From: cult hero (jerichodimensional.com)
Date: Thu May 06 1999 - 03:07:57 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: Erik Parker <netmask303.org>

http://www.wired.com/news/news/email/explode-infobeat/technology/story/19493.html

The Light That Cracks the Code
by Chris Oakes
4.May.99.PDT

A computer scientist has designed a light-based computer that could
unscramble data to a degree well beyond that typically used in e-commerce.

"Twinkle," a yet-to-be-built crypto-cracking machine, was introduced
Tuesday by famed computer scientist Adi Shamir at the Eurocrypt '99
conference in Prague.

Shamir's Twinkle proves an oft-repeated point: To adequately hide
electronic information from prying eyes, data needs to be locked up beyond
the limits of technology in common use today.

The strength of a given cryptography scheme is expressed in the number of
bits in the "key" required to unlock the code. For example, popular
encryption programs used in the United States support the equivalent of
1024- to 2048-bit security. Each additional bit doubles the strength of
the cipher from trial-and-error attacks.

Twinkle can quickly determine the correct key for unlocking messages that
have been encrypted with 512-bit keys, said Shamir, who is also
co-inventor of the RSA public-key algorithm -- a de facto standard for
Internet security.

"[This] remind[s] people that yes, what the experts have been saying about
key size is really the case," said Burt Kaliski, chief scientist at
pioneer encryption company RSA Data Security, which built its business
around the encryption algorithm.

Kaliski said the Twinkle design confirms previous expectations about the
appropriateness of RSA keys as long as 512 bits. But he emphasized that
larger key sizes are still out of reach despite Shamir's advance.

"The primary impact [of Twinkle] is that it makes 512-bit keys for RSA
more at risk than was previously considered," said Kaliski. "It will have
a similar effect to the Deep Crack machine."

Deep Crack is a specially designed supercomputer that in July 1998 first
cracked the level of encryption used to secure most nonclassified
government data. In January 1999, with an Internet-wide volunteer computer
effort and the Electronic Frontier Foundation behind the project, Deep
Crack unlocked a message secured with the 56-bit Data Encryption Standard
-- the equivalent of a 384-bit RSA key -- in a mere 22 hours and 15
minutes.

Deep Crack was designed to send a message to the US government that the
strongest data-scrambling technology legally allowed to leave American
shores is no longer strong enough to be useful.

Public-key cryptography is secure because it hinges on a mathematical
truth -- it's very difficult to find two prime factors of another known
number. The Twinkle machine would greatly accelerate the process of
collecting equations, which is the first step in factoring a large number.
This step, known as "sieving," is a key to deciphering an RSA-encrypted
message.

The second step in the factoring process entails calculating the equations
once they are collected, and it is the main method for determining an RSA
key. Twinkle stands for "The Weizmann Institute Key Locating Engine."
Unlike the purely electronic design of the conventional computer, Twinkle
is based on optoelectronics, which uses light to transmit digital
information, similar to the way fiber-optic cables rely on light instead
of electrical impulses over copper wire to transmit signals.

Shamir estimates that the device would be as powerful as about 100 to
1,000 PCs in the factoring process.

Further, the machine could be easily built with little funding. While the
DES Cracker cost US$250,000 to construct, a Twinkle machine could be built
for as little as $5,000, he said.

Bruce Schneier, president of cryptography firm Counterpane Systems said
Shamir has come up with a very clever approach to an academic problem.

"This is brilliant, really brilliant stuff," Schneier said. "Once you read
the paper it's extremely obvious. There's a lot of engineering between the
paper and reality. But it's certainly doable. Nothing [in the design] is
insurmountable."

The significance of Twinkle is mathematical, rather than a political
statement about encryption, Schneier said. "This is academic research."

Encryption expert Matt Blaze, an encryption researcher at AT&T Labs, said
Twinkle doesn't change the theoretical strength of the RSA encryption
algorithm. But "if Twinkle's approach turns out to be practical it will
force us to reconsider the appropriate minimum length of RSA keys."

Blaze does see potential political repercussions from Shamir's advance.
"If Twinkle is practical, it would provide a similar demonstration of the
weakness of the public key systems allowed for export."

Will anyone seek to build a machine based on Twinkle? No doubt, Schneier
said. "If you were a government and your business is learning what other
governments are saying, you'd be a fool not to build this machine. I'm
sure the [National Security Agency] is studying it very carefully."

-o-
Subscribe: mail majordomorepsec.com with "subscribe isn".
Today's ISN Sponsor: Hacker News Network [www.hackernews.com]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]