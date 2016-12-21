Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Encryption Government Communications Network Networking Security

NIST Asks Public For Help With Quantum-Proof Cryptography (securityledger.com) 64

Posted by BeauHD from the better-be-safe-than-sorry dept.
chicksdaddy quotes a report from The Security Ledger: With functional, quantum computers on the (distant?) horizon, The National Institute of Standards and Technology (NIST) is asking the public for help heading off what it calls "a looming threat to information security:" powerful quantum computers capable of breaking even the strongest encryption codes used to protect the privacy of digital information. In a statement Tuesday, NIST asked the public to submit ideas for "post-quantum cryptography" algorithms that will be "less susceptible to a quantum computer's attack." NIST formally announced its quest in a publication on The Federal Register. Dustin Moody, a mathematician at NIST said the Institute's main focus is developing new public key cryptography algorithms, which are used today to protect both stored and transmitted information. "We're looking to replace three NIST cryptographic standards and guidelines that would be the most vulnerable to quantum computers," Moody said. They are FIPS 186-4, NIST SP 800-56A and NIST SP 800-56B. Researchers have until November, 2017 to submit their ideas. After the deadline, NIST will review the submissions. Proposals that meet the "post-quantum crypto" standards set up by NIST will be invited to present their algorithms at an open workshop in early 2018.

NIST Asks Public For Help With Quantum-Proof Cryptography More | Reply

NIST Asks Public For Help With Quantum-Proof Cryptography

Comments Filter:

  • Oxy-morons (Score:1)

    by Anonymous Coward

    So, they want a code less vulnerable to math... good luck with that.

    • Re: (Score:2)

      by ls671 ( 1122017 )

      Solution: One time pad; "mathematically unbreakable encryption",

      • Solution: One time pad; "mathematically unbreakable encryption",

        A concept born in 1882, and yet NIST is still looking for a solution in 2017.

        Hmmm...

    • Re: (Score:2)

      by skids ( 119237 )

      That's more or less what we have now, until quantum computing is real. You don't need a quantum computer to use post-quantum cryptography [wikipedia.org].

      What I haven't seen is how quantum simulators [phys.org] rate as a threat.

  • This is a bad idea. We're in a weapons race, and so long as we keep playing the game, successive generations of crypto will be subject to attack. We need an end-run around the problem, which means changing how we think about encryption and data security.

    Encryption should begin with a physical exchange of one-time pads. If you open a bank account, you should get a key to it. The key is an exhaustible one-time pad you use to encrypt transmissions to and from the bank. You plug it into a machine which runs pac

    • Re: Not Hard (Score:5, Insightful)

      by thesupraman ( 179040 ) on Wednesday December 21, 2016 @10:52PM (#53535225)

      Ffs..

      So.. You will personally go and visit each and every web site you want to access privately?
      Physically visit every inline store you want to deal with?
      Then secure all that data carefully! Remember.. If anyone gets a copy.. All security is give.. At either end!

      You need to think about things for more than 30 seconds.

      Or perhaps you should accept that armchair 'experts' like you who think this is so easy are actually a big part of the problem?

      Good crypto is hard.. QC proof crypto will be harder.. Such is life.
      The major historical mistake to avoid is over complex 'standards' that are therefore never implemented or used correctly (I am looking at you ipsec..)

      • So.. You will personally go and visit each and every web site you want to access privately?

        The obvious solution, if you could trust your government, would be to have them handle the issuance of one-time pads. Since you can't, you can still use the technology for banking, dealing with social security, or for several other purposes without undue inconvenience.

      • Ffs..

        So.. You will personally go and visit each and every web site you want to access privately?
        Physically visit every inline store you want to deal with?
        Then secure all that data carefully! Remember.. If anyone gets a copy.. All security is give.. At either end!

        You need to think about things for more than 30 seconds.

        Or perhaps you should accept that armchair 'experts' like you who think this is so easy are actually a big part of the problem?

        Good crypto is hard.. QC proof crypto will be harder.. Such is life.
        The major historical mistake to avoid is over complex 'standards' that are therefore never implemented or used correctly (I am looking at you ipsec..)

