Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Clock Is Ticking On Encryption

Posted by timothy on from the promise-that-keeps-on-giving dept.

CWmike writes "In the indictment that led to the expulsion of ten Russian spies from the US in the summer of 2010, the FBI said that it gained access to their communications after surreptitiously entering one of the spies' homes, during which agents found a piece of paper with a 27-character password. The FBI had found it more productive to burglarize a house than to crack a 216-bit code, despite having the computational resources of the US government behind it, writes Lamont Wood. That's because modern cryptography, when used correctly, is rock solid. Cracking an encrypted message can require time frames that dwarf the age of the universe. That's the case today. 'The entire commercial world runs off the assumption that encryption is rock solid and is not breakable,' says Joe Moorcones, vice president of information security firm SafeNet. But within the foreseeable future, cracking those same codes could become trivial, thanks to quantum computing."

11 of 228 comments (clear)

  1. Re:Quantum Encryption by peragrin · · Score: 4, Funny

    only if you don't actually want to crack it, then quantum encryption will unlock itself, however if you want to crack it you can't.

    --
    i thought once I was found, but it was only a dream.
  2. Quite right by AaxelB · · Score: 5, Insightful

    Yeah, that's true.

    Wait, who didn't know this already? The title is misleading, but the fact that quantum computing breaks RSA is pretty standard knowledge (among people who have heard of quantum computing at all, I guess). Of course, there are other encryption schemes that seem to work just fine (e.g. Elliptic curve cryptography) with quantum computing, and there's not much evidence that algorithms other than RSA are broken. Note: factoring isn't NP-complete! So far there's no reason to believe it's not an "easy" problem, except that we haven't figured out how to do it. More intersetingly, there's a lot of research being done on quantum cryptography, which is really quite cool. In total, quantum computing should probably give us more security than it breaks, except for the idiots who keep using outdated algorithms long after they're broken, but they'd be screwed anyway.

    So, the sky is falling! Oh wait, no, that's just the weather changing.

  3. For all my encryption cracking needs... by lxs · · Score: 4, Insightful

    I rely on magic pixie dust found on top of the space elevator. It's easier to get than a useful quantum computer and will be for quite some time.

  4. CWMike by pjt33 · · Score: 5, Informative

    Anyone prepared to take a bet that the CW of CWMike stands for ComputerWorld, and this is a blatant attempt to drive traffic towards an article he either wrote or published?

    1. Re:CWMike by beakerMeep · · Score: 5, Informative

      Pretty obvious really -- CWMike along with Julie188 have been plaguing Slashdot with this InfoWorld/ComputerWorld tripe for years. The articles are almost always either sensationalism (magic future computing may crack your password, clock is ticking!) or trolling flamebait (is [insert favorite mobile OS] dangerous?). It's bullshit blogspam and Slashdot can do better. I just wish they cared a bit more about weeding out this kind of stuff.

      --
      meep
  5. Re:The U.S. government is VERY corrupt. by Black+Parrot · · Score: 4, Insightful

    That kind of behavior, burglarizing houses, committing a crime to stop other crimes, is destructive to the rest of the nation.

    I don't find it such a bad thing, if they have a warrant from a non-corrupt judicial system.

    You can hardly say fighting espionage is inherently corrupt.

    --
    Sheesh, evil *and* a jerk. -- Jade
  6. Re:Quantum Encryption by Sir_Sri · · Score: 5, Informative

    Quantum computing is probabilistic, it has a chance to converge on the right answer, and it gets there in the fairly specific case of using a quantum version of a fourier transform to factor large primes. If you base your crypto method on something not vulnerable to to a quantum fourier transform, or if, with your decryption method you absolutely must get the right answer, you can end up back at brute force.

    Quantum cryptography is really not related to quantum computing all that much. They both rely on entanglement, but trying to extract some quantum state of two entangled things (nuclear or electron states most likely) isn't really a computational problem that computing, quantum or otherwise exists to solve. There are lots of practical challenges to quantum cryptography, the short version of which is that a single thing in a specific quantum state is hard to pin down, but lots of stuff (polarized light, atoms in excited states etc.) all happen with a distribution of states. If you were to communicate inside a device this limitation isn't really a problem, but if you need to send data from New York to LA it's very hard to send a single photon or atom (at least for the moment), and if you're sending a million photons, in some collection of quantum states it's somewhat harder to guarantee security. I'm being a bit handwavy here, but a few years ago I did a simple demo quantum crypto project with polarized light, for a couple of hundred dollars in hardware borrowed from an optics lab for an afternoon it worked pretty well. Over the length of a table. Scaling up to fibre optics that move any meaningful distance isn't impossible, but if done wrong you end up rapidly defeating your own crypto system.

