Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Nearly Unbreakable" Encryption Scheme Inspired By Human Biology

Posted by timothy on from the just-ask-the-creator dept.

rjmarvin (3001897) writes "Researchers at the U.K.'s Lancaster University have reimagined the fundamental logic behind encryption, stumbling across a radically new way to encrypt data while creating software models to simulate how the human heart and lungs coordinate rhythms. The encryption method published in the American Physical Society journal and filed as a patent entitled 'Encoding Data Using Dynamic System Coupling,' transmits and receive multiple encrypted signals simultaneously, creating an unlimited number of possibilities for the shared encryption key and making it virtually impossible to decrypt using traditional methods. One of the researchers, Peter McClintock, called the encryption scheme 'nearly unbreakable.'

31 of 179 comments (clear)

  1. Crypto hype by Anonymous Coward · · Score: 5, Insightful

    Every intelligence everywhere can invent an encryption scheme it can't break.
    Don't ever use any crypto algorithm the experts haven't been attacking and publishing about for a while.

    1. Re:Crypto hype by Anonymous Coward · · Score: 2, Funny

      I wonder if this article got accepted due to a typo. Maybe a reviewer of the article wanted to comment "this is probably secure", but mistyped it as "this is provably secure".

    2. Re:Crypto hype by mikael · · Score: 2

      Heart and Lung rhythms are regulated using systems known as reaction-diffusion systems. An entire system is represented by a grid of cells, with every cell is at a particular state with a mix of chemicals, typicall named A,B,C ... There's the reaction part where A->2B, B->B+A, and then there's the diffusion part where the state of each cell is combined with it's neighbors. Each iteration calculates the new state of each cell, and applies the diffusion.

      Imagine if you stored your message as particular chemical levels, then ran a few thousand iterations - you would get a new unique state.

      But it would seem extremely hard to roll backwards.

      --
      Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
    3. Re:Crypto hype by Anonymous Coward · · Score: 3, Informative

      Yeah, if only cryptographers knew about such novel concepts as confusion and diffusion...

  2. Nearly Unbreakable by ArcadeMan · · Score: 3, Insightful

    The keyword here is nearly, which means it can be broken.

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:Nearly Unbreakable by geekmux · · Score: 2

      The keyword here is nearly, which means it can be broken.

      Yes, which means either they're being realistic in the sense that basically all forms of cryptography fall into this category, or they were wisely advised by their liability mitigation team.

      One thing manufacturers have learned when trying to advertise anything as idiotproof or bulletproof.

      There's always going to be some idiot out there making a bigger bullet.

      Or a pipe wrench.

    2. Re:Nearly Unbreakable by fustakrakich · · Score: 2

      Nearly unbreakable using traditional methods

      This won't take long

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Nearly Unbreakable by geekmux · · Score: 3, Insightful

      I can easily create an encryption system that is unbreakable. You just won't be able to get your data back.

      Then your statement is pointless, for you haven't made an encryption system at all. You've made a destruction system.

    4. Re:Nearly Unbreakable by Wootery · · Score: 3, Insightful

      Then it wouldn't be encryption. It would be hashing.

    5. Re:Nearly Unbreakable by ArcadeMan · · Score: 3, Funny

      I'll remove "Data In, Garbage Out" from my features list.

      --
      Get free satoshi (Bitcoin) and Dogecoins
    6. Re:Nearly Unbreakable by Fnord666 · · Score: 3, Informative

      Yes, which means either they're being realistic in the sense that basically all forms of cryptography fall into this category,

      Please share with us your crack of the one time pad.

      --
      'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
    7. Re:Nearly Unbreakable by DMUTPeregrine · · Score: 4, Funny

      Aaah, I see you've used Oracle.

