Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Encryption United Kingdom

"Nearly Unbreakable" Encryption Scheme Inspired By Human Biology 179

Posted by timothy
from the just-ask-the-creator dept.
rjmarvin (3001897) writes "Researchers at the U.K.'s Lancaster University have reimagined the fundamental logic behind encryption, stumbling across a radically new way to encrypt data while creating software models to simulate how the human heart and lungs coordinate rhythms. The encryption method published in the American Physical Society journal and filed as a patent entitled 'Encoding Data Using Dynamic System Coupling,' transmits and receive multiple encrypted signals simultaneously, creating an unlimited number of possibilities for the shared encryption key and making it virtually impossible to decrypt using traditional methods. One of the researchers, Peter McClintock, called the encryption scheme 'nearly unbreakable.'
This discussion has been archived. No new comments can be posted.

"Nearly Unbreakable" Encryption Scheme Inspired By Human Biology

Comments Filter:
  • Crypto hype (Score:5, Insightful)

    by Anonymous Coward on Sunday April 06, 2014 @10:26AM (#46676609)

    Every intelligence everywhere can invent an encryption scheme it can't break.
    Don't ever use any crypto algorithm the experts haven't been attacking and publishing about for a while.

    • Re: (Score:2, Funny)

      by Anonymous Coward
      I wonder if this article got accepted due to a typo. Maybe a reviewer of the article wanted to comment "this is probably secure", but mistyped it as "this is provably secure".
    • by mikael (484)

      Heart and Lung rhythms are regulated using systems known as reaction-diffusion systems. An entire system is represented by a grid of cells, with every cell is at a particular state with a mix of chemicals, typicall named A,B,C ... There's the reaction part where A->2B, B->B+A, and then there's the diffusion part where the state of each cell is combined with it's neighbors. Each iteration calculates the new state of each cell, and applies the diffusion.

      Imagine if you stored your message as particular c

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Yeah, if only cryptographers knew about such novel concepts as confusion and diffusion [wikipedia.org]...

      • by wagnerrp (1305589)
        Rolling backwards is exactly what you need to do to decrypt the message, which is the same process for an eavesdropper or the intended recipient. If you increase the complexity of the key, or the complexity of the encryption algorithm, you are making decryption a more exhausting process for the intended recipient. Encryption only works because the method of trying the one correct key is much less expensive than trying all possible keys. There is nothing revolutionary about this algorithm, it is merely ev
      • by mlts (1038732)

        I'm reminded of fractal encryption done about 10-20 years ago. Everyone pushing it said it was 100% secure and unbreakable by mortal men. This encryption system seems to be a lot like fractals.

    • Wait a minute! Didn't they say 'nearly unbreakable'?

      That implies it's breakable. :-)

    • by gweihir (88907)

      Every halfway good crypto is "nearly unbreakable". That is not good enough by a very large margin.

  • Nearly Unbreakable (Score:4, Insightful)

    by ArcadeMan (2766669) on Sunday April 06, 2014 @10:30AM (#46676639)

    The keyword here is nearly, which means it can be broken.

    • by geekmux (1040042)

      The keyword here is nearly, which means it can be broken.

      Yes, which means either they're being realistic in the sense that basically all forms of cryptography fall into this category, or they were wisely advised by their liability mitigation team.

      One thing manufacturers have learned when trying to advertise anything as idiotproof or bulletproof.

      There's always going to be some idiot out there making a bigger bullet.

      Or a pipe wrench.

    • Nearly unbreakable using traditional methods

      This won't take long

  • Area of expertise (Score:4, Interesting)

    by Sarten-X (1102295) on Sunday April 06, 2014 @10:30AM (#46676643) Homepage
    Not that I've actually done my own research, but what qualifications do these folks have to state the security of an encryption mechanism? Everybody who finds a new way to twist a message thinks it's secure.
    • by Anonymous Coward

      None, really. It's some kind of physicists disease. They look at some field, go "like this is easy why hasn't anybody done this" and then publish a bad paper. It frequently happens with biology.

