"Nearly Unbreakable" Encryption Scheme Inspired By Human Biology 179
rjmarvin (3001897) writes "Researchers at the U.K.'s Lancaster University have reimagined the fundamental logic behind encryption, stumbling across a radically new way to encrypt data while creating software models to simulate how the human heart and lungs coordinate rhythms. The encryption method published in the American Physical Society journal and filed as a patent entitled 'Encoding Data Using Dynamic System Coupling,' transmits and receive multiple encrypted signals simultaneously, creating an unlimited number of possibilities for the shared encryption key and making it virtually impossible to decrypt using traditional methods. One of the researchers, Peter McClintock, called the encryption scheme 'nearly unbreakable.'
Crypto hype (Score:5, Insightful)
Every intelligence everywhere can invent an encryption scheme it can't break.
Don't ever use any crypto algorithm the experts haven't been attacking and publishing about for a while.
Re: (Score:2, Funny)
Re: (Score:3)
Heart and Lung rhythms are regulated using systems known as reaction-diffusion systems. An entire system is represented by a grid of cells, with every cell is at a particular state with a mix of chemicals, typicall named A,B,C ... There's the reaction part where A->2B, B->B+A, and then there's the diffusion part where the state of each cell is combined with it's neighbors. Each iteration calculates the new state of each cell, and applies the diffusion.
Imagine if you stored your message as particular c
Re: (Score:3, Informative)
Yeah, if only cryptographers knew about such novel concepts as confusion and diffusion [wikipedia.org]...
Re: (Score:2)
Yeah, if only cryptographers knew about such novel concepts as confusion and diffusion [wikipedia.org]...
Hahaha, bingo.
Re: (Score:2)
Re: (Score:2)
I'm reminded of fractal encryption done about 10-20 years ago. Everyone pushing it said it was 100% secure and unbreakable by mortal men. This encryption system seems to be a lot like fractals.
Re: (Score:2)
Wait a minute! Didn't they say 'nearly unbreakable'?
That implies it's breakable. :-)
Re: (Score:2)
Every halfway good crypto is "nearly unbreakable". That is not good enough by a very large margin.
Nearly Unbreakable (Score:4, Insightful)
The keyword here is nearly, which means it can be broken.
Re: (Score:3)
The keyword here is nearly, which means it can be broken.
Yes, which means either they're being realistic in the sense that basically all forms of cryptography fall into this category, or they were wisely advised by their liability mitigation team.
One thing manufacturers have learned when trying to advertise anything as idiotproof or bulletproof.
There's always going to be some idiot out there making a bigger bullet.
Or a pipe wrench.
Re: (Score:2)
I can easily create an encryption system that is unbreakable. You just won't be able to get your data back.
Re:Nearly Unbreakable (Score:4, Insightful)
I can easily create an encryption system that is unbreakable. You just won't be able to get your data back.
Then your statement is pointless, for you haven't made an encryption system at all. You've made a destruction system.
Re:Nearly Unbreakable (Score:4, Funny)
I'll remove "Data In, Garbage Out" from my features list.
Re:Nearly Unbreakable (Score:5, Funny)
Re: (Score:2)
I can easily create an encryption system that is unbreakable. You just won't be able to get your data back.
Then your statement is pointless, for you haven't made an encryption system at all. You've made a destruction system.
No no, it's quite easy to get the data back AND be completely unbreakable: The cipher can simply take each byte of the key and XORs it with the plain-text to produce cipher-text. Now, the genius part that makes it unbreakable is that you use the plain-text as the key! See? No one can decrypt the data without the key! It's completely unbreakable!
Re:Nearly Unbreakable (Score:4, Insightful)
Then it wouldn't be encryption. It would be hashing.
Re: (Score:2)
Re: (Score:2)
> A fundamental law of physics is that information can NEVER be destroyed
This is.... not even wrong. There are interesting trade-offs between useful thermodynamic work and possible information storage, but information in that sense is "lost" with almost every physical and chemical interaction.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
There's always going to be some idiot out there making a bigger bullet.
