[ISN] The Light That Cracks the Code

From: cult hero (jerichoat_private)
Date: Thu May 06 1999 - 01:07:57 PDT

  • Next message: cult hero: "[ISN] How much Damage did Mitnick Do?"

    Forwarded From: Erik Parker <netmaskat_private>
    The Light That Cracks the Code
    by Chris Oakes 
    A computer scientist has designed a light-based computer that could
    unscramble data to a degree well beyond that typically used in e-commerce. 
    "Twinkle," a yet-to-be-built crypto-cracking machine, was introduced
    Tuesday by famed computer scientist Adi Shamir at the Eurocrypt '99
    conference in Prague. 
    Shamir's Twinkle proves an oft-repeated point: To adequately hide
    electronic information from prying eyes, data needs to be locked up beyond
    the limits of technology in common use today. 
    The strength of a given cryptography scheme is expressed in the number of
    bits in the "key" required to unlock the code. For example, popular
    encryption programs used in the United States support the equivalent of
    1024- to 2048-bit security. Each additional bit doubles the strength of
    the cipher from trial-and-error attacks. 
    Twinkle can quickly determine the correct key for unlocking messages that
    have been encrypted with 512-bit keys, said Shamir, who is also
    co-inventor of the RSA public-key algorithm -- a de facto standard for
    Internet security. 
    "[This] remind[s] people that yes, what the experts have been saying about
    key size is really the case," said Burt Kaliski, chief scientist at
    pioneer encryption company RSA Data Security, which built its business
    around the encryption algorithm. 
    Kaliski said the Twinkle design confirms previous expectations about the
    appropriateness of RSA keys as long as 512 bits. But he emphasized that
    larger key sizes are still out of reach despite Shamir's advance. 
    "The primary impact [of Twinkle] is that it makes 512-bit keys for RSA
    more at risk than was previously considered," said Kaliski. "It will have
    a similar effect to the Deep Crack machine." 
    Deep Crack is a specially designed supercomputer that in July 1998 first
    cracked the level of encryption used to secure most nonclassified
    government data. In January 1999, with an Internet-wide volunteer computer
    effort and the Electronic Frontier Foundation behind the project, Deep
    Crack unlocked a message secured with the 56-bit Data Encryption Standard
    -- the equivalent of a 384-bit RSA key -- in a mere 22 hours and 15
    Deep Crack was designed to send a message to the US government that the
    strongest data-scrambling technology legally allowed to leave American
    shores is no longer strong enough to be useful. 
    Public-key cryptography is secure because it hinges on a mathematical
    truth -- it's very difficult to find two prime factors of another known
    number. The Twinkle machine would greatly accelerate the process of
    collecting equations, which is the first step in factoring a large number. 
    This step, known as "sieving," is a key to deciphering an RSA-encrypted
    The second step in the factoring process entails calculating the equations
    once they are collected, and it is the main method for determining an RSA
    key.  Twinkle stands for "The Weizmann Institute Key Locating Engine." 
    Unlike the purely electronic design of the conventional computer, Twinkle
    is based on optoelectronics, which uses light to transmit digital
    information, similar to the way fiber-optic cables rely on light instead
    of electrical impulses over copper wire to transmit signals. 
    Shamir estimates that the device would be as powerful as about 100 to
    1,000 PCs in the factoring process. 
    Further, the machine could be easily built with little funding. While the
    DES Cracker cost US$250,000 to construct, a Twinkle machine could be built
    for as little as $5,000, he said. 
    Bruce Schneier, president of cryptography firm Counterpane Systems said
    Shamir has come up with a very clever approach to an academic problem. 
    "This is brilliant, really brilliant stuff," Schneier said. "Once you read
    the paper it's extremely obvious. There's a lot of engineering between the
    paper and reality. But it's certainly doable. Nothing [in the design] is
    The significance of Twinkle is mathematical, rather than a political
    statement about encryption, Schneier said. "This is academic research." 
    Encryption expert Matt Blaze, an encryption researcher at AT&T Labs, said
    Twinkle doesn't change the theoretical strength of the RSA encryption
    algorithm. But "if Twinkle's approach turns out to be practical it will
    force us to reconsider the appropriate minimum length of RSA keys." 
    Blaze does see potential political repercussions from Shamir's advance. 
    "If Twinkle is practical, it would provide a similar demonstration of the
    weakness of the public key systems allowed for export." 
    Will anyone seek to build a machine based on Twinkle? No doubt, Schneier
    said. "If you were a government and your business is learning what other
    governments are saying, you'd be a fool not to build this machine. I'm
    sure the [National Security Agency] is studying it very carefully." 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:59 PDT