      They then publish their findings in, naturally, a physics journal. To be reviewed by other physicists, who are about as qualified as themselves to review something from a field that isn't theirs.

    • by Fnord666 (889225)

      Not that I've actually done my own research, but what qualifications do these folks have to state the security of an encryption mechanism? Everybody who finds a new way to twist a message thinks it's secure.

      None whatsoever, but that doesn't stop physicists or managers from deluding themselves into thinking that they can do it better. Fortunately they patented whatever method they came up with so no one will want to even go near it as a replacement.

  • by pla (258480) on Sunday April 06, 2014 @10:31AM (#46676647) Journal
    TFA contains no actual information, just an assertion that the interaction between poorly-described models of "biological" systems might kinda possibly maybe make them money because the world needs car door key fobs, or something like that.

    Deep.
    • by iggymanz (596061)

      correction, the claim was "we treatment that nearly cures cancer".

      have your checkbook ready, get it at the ground floor!

    • TFA contains no actual information, just an assertion that the interaction between poorly-described models of "biological" systems might kinda possibly maybe make them money because the world needs car door key fobs, or something like that.

      Deep.

      I don't know that I'd use the human body as a basis for an encryption system.

      Human bodies are constantly having their (DNA) codes cracked.

      By viruses, no less.

      • by Immerman (2627577)

        >By viruses, no less.

        Hey now, don't get uppity. Some of those viruses have a genome larger than ours.

  • by rjmarvin (3001897) on Sunday April 06, 2014 @10:32AM (#46676655)
    It should link here:http://www.sdtimes.com/content/article.aspx?ArticleID=69025&page=1 Yeah, if you could fix it, that would be greaaaat.
  • Red flags (Score:2, Insightful)

    by Anonymous Coward

    Red flag #1 publication to inappropriate forum. If your "breakthrough" in physics only got published in the Journal of English as a Foreign Language, it's most likely bunk. Likewise then, if you've got some crypto results and the best place you could find to publish them was a physics journal, that's a bad sign. There are journals about crypto. If this wasn't sent to them it means nobody serious has looked at this. If it was sent and they declined it means serious people laughed their heads off.

    Red flag #2

  • I'm calling bullshit.
    • by geekmux (1040042)

      I'm calling bullshit.

      I sense an underlying ambiguity in your message here, even with a common scent profile wafting between subject and comment...

      Are you suggesting someone has perhaps fabricated something that one would compare to bovine fecal matter for the sake of pure attention whoring?

      Why my good friend, I've never heard of such a thing. On the internet you say...

  • Meh (Score:5, Insightful)

    by swillden (191260) <shawn-ds@willden.org> on Sunday April 06, 2014 @10:56AM (#46676797) Homepage Journal

    I don't know whether or not this idea actually works, or what level of security it may or may not provide, but it's addressing an already thoroughly-solved problem. It appears to provide a symmetric key cipher, which means -- regardless of how radical the approach may or may not be -- it's in direct competition with algorithms like AES and the multitude of other well-respected and heavily-researched block and stream ciphers. The abstract and summary mention "an unlimited number of possibilities for a shared encryption key", but existing algorithms already provide enormous key spaces.

    Of course, some cryptanalytic breakthrough could provide a way to break all existing ciphers, but who's to say the same breakthrough wouldn't impact systems based on this idea. And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been, and I see no reason that this "Dynamic Systems Coupling" approach wouldn't be subject to the same kinds of problems.

    So... meh.

    • by geekmux (1040042)

      And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been...

      Uh, those "bugs" you so conveniently dismiss here would be called the NSA.

      Good luck chucking that little issue into the "Meh" bin.

      • by swillden (191260)

        And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been...

        Uh, those "bugs" you so conveniently dismiss here would be called the NSA.

