On topic of quantum computers, we've learnt last night that they're coming faster than we might think. Back in the land of bad acronyms Pixy Misa also last night pointed to the SIKE-out. The [USA] National Institute of Standards and Technology, under the Department of Commerce, had last month picked up four 'gorithmiyoon as sufficiently quantum-proof. Four other Choresmioi got, I dunno, honorably-mentioned. One of those latter four, "SIKE", has just ingested a dishonorable-discharge.
What made a dinner of SIKE's duck was its classical encryption base, here elliptic-curve Diffie-Hellman [UPDATE 12/19 on account ellipses be hard yo]. "Supersingular Isogeny" D-H was supposed to quantum-proof the thing. Except that... SIDH is a long-known technique. By now several attack-vectors are, likewise, known. Mathematician Stephen Galbraith hacked SIDH in theory back in 2016, that SIDH has auxiliary points and that the degree of the secret isogeny is known
. SIKE maybe obfuscated these but, if so, clearly not enough.
I don't pretend to understand any of these algos, despite Galbraith's best explanatory efforts. I can just about read a bibliography and look up strings on "Google Scholar". I read that the attack uses "genus 2 curves" against the ellipse which genus is 1. So I'll just parrot what Galbraith says: if Galbraith doesn't know the auxiliary points or the degree of the isogeny, he (at least) can't get in. Yet.
If someone does know these parameters and that the encryption is SIKE: the attack works by brute-force. Any script kiddie could break it from a single-core processor, in about an hour. Probably break it sooner after some tweaks. Note that these algos are supposed to outfox a quantum box, let alone your 2015 Acer Aspire laptop.
Off the SIKE lads go to fix their broken maths, like with a two-step key. Best-case, this will be like how Poincare "solved" a three-body problem between the asteroids and Jupiter, got pwned, then stumbled into chaos-theory. Galbraith is skeptical; he suspects he'll be able to get around some other dodge in this basis. Genus 3 curve?
CSIDH looks better, to him. Or, perhaps "and", the four finalists and three remaining candidates which NIST has already accepted - until someone maths their way into those too.
No comments:
Post a Comment