        Of course not. You build an infrastructure based on the premise of physical distribution of one-time pads. That doesn't mean you personally visit every web site you interact with; it means you assume that encryption of a website is breakable and you make the important sites uncrackable by using one-time pads. There are lots of ways to play around with the model and lots of weak points in bad implementations, but fundamentally any encryption algorithm other than that is breakable eventually. It's a much bett

        • You are extremely ignorant of modern encryption. Ciphers like AES have existed for 15+ years and never had any significant attacks against them. To brute force AES-256 you would exhaust all the energy in the universe. AES is also not vulnerable to attacks by quantum computers. You act like the sky is falling when in reality there have been very few fundamental breaks on cryptographic primitives. Every significant attack in the last decade has been on implementations and protocols, which would be equall

    • Banking with your local bank branch, fine.

      Sending in an online application to a graduate school a thousand miles away, not so much.

      Okay, I take that back: Physical "in person" key exchange could be done if you did your key exchange "in person" with agents acting on the other party's behalf, with the key sealed in a tamper-evident packaging and optionally encrypted with your public key. Oh way, scratch that optional part, or we will be reasoning in circles.

      Besides, one-time pads can be compromised.

      I do agr

    • People are thinking about one time pads in the wrong way. OTPs should be thought of not as a crypto algorithm, but rather as a time machine!

      Suppose that that Bob and Alice have a secure channel now, that they will not have in the future. They will have an insecure channel in the future. A OTP allows them to exchange messages now, that have not been written yet! A OTP is a message time machine. It allows you to securely exchange a message now, that you intend to write in the future.

      After they exchange a

  • Post backdoor (Score:3, Interesting)

    by Anonymous Coward on Wednesday December 21, 2016 @10:47PM (#53535179)

    NIST are hardly credible at this point, they previously were involved in the Dual EC fake random number generator, and now they're an agency under the Executive of Russian puppet leader, Trump. No credibility, means no trust.

    FBI has demanded backdoors, Trump has said he'll give them their backdoors. NIST are the backdoor implementers.

    • Re:Post backdoor (Score:5, Interesting)

      by skids ( 119237 ) on Wednesday December 21, 2016 @11:07PM (#53535273) Homepage

      One should not trust NIST, but that doesn't stop NIST from providing a forum where trustworthy theoreticians can spar, and that's a helpful thing for them to do. It's not like they are entirely evil, just their decisions should not be trusted, but rather reviewed by the cryptomath community and either endorsed or criticized.

      Basically any government entity is going to be torn between wanting to break crypto (for cointel) and wanting to use it (for their own security or for the fact that it is pretty damn essential to a continuing economy.) They'll do some good things, and they'll do some bad things, but at least they'll do something, rather than just sitting on their hands.

    • Please implement your own encryption without any of our nasty backdoor review process! We're totally sure that it will be perfectly secure because we didn't put in a backdoor! NO REALLY!
      -- The NSA

  • https://en.wikipedia.org/wiki/... [wikipedia.org]

    They can write me a check.

  • They are the sheeps in the wolves clothing here. They well not allow anything they can't break.

    • Re: (Score:1)

      by davidwr ( 791652 )

      They are the sheeps in the wolves clothing here.

      I think the NSA re-worded your message for you. Did you mean carnivors dressing up as herbivors by any chance?

  • so why are they still around if the Public constantly has to rectify them?

  • Post Quantum Cryptography (Score:4, Informative)

    by 1 a bee ( 817783 ) on Wednesday December 21, 2016 @11:15PM (#53535299)
    Here's a good wikipedia page https://en.wikipedia.org/wiki/... [wikipedia.org] summarizing the known approaches. Interestingly, most symmetric encryption schemes seem to be secure (you just need to increase the key size apparently): it's the public/private schemes that are in trouble.
  • They can take pretty much any concept and turn it into a hopelessly indecipherable mess that nobody else would ever be able to understand without guidance from the writer.... so I'm thinking they must be onto some pretty sophisticated encryption techniques right there.

  • A strange game. The only winning move is not to play." ~ War Games - 1983

    Encryption is not the solution; it's the problem.