        Huh? None of the QC bugs so far discovered and reported appear to have any relationship with the NSA. I see a common temptation to attribute near-mystical powers to the NSA, and the resulting assumption that any security defect was caused by the agency. There's no doubt the NSA has done much to compromise available cryptographic security options, but they aren't everywhere, and -- more to the point -- good security is hard enough that plenty of mistakes are made without any NSA influence.

        • by geekmux (1040042)

          And, actually, we already have another approach which uses special hardware at each end, Quantum Cryptography, which can absolutely guarantee security, unless our understanding of the Uncertainty Principle is wrong. Or unless there are bugs in the physical implementation, which there have been...

          Uh, those "bugs" you so conveniently dismiss here would be called the NSA.

          Huh? None of the QC bugs so far discovered and reported appear to have any relationship with the NSA. I see a common temptation to attribute near-mystical powers to the NSA, and the resulting assumption that any security defect was caused by the agency. There's no doubt the NSA has done much to compromise available cryptographic security options, but they aren't everywhere, and -- more to the point -- good security is hard enough that plenty of mistakes are made without any NSA influence.

          I was more referring to their known powers of legal manipulation.

          The unbreakable quickly becomes the illegal, everywhere, especially in the face of what is now known as a global intelligence collective.

          Collusion would putting that mildly.

    • by Lennie (16154)

      I wonder if the crypto key is tied to your body.

      If so, it's just as stupid as biometrics.

      After that information is stolen, you can't easily change it anymore. Because he's it's your body.

      • Re: (Score:3, Insightful)

        by swillden (191260)

        I wonder if the crypto key is tied to your body.

        It's not. This has nothing to do with biology, other than being vaguely inspired by it. RTFA.

        If so, it's just as stupid as biometrics.

        After that information is stolen, you can't easily change it anymore.

        Biometrics aren't stupid. They're all wrong for most of the common situations where we see them applied, but they're not inherently a bad idea. And the common /. meme about them being useless because they can't be changed is ridiculous, and arises from the -- badly broken -- analogy between biometric identification and password authentication.

        Biometrics are useful as identifiers, and to the degree that the biometr

        • by Rich0 (548339)

          Yup. If you have a guard check somebody's fingerprints it would be extremely difficult to sneak through. If you stick a fingerprint scanner next to a door in an empty building, that is a different story.

          The guard isn't too likely to be fooled by a gummy bear...

        • Biometrics are great to replace usernames. They can be the same everywhere with no ill effects, if an attacker learns the data/username it's not a problem, they're public, etc. They're terrible at replacing passwords.

          So of course they they get used to replace passwords.
        • by Lennie (16154)

          It it also age discrimination. At the age of 65, all biometrics go moosh, blurry, they start to get useless.

          So if you _require_ biometrics, you have age discrimination.

          • by swillden (191260)

            Cite?

            (Note that building biometric security systems for general populations -- including the elderly -- was my day job for years. There are big problems with damage, illness and even day-to-day changes in hydration and other physical characteristics, but I never found age to be an issue, nor have I seen any research indicating it.)

            • by Lennie (16154)

              It is somewhere part of a possible German talk which should be on http://media.ccc.de/ [media.ccc.de] about biometrics and statistics from countries who create passports with biometrics.

              If you can understand German, I'm willing to look for it, I might have eventually remember which one it is.

              • by Lennie (16154)

                Here is what I remember:

                - things like cataract for retina scanners
                - wear/tear and less grease for fingerprints
                - facial recognition had problems with parts of the face sagging
                - also applies to ears

                And these aging processes are ongoing they keep changing things, you can't scan one year and have it still work 2 years later. So really annoying for passports. ;-)

    • You are forgetting that once the existing cryptographic schemes are broken, we would probably need a replacement pretty fast. That's when this work could come in handy.

      • by swillden (191260)

        You are forgetting that once the existing cryptographic schemes are broken, we would probably need a replacement pretty fast. That's when this work could come in handy.

