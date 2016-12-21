NIST Asks Public For Help With Quantum-Proof Cryptography (securityledger.com) 64
chicksdaddy quotes a report from The Security Ledger: With functional, quantum computers on the (distant?) horizon, The National Institute of Standards and Technology (NIST) is asking the public for help heading off what it calls "a looming threat to information security:" powerful quantum computers capable of breaking even the strongest encryption codes used to protect the privacy of digital information. In a statement Tuesday, NIST asked the public to submit ideas for "post-quantum cryptography" algorithms that will be "less susceptible to a quantum computer's attack." NIST formally announced its quest in a publication on The Federal Register. Dustin Moody, a mathematician at NIST said the Institute's main focus is developing new public key cryptography algorithms, which are used today to protect both stored and transmitted information. "We're looking to replace three NIST cryptographic standards and guidelines that would be the most vulnerable to quantum computers," Moody said. They are FIPS 186-4, NIST SP 800-56A and NIST SP 800-56B. Researchers have until November, 2017 to submit their ideas. After the deadline, NIST will review the submissions. Proposals that meet the "post-quantum crypto" standards set up by NIST will be invited to present their algorithms at an open workshop in early 2018.
So, they want a code less vulnerable to math... good luck with that.
Solution: One time pad; "mathematically unbreakable encryption",
Especially since Quantum Computing only breaks current public key encryption, not even some current shared key algorithms, and keys are much easier to exchange than giant pads.
OK. First off, "giant pads" is at best a clumsy phrase, so let's not beat around the bush, just call them MaxiPads.
Once that is done it should be no problem getting replenishment from a 7-11 "Flirtey drone".
How does it handle counterfeit or lost messages? Not so well, I bet. Why would I want to spend more time securely obtaining one time pads than actually communicating?
I think it would work like this:
You go to your bank to open an account. While you are filling out paperwork and supplying a thumb-print (thank you 9/11 terrorist - NOT!) the bank generates a very long one-time pad that should provide enough coverage for several year's worth of communications. They keep a copy and they give you a copy. The pad is probably signed with the bank's public key so you know it is really from the bank.
To detect lost messages, every communication will include either an index into
Also, to avoid pad exhaustion, the pad would probably be used to generate temporary/ephemeral symmetric keys and for some other things like the initial setup of the communication. The actual "meat" of the communication would be encrypted with the ephemeral, symmetric keys.
And oops! It's no longer a one-time pad. As soon as you start using an algorithm, by its very nature, you're now leaking a very slight amount of information, because the output is no longer actually random either. This exactly why a one-time pad isn't practical for most applications. It's only effective if it's the same length as the message being encrypted. Any attempt to "cheat" and you compromise the encryption integrity.
Besides, modern ciphers actually DO use true random numbers to generate the ini
The point is, that it's the Diffie-Hellman which is going to be broken by quantum computing, presumably. So you might want to be careful with that 'impossible' - this is exactly what the article is about.
Re: (Score:3)
Solution: One time pad; "mathematically unbreakable encryption",
A concept born in 1882, and yet NIST is still looking for a solution in 2017.
Hmmm...
That's more or less what we have now, until quantum computing is real. You don't need a quantum computer to use post-quantum cryptography [wikipedia.org].
What I haven't seen is how quantum simulators [phys.org] rate as a threat.
Not Hard (Score:1)
This is a bad idea. We're in a weapons race, and so long as we keep playing the game, successive generations of crypto will be subject to attack. We need an end-run around the problem, which means changing how we think about encryption and data security.
Encryption should begin with a physical exchange of one-time pads. If you open a bank account, you should get a key to it. The key is an exhaustible one-time pad you use to encrypt transmissions to and from the bank. You plug it into a machine which runs pac
Re: Not Hard (Score:5, Insightful)
Ffs..
So.. You will personally go and visit each and every web site you want to access privately?
Physically visit every inline store you want to deal with?
Then secure all that data carefully! Remember.. If anyone gets a copy.. All security is give.. At either end!
You need to think about things for more than 30 seconds.
Or perhaps you should accept that armchair 'experts' like you who think this is so easy are actually a big part of the problem?
Good crypto is hard.. QC proof crypto will be harder.. Such is life.
The major historical mistake to avoid is over complex 'standards' that are therefore never implemented or used correctly (I am looking at you ipsec..)
So.. You will personally go and visit each and every web site you want to access privately?
The obvious solution, if you could trust your government, would be to have them handle the issuance of one-time pads. Since you can't, you can still use the technology for banking, dealing with social security, or for several other purposes without undue inconvenience.
Of course not. You build an infrastructure based on the premise of physical distribution of one-time pads. That doesn't mean you personally visit every web site you interact with; it means you assume that encryption of a website is breakable and you make the important sites uncrackable by using one-time pads. There are lots of ways to play around with the model and lots of weak points in bad implementations, but fundamentally any encryption algorithm other than that is breakable eventually. It's a much bett
That works in some contexts (Score:1)
Banking with your local bank branch, fine.
Sending in an online application to a graduate school a thousand miles away, not so much.