      --
      Not a sentence!
  3. Area of expertise by Sarten-X · · Score: 3, Interesting

    Not that I've actually done my own research, but what qualifications do these folks have to state the security of an encryption mechanism? Everybody who finds a new way to twist a message thinks it's secure.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  4. And next up, they claim to have cured cancer. by pla · · Score: 3, Insightful

    TFA contains no actual information, just an assertion that the interaction between poorly-described models of "biological" systems might kinda possibly maybe make them money because the world needs car door key fobs, or something like that.

    Deep.

  5. HEY SLASHDOT, THE FIRST LINK IS BROKEN by rjmarvin · · Score: 4, Informative

    It should link here:http://www.sdtimes.com/content/article.aspx?ArticleID=69025&page=1 Yeah, if you could fix it, that would be greaaaat.

    1. Re:HEY SLASHDOT, THE FIRST LINK IS BROKEN by ratnerstar · · Score: 5, Funny

      But the link is nearly unbreakable!

      --
      Just because you sold your soul to the devil that needn't make you a teetotaler. --The Devil and Daniel Webster
  6. Red flags by Anonymous Coward · · Score: 2, Insightful

    Red flag #1 publication to inappropriate forum. If your "breakthrough" in physics only got published in the Journal of English as a Foreign Language, it's most likely bunk. Likewise then, if you've got some crypto results and the best place you could find to publish them was a physics journal, that's a bad sign. There are journals about crypto. If this wasn't sent to them it means nobody serious has looked at this. If it was sent and they declined it means serious people laughed their heads off.

    Red flag #2 use of phrase "nearly unbreakable" which doesn't mean anything. Anybody who knew what the hell they were talking about would steer clear of that phrase, but oh my, if you're clueless it sounds impressive. So, probably clueless then.

  7. Meh by swillden · · Score: 4, Insightful

    I don't know whether or not this idea actually works, or what level of security it may or may not provide, but it's addressing an already thoroughly-solved problem. It appears to provide a symmetric key cipher, which means -- regardless of how radical the approach may or may not be -- it's in direct competition with algorithms like AES and the multitude of other well-respected and heavily-researched block and stream ciphers. The abstract and summary mention "an unlimited number of possibilities for a shared encryption key", but existing algorithms already provide enormous key spaces.

    Of course, some cryptanalytic breakthrough could provide a way to break all existing ciphers, but who's to say the same breakthrough wouldn't impact systems based on this idea. And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been, and I see no reason that this "Dynamic Systems Coupling" approach wouldn't be subject to the same kinds of problems.

    So... meh.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    1. Re:Meh by swillden · · Score: 2, Insightful

      I wonder if the crypto key is tied to your body.

      It's not. This has nothing to do with biology, other than being vaguely inspired by it. RTFA.

      If so, it's just as stupid as biometrics.

      After that information is stolen, you can't easily change it anymore.

      Biometrics aren't stupid. They're all wrong for most of the common situations where we see them applied, but they're not inherently a bad idea. And the common /. meme about them being useless because they can't be changed is ridiculous, and arises from the -- badly broken -- analogy between biometric identification and password authentication.

      Biometrics are useful as identifiers, and to the degree that the biometric scan and matching process can be trusted, you can bootstrap an identification to an authentication. The kicker is that level of trust. If the biometric scanner is deployed in a secure area, to ensure it's not tampered, and the scanning process is monitored to ensure that the object being scanned actually is the person to be identified, and the template storage and matching process are also adequately secured, then biometric authentication is awesome.

      Alternatively, if the scanner isn't secured or monitored and the if security of the template store and matcher are also questionable, biometrics still aren't completely useless -- they just don't provide a significant level of assurance. If what you need is an extremely convenient way to unlock access with such low security needs that your other realistic alternative is to leave it unsecured, then biometrics are also fine. For example, if in the absence of a fingerprint reader you would leave your phone entirely unlocked, then unlocking it with a fingerprint is an improvement.

      In between, in contexts where security requirements aren't high enough to justify all of the effort and expense needed to make biometrics really strong, but where some security is actually needed, then biometrics are useless. That doesn't make them stupid, it just makes them the wrong tool for the job.