    Quantum computers can't do a goddam thing better than what we already do except faster.

    The best new approach is to change paradigms.

    I'm not 16 anymore and I don't have enough time left to figure it out.

    That's the way to go, though.

    The problem with security today is the fucking DNA of the first computer ever built.

    The first automobile should have had seat belts.

    • It was WOPR, not WPOR.

    • Your post belies a significant misunderstanding of complexity theory. If we could do what we do today, only faster, then the world would be quite a different place than it is now. If we could constructively show that P = NP, we could make strong AI, cure most if not all diseases and revolutionize every field of science for a start. Quantum computers are able to solve problems in polynomial time (denoted QP) that classical computers are not known to be able to (good ol' P). That is a much bigger deal tha
  • I'm not sure I 100% understand this (but then it was Dr. Feynman who said that if you think you understand quantum mechanics then you don't)... but I read this 2002 paper by MS research that gives a method of transforming biprime factorization into an optimization problem [microsoft.com]. Optimization problems are exactly what D-Wave's quantum annealing machine can do (very well)... so doesn't this kind of break RSA? Can somebody point me to the place where I can learn that I'm wrong and can start trusting RSA PKI again?
    • The reason the D-Wave doesn't "break" RSA is that it can only do quantum annealing, which as you say is basically a search algorithm. It does not give exponential increases in efficiency like a theoretical "complete" quantum processor would. For instance, using Shor's algorithm one can factor an N bit number in time something like O(log^2 N), compared to the best algorithm on a classical computer which is something like O(N^(1/3)). In the best case, quantum annealing allows one to do a search which would

  • I'm not up on cryptography but from what I understand most encryption standards have a way to tell if a data set is decrypted correctly. Correct?

    So couldn't you implement a cypher that has no way to verify the result -- put in a key, any key, get an output file. If the proper key is used the output file is an encrypted file that can be decoded using another key, and a different encryption system that does a check for correctness.

    Wouldn't that greatly increase the difficulty in cracking the code? The file wo

    • It sounds to me like you've simply doubled the length of the key. Actually slightly worse than that due to collisions. You'd be more secure encrypting 128 bit blocks with a 128 bit key than encrypting a 64 bit block with a 64 bit key, then with another 64 bit key.

      It should be noted that making the key twice as long does NOT make it twice as hard to decrypt. Rather it SQUARES the time required. A 129 bit key takes twice as long as a 128 bit key (assuming blocks are long enough etc.) So your idea DOES ma

    • People have already tried this, they called it 2DES. It is a classical example you learn in an intro to cryptography course because it actually does not add any security at all. You can do something called a "meet-in-the-middle" attack where you try to decrypt from the right side and encrypt from the left side at the same time, looking for collisions in the middle. This means that even though you use two keys, you don't have to attack them in conjunction you can attack them separately giving you only one

  • If you want unbreakable crypto... One time pad.

    and here someone says "but MOOOOOM its hard!"... no it isn't.

    How many gigs of communication do you need to secure per device? Lets presume that there are LEVELS of security that can be secured with varying levels of security.

    Naturally it is impractical to secure everything with the one time pad type encryption. Which to be clear would be a very large file stored on the sender and receiver and the data being encrypted would use only a portion of that seed data t

  • if you want to crack encryption with a powerful computer, you need a means to algorithmically verify your guesses. This is what you need to make hard. Essentially you need a way of encoding messages such that there are many many plausible decryptions. As such, if you took a dictionary of the most common 5000 English words, and forced all communications to use those, and only standard English grammar, you could algorithmically map strings of integers to English words and phrases. There are many ways to do th

    • This is called deniable encryption and there are information theoretic lower bounds on what you can actually accomplish with this unfortunately. Each ciphertext has to be carefully coded with full knowledge of what "domain" it comes from in order to produce other, plausible messages. It is incredibly cumbersome and not usable for real-world applications. For simple "spy games" it could be useful, but given the incredibly diversity of data that is encrypted on an average persons computer it is not practic

Slashdot Top Deals

It's not so hard to lift yourself by your bootstraps once you're off the ground. -- Daniel B. Luten

Close