Pretty sure cracking cryptographic algorithms isn't an idiot's game.
Re: (Score:2)
Re:Nearly Unbreakable (Score:4, Informative)
Yes, which means either they're being realistic in the sense that basically all forms of cryptography fall into this category,
Please share with us your crack of the one time pad.
Re: (Score:2)
Nearly unbreakable using traditional methods
This won't take long
Area of expertise (Score:4, Interesting)
Re: (Score:1)
None, really. It's some kind of physicists disease. They look at some field, go "like this is easy why hasn't anybody done this" and then publish a bad paper. It frequently happens with biology.
They then publish their findings in, naturally, a physics journal. To be reviewed by other physicists, who are about as qualified as themselves to review something from a field that isn't theirs.
Re: (Score:2)
Not that I've actually done my own research, but what qualifications do these folks have to state the security of an encryption mechanism? Everybody who finds a new way to twist a message thinks it's secure.
None whatsoever, but that doesn't stop physicists or managers from deluding themselves into thinking that they can do it better. Fortunately they patented whatever method they came up with so no one will want to even go near it as a replacement.
Broken down at the transport layer (Score:2)
Re: (Score:2)
And next up, they claim to have cured cancer. (Score:4, Insightful)
Deep.
Re: (Score:2)
correction, the claim was "we treatment that nearly cures cancer".
have your checkbook ready, get it at the ground floor!
Re: (Score:2)
TFA contains no actual information, just an assertion that the interaction between poorly-described models of "biological" systems might kinda possibly maybe make them money because the world needs car door key fobs, or something like that.
Deep.
I don't know that I'd use the human body as a basis for an encryption system.
Human bodies are constantly having their (DNA) codes cracked.
By viruses, no less.
Re: (Score:2)
>By viruses, no less.
Hey now, don't get uppity. Some of those viruses have a genome larger than ours.
HEY SLASHDOT, THE FIRST LINK IS BROKEN (Score:5, Informative)
Re:HEY SLASHDOT, THE FIRST LINK IS BROKEN (Score:5, Funny)
But the link is nearly unbreakable!
Red flags (Score:2, Insightful)
Red flag #1 publication to inappropriate forum. If your "breakthrough" in physics only got published in the Journal of English as a Foreign Language, it's most likely bunk. Likewise then, if you've got some crypto results and the best place you could find to publish them was a physics journal, that's a bad sign. There are journals about crypto. If this wasn't sent to them it means nobody serious has looked at this. If it was sent and they declined it means serious people laughed their heads off.
Red flag #2
bullshit (Score:2)
Re: (Score:3)
I'm calling bullshit.
I sense an underlying ambiguity in your message here, even with a common scent profile wafting between subject and comment...
Are you suggesting someone has perhaps fabricated something that one would compare to bovine fecal matter for the sake of pure attention whoring?
Why my good friend, I've never heard of such a thing. On the internet you say...
Meh (Score:5, Insightful)
I don't know whether or not this idea actually works, or what level of security it may or may not provide, but it's addressing an already thoroughly-solved problem. It appears to provide a symmetric key cipher, which means -- regardless of how radical the approach may or may not be -- it's in direct competition with algorithms like AES and the multitude of other well-respected and heavily-researched block and stream ciphers. The abstract and summary mention "an unlimited number of possibilities for a shared encryption key", but existing algorithms already provide enormous key spaces.
Of course, some cryptanalytic breakthrough could provide a way to break all existing ciphers, but who's to say the same breakthrough wouldn't impact systems based on this idea. And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been, and I see no reason that this "Dynamic Systems Coupling" approach wouldn't be subject to the same kinds of problems.
So... meh.
Re: (Score:2)
And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been...
Uh, those "bugs" you so conveniently dismiss here would be called the NSA.
Good luck chucking that little issue into the "Meh" bin.
Re: (Score:2)
And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been...
Uh, those "bugs" you so conveniently dismiss here would be called the NSA.