        Assuming a method (or series of methods) sufficiently powerful to break all the existing cryptographic ciphers -- which use a variety of approaches -- wouldn't break this one as well. And assuming that this one actually is secure.

  • Anyone... (Score:5, Insightful)

    by FuzzNugget (2840687) on Sunday April 06, 2014 @10:59AM (#46676815)
    Anyone can invent an encryption scheme so clever that he or she can't think of a way to break it.
  • by raymorris (2726007) on Sunday April 06, 2014 @10:59AM (#46676817)

    The author's claim that it's very hard to break only means that THEY don't know how to break it. That's meaningless, because anyone and everyone can come up with a puzzle they don't know how to solve. That doesn't mean it's hard, just that they don't know how it's done.

    A trivial example would be a kindergartener who might observe that if you encode a message by writing it with letters, they don't kow how to read that message. That's only because the kid doesn't know how to read. It in no way suggests that reading is impossible. For many Slashdot readers, compiling a message into a Windows resource file makes unreadable _to_them. Windows resource files are of course quite easy to read, if you know how. These researchers don't know how to read their own encoding. So what? That doesn't mean _I_ don't know how to read their stuff.

    Their scheme does have one attribute that's good - it can generate long keys. So can a random number generator. They MAY have a good idea, but we won't know until alot of other people try to break their encryption and fail.

    • by swillden (191260)

      They MAY have a good idea, but we won't know until alot of other people try to break their encryption and fail.

      Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.

      If you want to offer a new symmetric cipher, it needs to offer something more interesting than security. I think the most powerful characteristic that could be provided is simplicity, pa

      • by Fnord666 (889225)

        Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.

        A potential patent to deal with just to use it is one more nail in the coffin of this.

        • by swillden (191260)

          Which is not going to happen because the authors haven't given any reason why anyone should care. We have lots of widely-deployed ciphers which are fast and secure. No one attacks modern cryptographic security systems by breaking the ciphers, they do it by exploiting peripheral flaws in implementation, key management, etc.

          A potential patent to deal with just to use it is one more nail in the coffin of this.

          An excellent point.

  • that the NSA can subvert any cryptography system.

    Even if this is true, the NSA will figure out a way to make it insecure. Under the pretense of security they insure that the ability to do evil things is built in to all communication technology.

  • Key sharing? (Score:4, Insightful)

    by Hentes (2461350) on Sunday April 06, 2014 @11:14AM (#46676911)

    There's nothing in the protocol description about key sharing. If you already have a way to share keys, why not just use a one time pad that's proven to be unbreakable?

    • by wagnerrp (1305589)
      When your key is as large as the data you want to send, why not just send your data through your key sharing mechanism?
  • Many of you may know FeFe "Felix von Leitner" Extreme-Coder/CCC-Member with his infamous but german blog "https://blog.fefe.de"

    His statement/no citation but sense of words:

    "REAL crpytologists will take

    1.) a long time,
    2.) many attack tests and
    3.) mathematical proofs

    before they dare to call a crypto safe ENOUGH"

    And this statement remained valid till now, just think about the eliptic curve that was shaped to comfort the NSA.

    So if you accept fefes prediction you can really deduce that the contrary to the resear

  • by stenvar (2789879) on Sunday April 06, 2014 @11:36AM (#46677075)

    The paper contains none of the cryptographic analysis necessary to show that this is a secure cryptographic system. It's just another one of these "let's take a chaotic dynamical system and use it for cryptography" papers.

    The paper doesn't tell you much about cryptography, but it does illustrate the failures of peer review.

    • by Fnord666 (889225)

      The paper doesn't tell you much about cryptography, but it does illustrate the failures of peer review.

      That's why you are seeing it in a physics journal and not being presented at EuroCrypt.