Okay, I take that back: Physical "in person" key exchange could be done if you did your key exchange "in person" with agents acting on the other party's behalf, with the key sealed in a tamper-evident packaging and optionally encrypted with your public key. Oh way, scratch that optional part, or we will be reasoning in circles.
Besides, one-time pads can be compromised.
I do agr
One time pad is a time machine, not a crpto algori (Score:2)
Suppose that that Bob and Alice have a secure channel now, that they will not have in the future. They will have an insecure channel in the future. A OTP allows them to exchange messages now, that have not been written yet! A OTP is a message time machine. It allows you to securely exchange a message now, that you intend to write in the future.
After they exchange a
Re: One time pad is a time machine, not a crpto al (Score:1)
I found Bob and murdered him. I have the codes, now what? Can I get your data?
Post backdoor (Score:3, Interesting)
NIST are hardly credible at this point, they previously were involved in the Dual EC fake random number generator, and now they're an agency under the Executive of Russian puppet leader, Trump. No credibility, means no trust.
FBI has demanded backdoors, Trump has said he'll give them their backdoors. NIST are the backdoor implementers.
Re:Post backdoor (Score:5, Interesting)
One should not trust NIST, but that doesn't stop NIST from providing a forum where trustworthy theoreticians can spar, and that's a helpful thing for them to do. It's not like they are entirely evil, just their decisions should not be trusted, but rather reviewed by the cryptomath community and either endorsed or criticized.
Basically any government entity is going to be torn between wanting to break crypto (for cointel) and wanting to use it (for their own security or for the fact that it is pretty damn essential to a continuing economy.) They'll do some good things, and they'll do some bad things, but at least they'll do something, rather than just sitting on their hands.
Please implement your own encryption without any of our nasty backdoor review process! We're totally sure that it will be perfectly secure because we didn't put in a backdoor! NO REALLY!
-- The NSA
there is going to be lag between when Quantum Computers can decrypt classical based algorithms and when Quantum Cryptography can be used. They must think it's long enough to find more robust classical algorithms. Probably not going to help
The two concepts are related but not identical.
Practical quantum cryptography means sending quantum messages over long distances - anything less than halfway across the world leaves room for improvement - while quantum computing, which includes fast description of classical encryption algorithms - is typically done in one location.
I expect well-funded parties will be able to routinely decript 512-bit-and-smaller factor-based algorithms in a reasonable amount of time (less than a year) and cost (less than $1
Done (Score:1)
They can write me a check.
The NSA!? (Score:1)
They are the sheeps in the wolves clothing here. They well not allow anything they can't break.
They are the sheeps in the wolves clothing here.
I think the NSA re-worded your message for you. Did you mean carnivors dressing up as herbivors by any chance?
Post Quantum Cryptography (Score:4, Informative)
Ask a perl programmer (Score:1, Offtopic)
"Falken: W.P.O.R.: (Score:2, Insightful)
A strange game. The only winning move is not to play." ~ War Games - 1983
Encryption is not the solution; it's the problem.
Quantum computers can't do a goddam thing better than what we already do except faster.
The best new approach is to change paradigms.
I'm not 16 anymore and I don't have enough time left to figure it out.
That's the way to go, though.
The problem with security today is the fucking DNA of the first computer ever built.
The first automobile should have had seat belts.
It was WOPR, not WPOR.
D-Wave can't run Shor's algorithm, but... (Score:2)
I am not a Cryptographer... (Score:2)
I'm not up on cryptography but from what I understand most encryption standards have a way to tell if a data set is decrypted correctly. Correct?
So couldn't you implement a cypher that has no way to verify the result -- put in a key, any key, get an output file. If the proper key is used the output file is an encrypted file that can be decoded using another key, and a different encryption system that does a check for correctness.
Wouldn't that greatly increase the difficulty in cracking the code? The file wo
You've simply doubled the length of the key. Good (Score:2)
It sounds to me like you've simply doubled the length of the key. Actually slightly worse than that due to collisions. You'd be more secure encrypting 128 bit blocks with a 128 bit key than encrypting a 64 bit block with a 64 bit key, then with another 64 bit key.
It should be noted that making the key twice as long does NOT make it twice as hard to decrypt. Rather it SQUARES the time required. A 129 bit key takes twice as long as a 128 bit key (assuming blocks are long enough etc.) So your idea DOES ma
One time pad (Score:2)
If you want unbreakable crypto... One time pad.
and here someone says "but MOOOOOM its hard!"... no it isn't.
How many gigs of communication do you need to secure per device? Lets presume that there are LEVELS of security that can be secured with varying levels of security.
Naturally it is impractical to secure everything with the one time pad type encryption. Which to be clear would be a very large file stored on the sender and receiver and the data being encrypted would use only a portion of that seed data t
Guess verification (Score:2)
if you want to crack encryption with a powerful computer, you need a means to algorithmically verify your guesses. This is what you need to make hard. Essentially you need a way of encoding messages such that there are many many plausible decryptions. As such, if you took a dictionary of the most common 5000 English words, and forced all communications to use those, and only standard English grammar, you could algorithmically map strings of integers to English words and phrases. There are many ways to do th