Huh? None of the QC bugs so far discovered and reported appear to have any relationship with the NSA. I see a common temptation to attribute near-mystical powers to the NSA, and the resulting assumption that any security defect was caused by the agency. There's no doubt the NSA has done much to compromise available cryptographic security options, but they aren't everywhere, and -- more to the point -- good security is hard enough that plenty of mistakes are made without any NSA influence.
Re: (Score:2)
And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been...
Uh, those "bugs" you so conveniently dismiss here would be called the NSA.
Huh? None of the QC bugs so far discovered and reported appear to have any relationship with the NSA. I see a common temptation to attribute near-mystical powers to the NSA, and the resulting assumption that any security defect was caused by the agency. There's no doubt the NSA has done much to compromise available cryptographic security options, but they aren't everywhere, and -- more to the point -- good security is hard enough that plenty of mistakes are made without any NSA influence.
I was more referring to their known powers of legal manipulation.
The unbreakable quickly becomes the illegal, everywhere, especially in the face of what is now known as a global intelligence collective.
Collusion would putting that mildly.
Re: (Score:2)
I wonder if the crypto key is tied to your body.
If so, it's just as stupid as biometrics.
After that information is stolen, you can't easily change it anymore. Because he's it's your body.
Re: (Score:3, Insightful)
I wonder if the crypto key is tied to your body.
It's not. This has nothing to do with biology, other than being vaguely inspired by it. RTFA.
If so, it's just as stupid as biometrics.
After that information is stolen, you can't easily change it anymore.
Biometrics aren't stupid. They're all wrong for most of the common situations where we see them applied, but they're not inherently a bad idea. And the common /. meme about them being useless because they can't be changed is ridiculous, and arises from the -- badly broken -- analogy between biometric identification and password authentication.
Biometrics are useful as identifiers, and to the degree that the biometr
Re: (Score:2)
Yup. If you have a guard check somebody's fingerprints it would be extremely difficult to sneak through. If you stick a fingerprint scanner next to a door in an empty building, that is a different story.
The guard isn't too likely to be fooled by a gummy bear...
Re: (Score:3)
So of course they they get used to replace passwords.
Re: (Score:2)
I like your username analogy.
Re: (Score:2)
It it also age discrimination. At the age of 65, all biometrics go moosh, blurry, they start to get useless.
So if you _require_ biometrics, you have age discrimination.
Re: (Score:2)
Cite?
(Note that building biometric security systems for general populations -- including the elderly -- was my day job for years. There are big problems with damage, illness and even day-to-day changes in hydration and other physical characteristics, but I never found age to be an issue, nor have I seen any research indicating it.)
Re: (Score:2)
It is somewhere part of a possible German talk which should be on http://media.ccc.de/ [media.ccc.de] about biometrics and statistics from countries who create passports with biometrics.
If you can understand German, I'm willing to look for it, I might have eventually remember which one it is.
Re: (Score:2)
Here is what I remember:
- things like cataract for retina scanners
- wear/tear and less grease for fingerprints
- facial recognition had problems with parts of the face sagging
- also applies to ears
And these aging processes are ongoing they keep changing things, you can't scan one year and have it still work 2 years later. So really annoying for passports. ;-)
Re: (Score:2)
You are forgetting that once the existing cryptographic schemes are broken, we would probably need a replacement pretty fast. That's when this work could come in handy.
Re: (Score:2)
You are forgetting that once the existing cryptographic schemes are broken, we would probably need a replacement pretty fast. That's when this work could come in handy.
Assuming a method (or series of methods) sufficiently powerful to break all the existing cryptographic ciphers -- which use a variety of approaches -- wouldn't break this one as well. And assuming that this one actually is secure.
Re: (Score:2)
Yes, and simplistic one-liners are the fool's tool.
Many snark. Few information.
Anyone... (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
That makes me feel really safe.
LoL, not.
Re: (Score:2)
illegal under Geneva convention for prisoners. Your data is safe.
