Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Government Businesses Encryption Security United States

America's NIST Seeks Public Comments on Cybersecurity and Cryptography ( 55

An anonymous Slashdot reader writes: The National Institute of Standards and Technology has its own "Commission on Enhancing National Cybersecurity," and this week they issued a call for public comments on "current and future challenges" involving critical infrastructure cybersecurity, the concept of cybersecurity insurance, public awareness, and the internet of things (among other topics) for both the private and public sector.
Long-time Slashdot reader Presto Vivace quotes The Hill: it is specifically asking for projections on policies, economic incentives, emerging technologies, useful metrics and other current and potential solutions throughout the next decade... Comments will be due by 5 p.m. on September 9.
Internet services "have come under attack in recent years in the form of identity and intellectual property theft, deliberate and unintentional service disruption, and stolen data," writes NIST. "Steps must be taken to enhance existing efforts to increase the protection and resilience of the digital ecosystem, while maintaining a cyber environment that encourages efficiency, innovation, and economic prosperity."

Separately, NIST is also requesting comments on a new process to "solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms... If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere... NIST plans to specify preliminary evaluation criteria for quantum-resistant public key cryptography standards."
This discussion has been archived. No new comments can be posted.

America's NIST Seeks Public Comments on Cybersecurity and Cryptography

Comments Filter:
  • Quote from article: "If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use."

    Public key cryptosystems refers to asymmetric cryptography. What is it about symmetric cryptography that makes it resistant to quantum attacks?

    • by Anonymous Coward

      Asymetric cryptography relies on mathematical problems, such as factoring very large numbers for security. In traditional algorithms, factoring large numbers (4096 bits) takes simply too long. However, there are KNOWN quantum algorithms that can tackle those problems quickly enough. Symmetrical algorithms do not rely on this class of problem for safety.

    • by cryptizard ( 2629853 ) on Saturday August 13, 2016 @06:30PM (#52697457)
      Symmetric ciphers like AES are constructed in a fundamentally different way compared to public-key ciphers. Symmetric ciphers rely on confusion and diffusion, shuffling and mixing the bits of the input in such a way that it is very difficult to recover the plaintext unless you know the key that parameterized the process. Security is based on the complexity and non-linearity of the operations, but they are essentially very "messy" in how they transform plaintext into ciphertext. Take a look at a diagram describing AES and you will see what I mean.

      Public-key ciphers on the other hand are conceptually simple but rely on the hardness of some fundamental mathematical operation, e.g. factoring, discrete log, etc. It turns out that there are quantum algorithms to solve some of these problems efficiently. It also turns out though that there is something called Grover's algorithm, which actually does let quantum computers break symmetric crypto faster than a standard computer. Fortunately, it only turns O(N) work into O(sqrt(N)), which is not that bad. Effectively this means that AES-128 only has 64 bits of security against a quantum computer, and AES-256 only has 128 bits.
      • These keys can be lengthened pretty simply. The length of these keys has been kept short through federal regulation, not through overwhelming technological difficulty in lengthening them.

        • by chill ( 34294 )

          What federal regulation would that be? "Export grade encryption" restrictions were removed back in 1996. It has been 20 years already (OMG, I'm old).

          There is no federal regulation that I am aware of that limits key length. Citation please.

          • I'm afraid you're mistaken. The first set of regulations were lifted s a violation of First Amendment rights, but they were effectively transferred the US Commerce department. They are still restrictive, and still prevent the activation of ubiquitous encryption at the NIC level.

            https://www.federalregister.go... []
            Permission to sell network equipment overseas often relies on the installation of backdoors for government access. These keys ha

            • On review, I was unclear. The arbitrary enforcement of the remaining regulations by the Department of Commerce effectively hinders, robust encryptyon, including the increase of key lengths. Only those technologies deemed "suitable" by the Department of Commerce are allowed export license. The standards are no longer so clear, but similar to those The licensing and approvals necessary to provide robust encryption as a general practice are so burdensome that network equipment vendors find themselves fiscally

              • by chill ( 34294 )

                It has been a while since I've dug thru the DoC EAR, but from what I remember -- and what I seem to glean from digging thru your link to the Fed Reg -- is that most of this applies only if you're using proprietary encryption. The use of open source algorithms where you provide the relevant source code, such as using AES, Blowfish, or TwoFish, is an exemption.

