 - meaning the researchers who found this flaw could win the money.

NIST has been working to find replacement algorithms for 5 years, and had started with 69 candidates. Now in round four, there are 3 finalists left. With one of the encryption techniques being broken so far into the campaign, many researchers believe the standardization process should proceed conservatively, since it’s possible others could be found vulnerable to flaws as well.

LINKS: 

https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/
https://arstechnica.com/information-technology/2022/07/nist-selects-quantum-proof-algorithms-to-head-off-the-coming-cryptopocalypse/
https://eprint.iacr.org/2022/975.pdf
https://www.microsoft.com/en-us/msrc/sike-cryptographic-challenge
https://thehackernews.com/2022/08/single-core-cpu-cracked-post-quantum.html

Comments

No comments found for this post.