...except from the CIA.
anyone can devise encryption they can't break (Score:5, Insightful)
The author's claim that it's very hard to break only means that THEY don't know how to break it. That's meaningless, because anyone and everyone can come up with a puzzle they don't know how to solve. That doesn't mean it's hard, just that they don't know how it's done.
A trivial example would be a kindergartener who might observe that if you encode a message by writing it with letters, they don't kow how to read that message. That's only because the kid doesn't know how to read. It in no way suggests that reading is impossible. For many Slashdot readers, compiling a message into a Windows resource file makes unreadable _to_them. Windows resource files are of course quite easy to read, if you know how. These researchers don't know how to read their own encoding. So what? That doesn't mean _I_ don't know how to read their stuff.
Their scheme does have one attribute that's good - it can generate long keys. So can a random number generator. They MAY have a good idea, but we won't know until alot of other people try to break their encryption and fail.
Re: (Score:3)
They MAY have a good idea, but we won't know until alot of other people try to break their encryption and fail.
Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.
If you want to offer a new symmetric cipher, it needs to offer something more interesting than security. I think the most powerful characteristic that could be provided is simplicity, pa
Re: (Score:2)
Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.
A potential patent to deal with just to use it is one more nail in the coffin of this.
Re: (Score:2)
Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.
A potential patent to deal with just to use it is one more nail in the coffin of this.
An excellent point.
"not the not step"? (Score:2)
"Why are you so sure it's not the not step"
Can you rephrase that, I'm not understanding what you mean. As far as what I'm sure of, I said, "they May have a good idea, we won't know until ..."
I didn't say they don't have an awesome idea (or that they do). I'm saying there is no reason to think it's good or bad, based on the researchers not knowing how to decrypt it. Anyone can string together a series of mathematical operations that they don't know how to undo.
Re: (Score:3)
Everyone knows the current encryption schemes can be broken if you can (even theoretically) throw enough resources at it.
Everyone who "knows" this is dead wrong. Resource-based, brute-force attacks on, say, AES-256, are completely pointless.
According to Landauer's Principle [wikipedia.org] the lowest possible amount of energy required to perform a single elementary computation is 2.85*10^-21 J. This means that even with a perfectly-efficient computer, to perform 2^256 elementary computations (assuming that an AES-256 trial decryption is a single elementary operation, which it isn't, but I'll ignore that) you would need 3.3*10^56 J. That's
Re: (Score:2)
Yup. AES-256 will only fall if somebody finds an algorithmic weakness that reduces the complexity to something lower than brute force or something like a quantum algorithm.
Also, there is always the one-time pad. That is completely invulnerable to brute-force attack if properly implemented.
Re: (Score:2)
one-time pad ... if properly implemented.
Big, big if. Barriers are almost insurmountable unless you are very paranoid and have lots of resources.
It really depends on what you want to do with it. If your goal is to upload HD movies to your friends, then yes you're going to be spending a LOT of time on key generation and management.
On the other hand, if you're just trading the odd short message, then 1MB of random data will last you quite a while and that isn't too hard to generate with a very strong PRNG. If you want to pull numbers out of a hat one at a time it is a bit more of a pain. Really the RNG is probably the biggest practical limitation,
Re: (Score:2)
There are ways to generate true random numbers (people sell RNGs based on nuclear decay and thermal noise for several hundred dollars), and those will get you a true one-time pad.
I'd argue that those are ways to generate numbers that we think are random, but that only means that no pattern has been detected. I don't see any way to prove that one of these devices actually generates truly random numbers.
But otherwise I agree - strictly speaking a One Time Pad only works with random numbers. Perfectly implementing one is probably impossible, but it can of course be awfully good in practice.
Mod Parent +Insightful (Score:2)
More like this, please.
I have complete confidence (Score:2)
Even if this is true, the NSA will figure out a way to make it insecure. Under the pretense of security they insure that the ability to do evil things is built in to all communication technology.
Key sharing? (Score:4, Insightful)
There's nothing in the protocol description about key sharing. If you already have a way to share keys, why not just use a one time pad that's proven to be unbreakable?