    For those who don't know, a quantum computer can factor products of primes in polynomial time, with a certain probability of success, but right now because you can't build quantum computer which more than a few qubits you are limited to trivial problems. If you could build a multi-million qubit system you could, with a certain probability of success, factor large products primes such as those used in cryptography in polynomial time.

  7. What exactly is being broken by quantum computers? by vadim_t · · Score: 4, Interesting

    People generally mention that quantum computing will spell the doom for current crypto, but from what I read on different sites, it seems that it's not exactly that. So I would really appreciate if somebody could clarify it. For instance, on Wikipedia there is this:

    Integer factorization is believed to be computationally infeasible with an ordinary computer for large integers if they are the product of few prime numbers (e.g., products of two 300-digit primes).[5] By comparison, a quantum computer could efficiently solve this problem using Shor's algorithm to find its factors. This ability would allow a quantum computer to decrypt many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of digits of the integer) algorithm for solving the problem.

    It has been proven that applying Grover's algorithm to break a symmetric (secret key) algorithm by brute force requires roughly 2n/2 invocations of the underlying cryptographic algorithm, compared with roughly 2n in the classical case,[10] meaning that symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover's algorithm that AES-128 has against classical brute-force search

    So, the problem is only for public key crypto, and for AES we just switch to 512 bit keys and no problem? Also if quantum computers don't do all that great against AES, wouldn't be it just a problem of finding somethinig else they have trouble with that could be used for public key crypto?

  8. Re:Cracking isn't the problem by jimicus · · Score: 5, Informative

    Thing is, much of the time you can be pretty sure that a particular string of plaintext will appear at least somewhere in the decrypted result.

    In the case of your credit card number, for example, there's a few things we can do to eliminate most of the apparently valid numbers:

    • Mastercard and Visa both allocate the first four digits of card numbers to individual banks. These blocks don't overlap between card types - there's no such thing as a Mastercard that begins with 4547, for instance. If I know where you live, I can take a reasonable guess that your card was issued by a bank in your country and immediately rule out any numbers that weren't allocated to a bank in your country.
    • Banks frequently use a predictable pattern to fill the rest of the card number, such as account number (which may itself have a check digit, so you essentially wind up with two check digits in the card number). If you know what patterns the banks in your country use, you can cut down the potential matches further.
    • Beyond this, we probably need insider knowledge of the banks own processes - what numbers have/have not been allocated yet? Can we figure out from the card number when the associated account was opened? - if you're 25 years old, it's unlikely you'll have a number indicating a 30 year old account.
  9. Re:The U.S. government is VERY corrupt. by Anonymous Coward · · Score: 5, Insightful

    I rather think that the FBI is quite careful to check that you are not in the house before they go in. They probably have someone trailing you who will warn them if you start heading home or if they lose track of where you are. They are not idiots and have no interest in getting into a firefight unnecessarily.

    Basically, stop being stupid. The FBI is not going round breaking into people's houses willy-nilly. They entered those specific houses because they had probable cause to believe that their occupants were hostile agents of a foreign power engaged in illegal espionage, and they had acquired warrants to do so, supported by oath and particularly describing the places to be searched and the things to be seized. Are you seriously complaining because government agents obeyed the Constitution to the letter in the course of exercising their duty to uphold the rule of law?! I can scarcely believe that any American would display such contempt for the principles on which your hard-won freedom is founded.

  10. no need for multi-million qubits by Ignatius · · Score: 4, Interesting

    A couple of thousands do (about 5 times the lenght of the number you want to factor). But what you really need is the ability to perform multi-billion gate-operations (while the QFT itself is quadratic, Shor also uses modular exponentiation which makes it a cubic O(n^3) algorithm) within the decoherence time (usually measured in milliseconds or seconds) and with a technical accuracy to the tune of 99.9999999% - a quantum computer is, after all, an analogous device: qubits don't "lock in"; a NOT-gate e.g. thus has to be an exact 180 deg; rotation and neither 179.999 nor 180.001 deg (does not matter for a couple of gates in toy problems but those imperfections add up).

    Quantum error correction can somewhat mitigate the former problem (at the cost of about one order of magnitude overhead in both space and time) but not the later. So if it's feasible at all (which is by no means certain as there might be hidden constraints on scalability), we probably won't live to see it.

    ignatius