  • by TechyImmigrant (175943) on Sunday April 06, 2014 @11:43AM (#46677103) Journal

    From the abstract it seems that they are claiming:

    1) Boy, those chaotic systems look complex.
    2) Gee they can synchronize
    3) If we superimpose other chaotic systems on top, then it looks even more complexer.

    So something like Walsh codes implemented badly. Walsh codes have nothing to do with cryptography btw.

    What they haven''t shown is a lower bound for brute for attack complexity, or why it is resistant to any of the normal attack methods. I don't see why an imposter could not sync to the source the same way the intended recipient does. From the paper, I see several linear systems of equations describing the chaotic oscillators.

    This will fall fast when a real cryptographer has go at it.

    • by swillden (191260)

      What they haven''t shown is a lower bound for brute for attack complexity, or why it is resistant to any of the normal attack methods.

      Or why anyone would care. Supposing it is secure, what features does it have that make it better than, say, AES?

  • Hm. (Score:5, Informative)

    by Animats (122034) on Sunday April 06, 2014 @01:05PM (#46677537) Homepage

    OK, first bypass the click troll and get to the actual paper. [aps.org]

    The general idea seems to be to transmit a large amount of noisy data per plaintext bit. Historically, crypto schemes which make the input much bigger are disfavored, but communications bandwidth is cheaper now and that might be OK.

    The author of the paper seems to have fallen into the old trap of thinking that that analog signals have infinite amounts of data in them. He writes things like ''The encrypting key space is unbounded." and "The choice of the form of coupling functions comes from a set of functions that is not bounded." ("High-end" audio people also fall for this.) In reality, at some point you hit a noise threshold, and, anyway, down at the bottom, electrons and photons are discrite. Also, to be usable, whatever is used for the key has to be of finite size, and preferably not too big.

    "No new cypher is worth looking at unless it comes from someone who has already broken a very hard one. - Friedman.

    • by dkf (304284)

      In reality, at some point you hit a noise threshold, and, anyway, down at the bottom, electrons and photons are discrite.

      You virtually always hit the noise limit before you get to the point where you have to worry about the fundamental discreteness of matter and energy. The majority of quantum experiments involve a lot of cooling and isolating of systems with very good reason!

      Also, to be usable, whatever is used for the key has to be of finite size, and preferably not too big.

      But we've got lots more bandwidth and storage than we used to have, at least in some applications. We shouldn't worry unduly about key sizes (except for infinite ones, of course, which really require you to stay up fretting about them all night </snar

      • by TeknoHog (164938)

        You virtually always hit the noise limit before you get to the point where you have to worry about the fundamental discreteness of matter and energy. The majority of quantum experiments involve a lot of cooling and isolating of systems with very good reason!

        However, due to the statistics, you can actually detect the effect of discrete electrons, without going to the level of single-electron measurements. But broadly speaking you're correct.

        http://en.wikipedia.org/wiki/S... [wikipedia.org]

  • Having a look at the paper, I can absolutely see that the encryption technique seems on the face of it to exceed computable solution. What I would need to be convinced about is the integrity of the communication; is what you get at the end of it guaranteed to be perfectly reflective of what you put into it?

    (I can also see a sketch proof to the effect that the overall system can be made reliable with a probability approaching 1 - for arbitrarily small , but that's macroscopic behaviour. Microscopic, the s

  • This is the perfect example of security through obscurity. If I were to use spread spectrum communications with random modulation types and data encoding schemes I can claim this too.
  • The description match some of the crypto in the NSA museum. This is not new. I should ask them if the algorythm the KY-3 used is declassified now. They'd made the hardware FOYO before I got out in the 80s.

    http://www.sdtimes.com/content/article.aspx?ArticleID=69025&page=1 [sdtimes.com]

  • Oh, yes, and the Titanic was unsinkable.
  • U.K.'s Lancaster University in the U.K.

    Good you cleared that up.

"There is nothing new under the sun, but there are lots of old things we don't know yet." -Ambrose Bierce

Working...