Re: (Score:2)
"nearly unbreakable" = "unsinkable" Titanic (Score:2)
Many of you may know FeFe "Felix von Leitner" Extreme-Coder/CCC-Member with his infamous but german blog "https://blog.fefe.de"
His statement/no citation but sense of words:
"REAL crpytologists will take
1.) a long time,
2.) many attack tests and
3.) mathematical proofs
before they dare to call a crypto safe ENOUGH"
And this statement remained valid till now, just think about the eliptic curve that was shaped to comfort the NSA.
So if you accept fefes prediction you can really deduce that the contrary to the resear
geez, guys, give it a rest (Score:5, Insightful)
The paper contains none of the cryptographic analysis necessary to show that this is a secure cryptographic system. It's just another one of these "let's take a chaotic dynamical system and use it for cryptography" papers.
The paper doesn't tell you much about cryptography, but it does illustrate the failures of peer review.
Re: (Score:2)
The paper doesn't tell you much about cryptography, but it does illustrate the failures of peer review.
That's why you are seeing it in a physics journal and not being presented at EuroCrypt.
It looks bad to me. (Score:4, Insightful)
From the abstract it seems that they are claiming:
1) Boy, those chaotic systems look complex.
2) Gee they can synchronize
3) If we superimpose other chaotic systems on top, then it looks even more complexer.
So something like Walsh codes implemented badly. Walsh codes have nothing to do with cryptography btw.
What they haven''t shown is a lower bound for brute for attack complexity, or why it is resistant to any of the normal attack methods. I don't see why an imposter could not sync to the source the same way the intended recipient does. From the paper, I see several linear systems of equations describing the chaotic oscillators.
This will fall fast when a real cryptographer has go at it.
Re: (Score:2)
What they haven''t shown is a lower bound for brute for attack complexity, or why it is resistant to any of the normal attack methods.
Or why anyone would care. Supposing it is secure, what features does it have that make it better than, say, AES?
Hm. (Score:5, Informative)
OK, first bypass the click troll and get to the actual paper. [aps.org]
The general idea seems to be to transmit a large amount of noisy data per plaintext bit. Historically, crypto schemes which make the input much bigger are disfavored, but communications bandwidth is cheaper now and that might be OK.
The author of the paper seems to have fallen into the old trap of thinking that that analog signals have infinite amounts of data in them. He writes things like ''The encrypting key space is unbounded." and "The choice of the form of coupling functions comes from a set of functions that is not bounded." ("High-end" audio people also fall for this.) In reality, at some point you hit a noise threshold, and, anyway, down at the bottom, electrons and photons are discrite. Also, to be usable, whatever is used for the key has to be of finite size, and preferably not too big.
"No new cypher is worth looking at unless it comes from someone who has already broken a very hard one. - Friedman.
Re: (Score:2)
In reality, at some point you hit a noise threshold, and, anyway, down at the bottom, electrons and photons are discrite.
You virtually always hit the noise limit before you get to the point where you have to worry about the fundamental discreteness of matter and energy. The majority of quantum experiments involve a lot of cooling and isolating of systems with very good reason!
Also, to be usable, whatever is used for the key has to be of finite size, and preferably not too big.
But we've got lots more bandwidth and storage than we used to have, at least in some applications. We shouldn't worry unduly about key sizes (except for infinite ones, of course, which really require you to stay up fretting about them all night </snar
Re: (Score:2)
You virtually always hit the noise limit before you get to the point where you have to worry about the fundamental discreteness of matter and energy. The majority of quantum experiments involve a lot of cooling and isolating of systems with very good reason!
However, due to the statistics, you can actually detect the effect of discrete electrons, without going to the level of single-electron measurements. But broadly speaking you're correct.
http://en.wikipedia.org/wiki/S... [wikipedia.org]
Re: (Score:2)
It turns out that large pad + IV + crypto-secure hash...
