Slashdot Mirror
New Attack Against Multiple Encryption Functions
An anonymous reader sends word of a paper presented a few days back by Adi Shamir, the S in RSA, that promises a new form of mathematical attack against a broad range of cryptographic ciphers. The computerworld.com.au report leans heavily on Schneier's blog entry from the Crypto 2008 conference and the attached comments. Shamir's paper has not been published yet. "[The new attack could affect] hash functions (such as MD5, SHA-256), stream ciphers (such as RC4), and block ciphers (such as DES, Triple-DES, AES) at the Crypto 2008 conference. The new method of cryptanalysis has been called a 'cube attack' and formed part of Shamir's invited presentation at Crypto 2008 — 'How to solve it: New Techniques in Algebraic Cryptanalysis.' The new attack method isn't necessarily going to work against the exact ciphers listed above, but it offers a new generic attack method that can target basically formed ciphers irrespective of the basic cipher method in use, provided that it can be described in a 'low-degree polynomial equation'... What may be the biggest outcome from this research is the range of devices in widespread use that use weaker cryptographic protection, due to power or size limitations, that are now vulnerable to a straightforward mathematical attack."
Ban the Math, it's a circumvention tool.
The reason to casually encrypt phone calls or any other data is to prevent the casual snooping of same.
Look at this way -- the barrier to entry for snooping your data is very low, and getting lower with each
new executive order. On the other hand the barrier to entry on snooping your data can be set arbitrarily high;
you can choose anything from 56 bit single-DES to 2048 bit RC4. The effort required to casually snoop you for
no other reason has now exploded. It was fear of people adopting this strategy and blocking the casual snooping
that inspired the clipper chip. It was the people's laziness, ignorance or both towards protecting their privacy
and their fear of terror that has eroded any expectation of privacy now, which is truly unfortunate.
If we had an expectation of privacy in this country, I think things would be very different now with regards to
all the second order effects such as identity theft.
I have an enormous amount of respect for Bruce Schneier, but his writing is designed to get him business, not to give easy answers to big problems.
umm, easy answers to big problems? There are none, sir, and while bruce does occasionally plug his own products, I've never thought that he was just into it to make money. Reading his blog is the most informative part of my day.
Besides, we all know that his real reason for blogging is to help squid become the dominant species on the planet like they were intended to be.
Solution 1: x = 1
Solution 2: x = -1
Solution 3: x = BUFFER OVERFLOW
%#$%#%#%#%##%%$$
I hate printers.
I saw the talk. The cube attack was very impressive: it allowed Shamir to break a fairly difficult-looking toy cipher (constructed, of course, to have an Achilles heel, but still probably impossible to break with other known techniques). He used only one bit per packet (with a million packets) and didn't use any particular knowledge of the cipher's internals.
However, as presented the attack probably only breaks toy examples. Its real-world applicability will depend on how well Shamir and Dinur manage to adapt it to ciphers which don't have this simple structure. For example, it will be difficult to apply the attack to either hash functions or block ciphers, because their iterated design tends to give them high degree. The attack will also be difficult to adapt because of its low tolerance for noise and its applicability to a narrow range of scenarios. Still, Shamir believes that it will be applicable at least to some modern stream ciphers, so I'll be keeping an eye out for the full version.
I hereby place the above post in the public domain.