Fujitsu Cracks Next-Gen Cryptography Standard

judgecorp writes "Fujitsu and partners have cracked a cryptogram which used 278-digit (923 bit) pairing-based cryptography. The technology was proposed as a next-generation standard, but Fujitsu cracked it, at this level in just over 148 days using 21 personal computers." Reader Thorfinn.au adds a snippet from Fujitsu's announcement of the break: "This was an extremely challenging problem as it required several hundred times computational power compared with the previous world record of 204 digits (676 bits). We were able to overcome this problem by making good use of various new technologies, that is, a technique optimizing parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximizes computer power."

So much for that idea...

[wkcole]

The real story is going to be how something with (apparently) severe weaknesses became anyone's pet new crypto standard.

Re:Pretty Fast

[Bengie]

It is estimated that AES256 would take about 2^200 operations with currently public flaws.

Hypothetical
1,000,000,000 computers(1bil computers)
1,000,000,000,000,000 ops per computer(1peta op)
1,000,000,000,000,000,000,000,000 ops per second total

1.6069380442589902755419620923412e+60 ops to break AES256

1.6069380442589902755419620923412e+60 / (1,000,000,000,000,000,000,000,000 * 60sec * 60min * 24hr * 365days)
is 50,955,671,114,250,072,156,962,268,275.658 years

You would have to be quite dedicated and live a long time to break AES with current math/computers.

My cousin went through an advanced crypto class and his teacher ran the math and it comes down to this. If you had an ideal computer(100% efficient) that consumed the absolute minimum amount of energy that it takes to represent data based on our current laws of physics, you would have to consume all of the heat energy in the entire Milkyway Galaxy. Short of a major flaw in AES, no galaxy-bound computer can break AES.

Re:Pretty Fast

[Bengie]

Twofish is decently faster than AES and still quite strong(Twofish almost became AES, was in the final 5), so it is a good alternative. SHA1 is a hash, not a symmetric encryption.

Unless it uses brute-forcing and is correct on the first guess...

AES keys are typically randomly generated or based on a hash. AES is strong, so breaking the public key or password to get the AES key is always the best way to "break" AES, but it's really just a side-channel attack. That's not AES's fault.

Re:Pretty Fast

[Bengie]

Most of the next gen cryptography is about public keys or hashes. AES is still effective, so the weakest link in the chain is going to be passwords or breakable public keys, which would allow an attacker to acquire the AES key during the hand-shake.

One needs a safe way to transmit the AES key over a public network, like the internet. Public keys are very slow, but semi strong. AES is quite fast and really really really strong. Trying to make asymmetric encryption strong is hard because the public key gives information about the private key.

Re:What algorithm was this?

[cryptizard]

This is completely wrong. They are using a pairing based crypto system which you can think of as public key plus extra useful properties. The security of these schemes is based on the bilinear diffie Hellman assumption which is very recent and has not been thoroughly tested. It is very likely that it is still secure but at larger key sizes than previously thought.

Twofish is much slower than AES

[Anonymous Coward]

As all current x86, many ARM and other processors include AES hardware for encoding/decoding.