      To use a car analogy, it's like trying to haul a 53-foot semi trailer with a Honda Civic. Or maybe with a Bugatti Veyron, which if you can get it attached somehow might actually have the power to move the trailer, but you can't call the result a functional freight transporter.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Meh by DMUTPeregrine · · Score: 2

      Biometrics are great to replace usernames. They can be the same everywhere with no ill effects, if an attacker learns the data/username it's not a problem, they're public, etc. They're terrible at replacing passwords.

      So of course they they get used to replace passwords.

      --
      Not a sentence!
  8. Anyone... by FuzzNugget · · Score: 4, Insightful

    Anyone can invent an encryption scheme so clever that he or she can't think of a way to break it.

  9. anyone can devise encryption they can't break by raymorris · · Score: 4, Insightful

    The author's claim that it's very hard to break only means that THEY don't know how to break it. That's meaningless, because anyone and everyone can come up with a puzzle they don't know how to solve. That doesn't mean it's hard, just that they don't know how it's done.

    A trivial example would be a kindergartener who might observe that if you encode a message by writing it with letters, they don't kow how to read that message. That's only because the kid doesn't know how to read. It in no way suggests that reading is impossible. For many Slashdot readers, compiling a message into a Windows resource file makes unreadable _to_them. Windows resource files are of course quite easy to read, if you know how. These researchers don't know how to read their own encoding. So what? That doesn't mean _I_ don't know how to read their stuff.

    Their scheme does have one attribute that's good - it can generate long keys. So can a random number generator. They MAY have a good idea, but we won't know until alot of other people try to break their encryption and fail.

    1. Re:anyone can devise encryption they can't break by swillden · · Score: 2

      They MAY have a good idea, but we won't know until alot of other people try to break their encryption and fail.

      Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.

      If you want to offer a new symmetric cipher, it needs to offer something more interesting than security. I think the most powerful characteristic that could be provided is simplicity, particularly if it not only makes the design transparent, but also facilitates verification of hardware and software implementations. Designed-in resistance against side channel attacks might be mildly interesting. Speed might be, but current ciphers are already very fast.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:anyone can devise encryption they can't break by swillden · · Score: 2

      Everyone knows the current encryption schemes can be broken if you can (even theoretically) throw enough resources at it.

      Everyone who "knows" this is dead wrong. Resource-based, brute-force attacks on, say, AES-256, are completely pointless.

      According to Landauer's Principle the lowest possible amount of energy required to perform a single elementary computation is 2.85*10^-21 J. This means that even with a perfectly-efficient computer, to perform 2^256 elementary computations (assuming that an AES-256 trial decryption is a single elementary operation, which it isn't, but I'll ignore that) you would need 3.3*10^56 J. That's a lot.

      How much? Well, suppose we built a Dyson sphere and captured the entire energy output of the sun to power our perfectly-efficient computer. The annual output of the sun is 1.2*10^34 J, which means we'd need 2.75*10^22 years of solar energy to complete the search for one key. One problem with that: The sun won't last that long.

      Okay, so instead of just using a Dyson sphere to capture naturally-produced solar energy, suppose we found a way to convert the entire mass of the sun to energy. The theoretical mass energy of the sun is 1.8*10^47 J. That means you'd actually need the mass of just under two billion suns -- as well as an ideal computer and the ability to gather and convert all of those suns to energy in order to perform 2^256 operations.

      As Bruce Schneier put it in the intro to Applied Cryptography, brute force of a 256-bit keyspace is impossible until computers are made of something other than matter and and occupy something other than space.

      Of course, the 128-bit keyspace is miniscule compared to the 256-bit key space... but it's still unimaginably huge. Well beyond anyone's capabilities for at least several decades, perhaps longer. Suppose you had a trillion computers, each of which could test a trillion keys per second, allowing you to test 10^24 keys per second. It would still take you 10 million years to search a 128-bit key space.

