In the USA The government’s ongoing campaign to protect data in the age of quantum computers, a powerful new attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks of next-generation standardization of encryption algorithms.
Last month, the U.S. Department of Commerce’s National Institute of Standards and Technology, or NIST, selected four quantum computing encryption algorithms to replace algorithms such as RSA, Diffie-Hellman, and the Diffie-Elliptic Curve Hellman, which cannot withstand attacks. from a quantum computer.
In the same move, NIST advanced four additional algorithms as possible replacements pending further testing in the hope that one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the last four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which are based on completely different mathematical techniques than SIKE.
Totally getting SIKE
SIKE, short for Supersingular Isogeny Key Encapsulation, is probably out of order, thanks to research that was published over the weekend by researchers from the Computer Security and Industrial Cryptography group at KU Leuven. The paper, titled “An Efficient Key Recovery Attack on SIDH (Preliminary Version),” described a technique that uses complex mathematics and a single traditional PC to recover the encryption keys that protect SIKE-protected transactions. The whole process only takes about an hour. The feat makes the researchers, Wouter Castryck and Thomas Decru, eligible for a $50,000 reward from NIST.
“The newly discovered weakness is clearly a significant blow to SIKE,” David Jao, a professor at the University of Waterloo and co-inventor of SIKE, wrote in an email. “The attack is really unexpected.”
The advent of public-key encryption in the 1970s was a breakthrough because it allowed parties who had never met to securely trade encrypted material that an adversary could not crack. Public key encryption is based on asymmetric keys, with a private key used to decrypt messages and a separate public key for encryption. Users make their public key widely available. As long as your private key remains secret, the scheme remains secure.
In practice, public key cryptography can often be unwieldy, so many systems rely on key encapsulation mechanisms, which allow parties who have never met before to jointly agree on a symmetric key in a public medium such as the Internet. In contrast to symmetric key algorithms, the key encapsulation mechanisms used today are easily broken by quantum computers. SIKE, before the new attack, was thought to avoid these vulnerabilities by using a complex mathematical construct known as a supersingular isogeny graph.
The cornerstone of SIKE is a protocol called SIDH, short for supersingular Diffie-Hellman isogeny. The research paper published over the weekend shows how SIDH is vulnerable to a theorem known as “glue and division” developed by mathematician Ernst Kani in 1997, as well as tools devised by fellow mathematicians Everett W. Howe, Franck Leprévost and Bjorn. Poonen in 2000. The new technique is based on what’s known as an “adaptive GPS attack,” described in a 2016 paper. The math behind the latest attack is guaranteed to be impenetrable to most non- mathematicians Here is the closest possible:
“The attack takes advantage of the fact that SIDH has auxiliary points and that the degree of secret isogeny is known,” explained Steven Galbraith, professor of mathematics at the University of Auckland and the “G” of the GPST adaptive attack, in a brief write-up on the new attack. “SIDH auxiliary points have always been a nuisance and a potential weakness, and have been exploited for fault attacks, adaptive GPST attack, twist point attacks, etc.”