1978 Cryptosystem Resists Quantum Attack

← Back to Stories (view on slashdot.org)

1978 Cryptosystem Resists Quantum Attack

Posted by samzenpus on Wednesday August 18, 2010 @08:44AM from the built-to-last dept.

KentuckyFC writes "In 1978, the CalTech mathematician Robert McEliece developed a cryptosystem based on the (then) new idea of using asymmetric mathematical functions to create different keys for encrypting and decrypting information. The security of these systems relies on mathematical steps that are easy to make in one direction but hard to do in the other. Today, popular encryption systems such as the RSA algorithm use exactly this idea. But in 1994, the mathematician Peter Shor dreamt up a quantum algorithm that could factorise much faster than any classical counterpart and so can break these codes. As soon as the first decent-sized quantum computer is switched on, these codes will become breakable. Since then, cryptographers have been hunting for encryption systems that will be safe in the post quantum world. Now a group of mathematicians have shown that the McEliece encryption system is safe against attack by Shor's algorithm and all other known quantum algorithms. That's because it does not depend on factorisation but gets its security from another asymmetric conundrum known as the hidden subgroup problem which they show is immune to all known quantum attacks."

21 of 185 comments (clear)

Min score:

Reason:

Sort:

Hidden subgroup problem is under active research by da+cog · 2010-08-18 08:50 · Score: 5, Informative

It is worth noting that solving hidden subgroup problem is a subfield of quantum computing that has been active for a while. Although we can't figure out how to solve it in general, we can solve specific instances of it; for example, I think that factorizing is one such instance.
Thus, I suspect that we will eventually figure out a way to break this encryption. Even if we do, though, these mathematicians still get credit for giving us a new instance of the hidden subgroup problem to try and solve, which may give us additional insight into the extent to which the general problem can be solved by a quantum computer.

--
Snarkiness is inversely proportional to wisdom because it emphasizes feeling right rather than being right.
ElGamal?? by neiko · 2010-08-18 08:51 · Score: 4, Interesting

Would ElGamal also be immune since it's based on Discrete Logarithms?
1. Re:ElGamal?? by mrnobo1024 · 2010-08-18 08:55 · Score: 5, Informative
  
  No - both prime factorization and discrete logarithms can be done in polynomial time with a quantum computer.
conspiracy theory by craftycoder · 2010-08-18 08:51 · Score: 4, Interesting

I wonder if "THEY" already have one of these quantum computers and are keeping a lid on it so they can snoop on the PGP of our enemies. Would it be possible to develop one of these in secrecy?
1. Re:conspiracy theory by woolpert · 2010-08-18 09:04 · Score: 5, Insightful
  
  I wonder if "THEY" already have one of these quantum computers and are keeping a lid on it so they can snoop on the PGP of our enemies. Would it be possible to develop one of these in secrecy?
  Simplistically:
  If THEY bought out 50% of the researchers in the field, without arousing suspicion amongst those who turned down the offer, THEY would only have a 50% chance of having one first.
  More realistically,
  If THEY bought out a significant percentage of the researchers in the field, without arousing suspicion amongst those who turned down the offer, THEY would likely only be a few months / years (at best) ahead.
  And since the outlook on the QC front is rather bleak (in terms of a functional QC with any real power) the odds are strongly in favor of THEY not having squat.
  Especially in today's world it isn't like top researchers are fragmented and isolated. In the past it was possible for a governmental organization to use its greater vision to collect isolated researchers and be the first to introduce them to each other, magnifying their individual efforts. Today everybody who is anybody in these fields is at least aware of the others, if not following closely.
Re:Timeless saying applies here... by kalirion · 2010-08-18 08:51 · Score: 4, Insightful

If it can be engineered, it can be reverse-engineered.
That only works for "security through obscurity" type of problems. A good encryption should not be "solvable" - it must be brute forced. The question is how expensive the brute force method is in processing power and time.
Re:Timeless saying applies here... by da+cog · 2010-08-18 08:54 · Score: 5, Insightful

It doesn't apply to this article. The way that one typically breaks a cryptosystem is not by reverse engineering (which is not even meaningful here, given that the algorithm is already completely open), but by finding a clever new way to solve the mathematics underlying the system using less information than the designers of the system had thought was needed.

--
Snarkiness is inversely proportional to wisdom because it emphasizes feeling right rather than being right.
If you want to test it by Atmchicago · 2010-08-18 08:57 · Score: 4, Funny

Send a bunch of encrypted e-mails containing questionable content and see if anyone comes knocking at your door. And be sure to not send any questionable content unencrypted, or to give any other reasons for them to show up.

--
You can lead a horse to water, but you can't make it dissolve.
1. Re:If you want to test it by fishexe · 2010-08-18 09:04 · Score: 3, Funny
  
  Send a bunch of encrypted e-mails containing questionable content and see if anyone comes knocking at your door. And be sure to not send any questionable content unencrypted, or to give any other reasons for them to show up.
  But how will I know they're not just knocking at my door out of a desire to make my acquaintance?
  