      No, if "everyone knows" current encryption schemes can be broken by application of enough resources, then everyone is wrong. At least, if the "resources" you're applying are computational brute force. "Rubber hose" cryptanalysis, on the other hand, is much cheaper and more effective. But this scheme, whatever other strengths or weaknesses it may have, is no more resistant to rubber hose cryptanalysis than any other.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  10. Key sharing? by Hentes · · Score: 3, Insightful

    There's nothing in the protocol description about key sharing. If you already have a way to share keys, why not just use a one time pad that's proven to be unbreakable?

  11. Re:bullshit by geekmux · · Score: 2

    I'm calling bullshit.

    I sense an underlying ambiguity in your message here, even with a common scent profile wafting between subject and comment...

    Are you suggesting someone has perhaps fabricated something that one would compare to bovine fecal matter for the sake of pure attention whoring?

    Why my good friend, I've never heard of such a thing. On the internet you say...

  12. geez, guys, give it a rest by stenvar · · Score: 4, Insightful

    The paper contains none of the cryptographic analysis necessary to show that this is a secure cryptographic system. It's just another one of these "let's take a chaotic dynamical system and use it for cryptography" papers.

    The paper doesn't tell you much about cryptography, but it does illustrate the failures of peer review.

  13. It looks bad to me. by TechyImmigrant · · Score: 3, Insightful

    From the abstract it seems that they are claiming:

    1) Boy, those chaotic systems look complex.
    2) Gee they can synchronize
    3) If we superimpose other chaotic systems on top, then it looks even more complexer.

    So something like Walsh codes implemented badly. Walsh codes have nothing to do with cryptography btw.

    What they haven''t shown is a lower bound for brute for attack complexity, or why it is resistant to any of the normal attack methods. I don't see why an imposter could not sync to the source the same way the intended recipient does. From the paper, I see several linear systems of equations describing the chaotic oscillators.

    This will fall fast when a real cryptographer has go at it.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  14. Re:Famous last words by dalias · · Score: 2, Insightful

    "Climate change" is not a "downgrade" to global warming. It's simply better wording to avoid denial from idiots who don't understand math (i.e. means) and say "wow it's really cold this winter, global warming is bs!" Nothing has changed; we still know the mean temperature is increasing and that the increase is caused by human activity. But the new wording is less susceptible to idiotic misinterpretation.

  15. Hm. by Animats · · Score: 4, Informative

    OK, first bypass the click troll and get to the actual paper.

    The general idea seems to be to transmit a large amount of noisy data per plaintext bit. Historically, crypto schemes which make the input much bigger are disfavored, but communications bandwidth is cheaper now and that might be OK.

    The author of the paper seems to have fallen into the old trap of thinking that that analog signals have infinite amounts of data in them. He writes things like ''The encrypting key space is unbounded." and "The choice of the form of coupling functions comes from a set of functions that is not bounded." ("High-end" audio people also fall for this.) In reality, at some point you hit a noise threshold, and, anyway, down at the bottom, electrons and photons are discrite. Also, to be usable, whatever is used for the key has to be of finite size, and preferably not too big.

    "No new cypher is worth looking at unless it comes from someone who has already broken a very hard one. - Friedman.

  16. Secure, yes, but Reliable? by Myu · · Score: 2

    Having a look at the paper, I can absolutely see that the encryption technique seems on the face of it to exceed computable solution. What I would need to be convinced about is the integrity of the communication; is what you get at the end of it guaranteed to be perfectly reflective of what you put into it?

    (I can also see a sketch proof to the effect that the overall system can be made reliable with a probability approaching 1 - for arbitrarily small , but that's macroscopic behaviour. Microscopic, the system looks like it's capable of handling very regular systems very well, but given the reliance on Bayesian inference will drop reliability for anything with some very likely inputs and some less likely outputs.)

    --
    Myu: ... The map's upside down...