Forwarded From: Erik Parker <netmaskat_private> http://www.wired.com/news/news/email/explode-infobeat/technology/story/19493.html The Light That Cracks the Code by Chris Oakes 4.May.99.PDT A computer scientist has designed a light-based computer that could unscramble data to a degree well beyond that typically used in e-commerce. "Twinkle," a yet-to-be-built crypto-cracking machine, was introduced Tuesday by famed computer scientist Adi Shamir at the Eurocrypt '99 conference in Prague. Shamir's Twinkle proves an oft-repeated point: To adequately hide electronic information from prying eyes, data needs to be locked up beyond the limits of technology in common use today. The strength of a given cryptography scheme is expressed in the number of bits in the "key" required to unlock the code. For example, popular encryption programs used in the United States support the equivalent of 1024- to 2048-bit security. Each additional bit doubles the strength of the cipher from trial-and-error attacks. Twinkle can quickly determine the correct key for unlocking messages that have been encrypted with 512-bit keys, said Shamir, who is also co-inventor of the RSA public-key algorithm -- a de facto standard for Internet security. "[This] remind[s] people that yes, what the experts have been saying about key size is really the case," said Burt Kaliski, chief scientist at pioneer encryption company RSA Data Security, which built its business around the encryption algorithm. Kaliski said the Twinkle design confirms previous expectations about the appropriateness of RSA keys as long as 512 bits. But he emphasized that larger key sizes are still out of reach despite Shamir's advance. "The primary impact [of Twinkle] is that it makes 512-bit keys for RSA more at risk than was previously considered," said Kaliski. "It will have a similar effect to the Deep Crack machine." Deep Crack is a specially designed supercomputer that in July 1998 first cracked the level of encryption used to secure most nonclassified government data. In January 1999, with an Internet-wide volunteer computer effort and the Electronic Frontier Foundation behind the project, Deep Crack unlocked a message secured with the 56-bit Data Encryption Standard -- the equivalent of a 384-bit RSA key -- in a mere 22 hours and 15 minutes. Deep Crack was designed to send a message to the US government that the strongest data-scrambling technology legally allowed to leave American shores is no longer strong enough to be useful. Public-key cryptography is secure because it hinges on a mathematical truth -- it's very difficult to find two prime factors of another known number. The Twinkle machine would greatly accelerate the process of collecting equations, which is the first step in factoring a large number. This step, known as "sieving," is a key to deciphering an RSA-encrypted message. The second step in the factoring process entails calculating the equations once they are collected, and it is the main method for determining an RSA key. Twinkle stands for "The Weizmann Institute Key Locating Engine." Unlike the purely electronic design of the conventional computer, Twinkle is based on optoelectronics, which uses light to transmit digital information, similar to the way fiber-optic cables rely on light instead of electrical impulses over copper wire to transmit signals. Shamir estimates that the device would be as powerful as about 100 to 1,000 PCs in the factoring process. Further, the machine could be easily built with little funding. While the DES Cracker cost US$250,000 to construct, a Twinkle machine could be built for as little as $5,000, he said. Bruce Schneier, president of cryptography firm Counterpane Systems said Shamir has come up with a very clever approach to an academic problem. "This is brilliant, really brilliant stuff," Schneier said. "Once you read the paper it's extremely obvious. There's a lot of engineering between the paper and reality. But it's certainly doable. Nothing [in the design] is insurmountable." The significance of Twinkle is mathematical, rather than a political statement about encryption, Schneier said. "This is academic research." Encryption expert Matt Blaze, an encryption researcher at AT&T Labs, said Twinkle doesn't change the theoretical strength of the RSA encryption algorithm. But "if Twinkle's approach turns out to be practical it will force us to reconsider the appropriate minimum length of RSA keys." Blaze does see potential political repercussions from Shamir's advance. "If Twinkle is practical, it would provide a similar demonstration of the weakness of the public key systems allowed for export." Will anyone seek to build a machine based on Twinkle? No doubt, Schneier said. "If you were a government and your business is learning what other governments are saying, you'd be a fool not to build this machine. I'm sure the [National Security Agency] is studying it very carefully." -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Hacker News Network [www.hackernews.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:22:59 PDT