                To be clear, I'm talking about mass market stuff which gets the MMKT designation, nor crypto gear primarily sold to foreign governments.

                If using only t

        • I don't think there is any pressure to keep keys small, we already have AES-256 which nobody uses because we don't actually need that much security. If quantum computers came around AES-256 would still be perfectly secure.
          • by NotAPK ( 4529127 )

            My understanding is that due to problems with key schedules 256bit AES is less secure than 128bit. Ref [].

            • For some definitions of "less secure". There are better attacks against AES-256, but even so the total amount of security against the strongest known attacks is still higher. In the link you posted from Bruce Schneier it says AES-256 has 176 bits of security vs 119 for AES-128.
              • by NotAPK ( 4529127 )

                Sure, but he then goes on to state: "And for new applications I suggest that people don't use AES-256. AES-128 provides more than enough security margin for the forseeable future."

                But I don't want to quote him out of context, he then adds: "But if you're already using AES-256, there's no reason to change."

                As usual with crypto it will come down to exactly what you are doing and what threat models you are prioritizing your defense against.

                • Yeah I have been saying that to other people here. There is no point in using AES-256 because it is barely more secure than 128, if at all. In exchange for being a lot slower. It just doesn't make sense.
    • by guruevi ( 827432 )

      Asymmetric keys rely on factorization of huge numbers to generate a 'distributable' key. Factorization of a single number is relatively complex, it takes a really, really long time with our current computers to factor any number. If you have to factor numbers quantum computing is promised/theorized to be able to do this instantly or at least very quickly, if you can 'factor' any huge number instantly you can make quick guesses until you have a matching combination.

      Symmetric keys rely on secrets. Everyone in

      • It's not twice as fast, it is sqrt(N) times as fast where N is the number of possible keys. You might be thinking 'half' because this implies that the security in bits of a scheme will be half as much against a quantum computer.
  • Behind concrete walls, inside a Faraday cage, no mics, in fact just go back to paper.

  • by destinyland ( 578448 ) on Saturday August 13, 2016 @06:01PM (#52697377)
    I was going to suggest that they re-name their commission "Boaty McBoatface"
  • Look up Warrant Canary and display one to ensure your activities and promotions are pure and not compromised. "Warrant canary" is a colloquial term for a regularly published statement that a service provider has not received legal process that it would be prohibited from saying it had received, such as a national security letter. - Canary Watch
    • The one thing I don't understand about warrant canaries is, what is the end game? Suppose I am a company that makes some kind of security product and I have a warrant canary posted on my website. If the government really doesn't like what I am doing they can just rustle up a warrant to get something from me, then I take down the canary and everyone stops using my system, effectively destroying it. How does that help anyone? It just exposes an easy button to DoS you.
  • If we eliminate ambient authority, it would go a long way towards fixing this whole mess. Having operating systems which blindly trust applications to do the right thing is just stupid. This was figured out back in the early 1970s, but nobody seems to have learned the lesson.

    Capability Based Security is a way to never trusting applications, in a user friendly way... just raising awareness of it is a good first start.

  • by EmperorOfCanada ( 1332175 ) on Saturday August 13, 2016 @11:35PM (#52698373)
    The NIST has been tainted by the NSA. So any comment must first ask, "How can we know that this taint is gone?"
    • The NIST has been tainted by the NSA. So any comment must first ask, "How can we know that this taint is gone?"

      This taint tastes a little bit like shit...

  • by Sir Holo ( 531007 ) on Saturday August 13, 2016 @11:36PM (#52698377)

    FTS: ... "current and future challenges" involving critical infrastructure cybersecurity ...

    You secretly colluded with the NSA on back-dooring elliptical-curve cryptography (in effect, by not disclosing weaknesses).

    Now you want us to offer you FREE suggestions on the current frontiers of mathematical cryptography?!?

    Eat my shit. If I (or anyone else with a brain) had a body of work designed to out-smart quantum (annealing) computers, we would keep it very, very secret. We would not even disclose to USPTO or via a PCT disclosure.* Nuh-uh! It would be for sale to the highest bidder – a private transaction. NIST's recorded willingness to bend over and take it in the ass for the NSA has squandered the entire institution's integrity.

    * It really does happen. An invention disclosure can be ruled by the USPTO to be so significant to National Security that they basically 'take it black,' usually at DOD behest. "Thanks for all of your hard work on that thing..."

  • We no longer trust you so go die in a fire.

1 Mole = 007 Secret Agents