Did this guy just reinvent a book cypher? [wikipedia.org]
Secure, yes, but Reliable? (Score:2)
Having a look at the paper, I can absolutely see that the encryption technique seems on the face of it to exceed computable solution. What I would need to be convinced about is the integrity of the communication; is what you get at the end of it guaranteed to be perfectly reflective of what you put into it?
(I can also see a sketch proof to the effect that the overall system can be made reliable with a probability approaching 1 - for arbitrarily small , but that's macroscopic behaviour. Microscopic, the s
security through obscurity (Score:2)
US military crypto (Score:2)
The description match some of the crypto in the NSA museum. This is not new. I should ask them if the algorythm the KY-3 used is declassified now. They'd made the hardware FOYO before I got out in the 80s.
http://www.sdtimes.com/content/article.aspx?ArticleID=69025&page=1 [sdtimes.com]
Hmm sounds familiar (Score:2)
Depertment of redundancy department (Score:2)
Good you cleared that up.
Re: (Score:3, Insightful)
Re: (Score:2)
Most of the comprehension difficulty is not with 'warming', it's with 'global'.
Re: (Score:1, Interesting)
"Global Warming" aka "Climate Change" I do not deny; it's the man made component which I refuse to believe.
Re: (Score:1)
Wow. Could you squeeze maybe one more logical fallacy in there?
Re: (Score:2, Offtopic)
you never did answer his questions, infact, you seem to shut the argument down rather quickly which leads me to believe you dont have one.
If his logical fallacy is wrong, whats your argument? how is it that our temperature in a 100 years has grown so fast when normally stuff like this takes thousands of years. Do you really believe that cutting all these trees down and dumping all the co2 in the air is ok? if so why do you believe that? Do you not understand how greenhouse gasses work? If so, explain how du
Re: (Score:2, Interesting)
If his logical fallacy is wrong, whats your argument? how is it that our temperature in a 100 years has grown so fast when normally stuff like this takes thousands of years.
One argument is that it doesn't take thousands of years. That the sampled period just does not account for the whole temperature variance. Otherwise how do you explain the medieval warm period or the roman warm period?
Do you really believe that cutting all these trees down and dumping all the co2 in the air is ok?
In developed countries t
Re: (Score:2)
I'm willing to bet that the amount of forested area has not increased over the last few centuries.
Re: (Score:2)
Take it up with Aleister Crowley, kiddo.
Re: (Score:2)
But to put it in perspective the volcanic eruption in Europe a few years ago contributed more So2 and Co2 than man has contributed in the last century world wide.
Utter, utter bollocks. The two numbers aren't even in the same ballpark.
You remember there were a bunch of flights cancelled due to the volcanic ash cloud? They alone would have contributed more CO2 than the bloody volcano:
"The grounding of European flights avoided about 3.44×108 kg of CO2 emissions per day, while the volcano emitted about 1.5×108 kg of CO2 per day."
Wiki [wikipedia.org] before inserting boot into chops next time.
Re: (Score:2)
Whilst I am not the AC which refused to believe in man made climate change, I do share one problem which seems to be obvious to climate change, the illegal tree felling industry needs to stop. full stop.
Trees do more for this planet then most people realize.
So... man can change the climate by cutting down trees?
Is that the only thing he could do to affect it?
Re: (Score:2)
Ah, yes I was implying that, my mistake. Your phrasing is rather unusual in the first half of that sentence, I still can't get it to parse into something coherent. The "feel" I got though was that you were stating a common-cause with climate change, despite some non-specified disagreement.
Re: (Score:2)
True, but be honest. Isn't that why you're here?
Re: (Score:2)
You're only as good as your last RAE :-)
http://physicsworld.com/cws/ar... [physicsworld.com]
"An unofficial Physics World ranking that lists departments according to their average research score shows Lancaster on top and Cambridge close behind. Both departments also received the maximum 5* rating in the last RAE in 2001, but the other 5* departments - Oxford, Southampton and Imperial College London - fell outside the top 10 this time round. "
Re: (Score:2)
6) Did you notice the :-) ?