  --
  "I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
2. Re:If you want to test it by Anonymous Coward · 2010-08-18 09:36 · Score: 5, Interesting
  
  Even then, they would probably spend a long time creating other circumstances in which to pick you up that would give plausible deniability as to how they caught on.
  One can google one's own references as I'm sort of lazy today, but a good example: the British had thoroughly broken Enigma during WWII, and at one point in the war knew where -every- German U-boat was. This created a dilemma for them: should they act on this information, and if so, how to do it without tipping their hand? If they just went and rounded up every single one, it would be pretty obvious that the code had been broken.
  What they did, according to the stories, is send out disinformation that a) they had ramped up production of a bunch of new long-range sea-spotting planes (they didn't, they only had the resources for a few); and b) these planes would fly near where they already -knew- the U-boat was, and 'spot it' (making sure it was obvious they'd been seen by the U-boat itself before flying back). The British were also careful not to find too many U-boats -- only the ones that they needed out of the way for critical operations. The Germans were convinced they just had really bad luck and were the victim of a very expensive and thorough patrol system by the British.
  If the guys in dark suits can crack PGP, Blowfish, etc. easily, they won't obviously act on it until they first get dirt on you via other means. :p
3. Re:If you want to test it by c6gunner · 2010-08-18 11:14 · Score: 5, Funny
  
  But how will I know they're not just knocking at my door out of a desire to make my acquaintance?
  Easy. If they use your door knocker, they want to make your acquaintance. If they bring their own, they're coming for more than tea and crumpets.
Re:Good but not great by pushing-robot · 2010-08-18 08:58 · Score: 5, Informative

Feel secure again. Only a variant was broken.

--
How can I believe you when you tell me what I don't want to hear?
New assymetric algorithms needed? by mlts · 2010-08-18 08:58 · Score: 4, Interesting

Symmetric algorithms are at least in their second generation (DES/Lucifer now AES) of production use, with decades of study and close analysis by a lot of good minds.
Asymmetric algorithms are still essentially the first generation. Take RSA. It has been out for so long that its patent has expired more than 15 years ago. Even elliptic curve cryptography has been out at least 20 years, because the NeXT had it in NeXTStep 3.0 (and ended up getting pulled out of the OS due to ITAR).
Even cryptographic hashes have been through a number of iterations. We had MD4, then MD5, then SHA-1, then SHA-256, now are looking for something to replace SHA, similar to how Rijndael replaced 3DES and DES.
Maybe it is time to have a contest to have a standard asymmetric algorithm to replace RSA, DSS, and ElGamal? Something fundamentally designed to resist quantum computer attack as well as other threats.
The article agrees with you by fishexe · 2010-08-18 09:02 · Score: 5, Informative

Thus, I suspect that we will eventually figure out a way to break this encryption. Even if we do, though, these mathematicians still get credit for giving us a new instance of the hidden subgroup problem to try and solve, which may give us additional insight into the extent to which the general problem can be solved by a quantum computer.
From TFA:

However, it's worth pointing out that while the new work guanratees safety against all known quantum attacks, it does nothing of the sort for future quantum attacks. It's perfectly possible that somebody will develop a quantum algorithm that will tear it apart as easily as Shor's can with the RSA algorithm. "Our results do not rule out other quantum (or classical) attacks," says Dinh and co.

--
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
1. Re:The article agrees with you by DarkKnightRadick · 2010-08-18 09:32 · Score: 5, Funny
  
  You read the article?!
  
  --
  "There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
Re:Timeless saying applies here... by Frequency+Domain · 2010-08-18 09:12 · Score: 5, Insightful

Actually, with really hard-core crypto systems there are three traditional ways to break them: 1) rubber hose; 2) dumpster diving; or 3) box of chocolates/bouquet of roses.
Early connection? by steve_bryan · 2010-08-18 09:31 · Score: 5, Interesting

A sociological observation is that Shor was an undergrad at Caltech when McEliece was a professor there formulating the cryptosystem that would resist the quantum algorithm that Shor would develop years later. I wonder if knew each other.
Re:It's "Caltech", not "CalTech" or "Cal Tech" by Anonymous Coward · 2010-08-18 09:38 · Score: 3, Funny

Pidantic much? {sic}
Re:Timeless saying applies here... by treeves · 2010-08-18 10:06 · Score: 3, Interesting

That falls under the generalization of (3).
(1) Threat/intimidation/violence
(2) Exploit a careless mistake
(3) Bribery/persuasion
I suppose (1) and (3) even could blur together into "influence" (negative and positive).

--
...the future crusty old bastards are already drinking the Kool-Aid.
Re:Timeless saying applies here... by ae1294 · 2010-08-18 11:15 · Score: 3, Funny

WTF... OK... I can deal with slashdot being overrun by morns who know little but act big, but now we have to put up with text-ese ?

His UID is lower than yours so shouldn't it be "I can deal with that slashdot was overrun by morns who knew little when I signed up. (eol)"
Feed him some cat food by A+nonymous+Coward · 2010-08-18 11:27 · Score: 3, Funny

Maybe he did, maybe he didn't.

--
Infuriate left and right