[FRIAM] SIKE hack

Thu Aug 4 10:00:34 EDT 2022

The story is dated 3-August, and to think that just last week on 27th July
2022 the headline was "... *IBM puts NIST’s quantum-resistant crypto to
work in Z16 mainframe ... Big Blue says it helped developed the algos, so
knows what it's doing* "

https://www.theregister.com/2022/07/27/z16_ibm_post_quantum_crypto/?td=keepreading

On Thu, Aug 4, 2022 at 6:52 PM glen <gepropella at gmail.com> wrote:

> Post-quantum crypto cracked in an hour with one core of an ancient Xeon
>
> https://www.theregister.com/2022/08/03/nist_quantum_resistant_crypto_cracked/
>
>  From SMMRY:
> https://smmry.com/https://www.theregister.com/2022/08/03/nist_quantum_resistant_crypto_cracked/#&SM_LENGTH=7
> > Post-quantum crypto cracked in an hour with one Xeon core The Register
> > One of the four encryption algorithms the US National Institute of
> Standards and Technology recommended as likely to resist decryption by
> quantum computers has has holes kicked in it by researchers using a single
> core of an Intel Xeon CPU, released in 2013.
> >
> > Within SIKE lies a public key encryption algorithm and a key
> encapsulated mechanism, each instantiated with four parameter sets:
> SIKEp434, SIKEp503, SIKEp610 and SIKEp751.
> >
> > "Ran on a single core, the appended Magma code breaks the Microsoft SIKE
> challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes,
> respectively. A run on the SIKEp434 parameters, previously believed to meet
> NIST's quantum security level 1, took about 62 minutes, again on a single
> core," wrote Castryck and Decru, of Katholieke Universiteit Leuven in a a
> preliminary article [PDF] announcing their discovery.
> >
> > Quantum-resistant encryption research is a hot topic because it is felt
> that quantum computers are almost certain to become prevalent and
> sufficiently powerful to crack existing encryption algorithms.
> >
> > Alongside the vintage processor, Castryck and Decru used a key recovery
> attack on the Supersingular Isogeny Diffie-Hellman key exchange protocol
> that was based on Ernest Kani's "Glue-and-split" theorem.
> >
> > "The attack exploits the fact that SIDH has auxiliary points and that
> the degree of the secret isogeny is known. The auxiliary points in SIDH
> have always been an annoyance and a potential weakness, and they have been
> exploited for fault attacks, the GPST adaptive attack, torsion point
> attacks, etc." argued University of Auckland mathematician Stephen
> Galbraith in his cryptography blog.
> >
> > Security researcher Kenneth White tweeted his awe and noted "In 10-20
> yrs we *might* have practical quantum computers, so let's roll out
> replacement PQ crypto now. Which could be trivially broken today, on a
> laptop."
>
>
> --
> ꙮ Mɥǝu ǝlǝdɥɐuʇs ɟᴉƃɥʇ' ʇɥǝ ƃɹɐss snɟɟǝɹs˙ ꙮ
>
> -. --- - / ...- .- .-.. .. -.. / -- --- .-. ... . / -.-. --- -.. .
> FRIAM Applied Complexity Group listserv
> Fridays 9a-12p Friday St. Johns Cafe   /   Thursdays 9a-12p Zoom
> https://bit.ly/virtualfriam
> to (un)subscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> FRIAM-COMIC http://friam-comic.blogspot.com/
> archives:  5/2017 thru present
> https://redfish.com/pipermail/friam_redfish.com/
>   1/2003 thru 6/2021  http://friam.383.s1.nabble.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://redfish.com/pipermail/friam_redfish.com/attachments/20220804/d7d3abbc/attachment.html>