Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Encryption

What Would Happen If All Encryption Could Be Broken? (wikipedia.org) 316

"What would happen, or what should happen, if tomorrow a trivial method was discovered for Prime Factorization?" asks Slashdot reader medv4380: By trivial I mean an algorithm that runs in relatively constant time that could factor a number like 2737631357921793461914298938174501291 relatively instantly on most modern hardware today. And that even increasing the bit length wouldn't slow it down much. How much chaos would result if such a method were revealed tomorrow with little warning?

Keeping it a secret only means that others may have long ago exploited the method at the expense of others. Should proof be presented without revealing the method, to reduce the impact, and who should be told first if at all?

Slashdot reader Shikaku sees a real possibility of this actually happening when quantum computers are developed, adding that quantum-resistant encryption "is an ongoing experiment."

But if development lags -- what would happen if all encryption could be broken?
This discussion has been archived. No new comments can be posted.

What Would Happen If All Encryption Could Be Broken?

Comments Filter:
  • by Z00L00K ( 682162 ) on Monday June 03, 2019 @05:38AM (#58699104) Homepage Journal

    It would impact some encryption, but only those that relies on private/public keys.

    Other encryptions using symmetric keys are not sensitive to this issue, but they may be sensitive to other kinds of attack. Like the Enigma machine, it was never using any prime numbers, but had other flaws causing it to be cracked.

    • impact some encryption

      Modestly said. For instance, millions of websites rely on private/public keys. So one day HTTPS will be as bad as HTTP. And I'm not sure if quantum resistant HTTPS will work fast on conventional hardware. Also there are many encrypted files/archives, signed executables etc.

      • by Junta ( 36770 )

        Note that even for asymmetric encryption, there are some asymmetric algorithms that we are getting confidence in that can provide the same public/private key behaviors to be a mainstay of https.

        If the time should ever come that Shor's algorithm can actually be brought to bear, it seems near certain that TLS will have a comfortably ubiquitous solution.

      • by chrish ( 4714 ) on Monday June 03, 2019 @08:35AM (#58699910) Homepage

        Some quantum-safe algorithms, such as the ones based on lattices, are actually faster than ECC.

        The trade-off for quantum safety is usually larger keys and/or signatures, or greater computation.

        Citation: In my day job I work at implementing quantum-safe algorithms.

        • tinyssh (Score:4, Informative)

          by emil ( 695 ) on Monday June 03, 2019 @11:07AM (#58700854)

          A post-quantum key exchange algorithm has been added to tinyssh [tinyssh.org], which has also been added to OpenSSH as an experimental feature.

          Postquantum crypto: sntrup4591761x25519-sha512@tinyssh.org

          Author: djm@openbsd.org <djm@openbsd.org>
          Date: Mon Jan 21 10:20:12 2019 +0000

          upstream: Add support for a PQC KEX/KEM:

          sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime 4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not enabled by default.

          introduce KEM API; a simplified framework for DH-ish KEX methods.

          from markus@ feedback & ok djm@

    • An honest question. How many attacks today try to hit sites without encryption to get their data?

      Before the early 2000's Networking gear was wicked expensive. So most people just used normal hubs on their network. These hubs allowed for easy packet sniffing.

      That was 20 years ago. Most networks now use switches and routers for the network traffic. Even home use, people will not be getting hubs anymore. This makes it harder to sniff traffic, as your particular wire gets data that has been meant for your com

      • by Junta ( 36770 )

        Yes, without encryption, my neighbor or third party attackers are likely still going to have a tricky time getting in the data path.

        However your network provider (your corporate network, your ISP, the open wifi at the cofee shop) is a very likely adversary. Even if they aren't, they represent a huge attack surface for those third parties to get at your traffic.

        Additionally, encryption is also the backbone of site identity authentication. One of the best ways to get information that isn't sniffing is phish

    • by mjwx ( 966435 ) on Monday June 03, 2019 @08:43AM (#58699950)
      All encyrption can be broken, it's just a matter of how long it would take in computing time. Encryption is based on a mathematical process, so breaking it is a mathematical process. Right now any encryption which seems "unbreakable" because it would take years, if not decades at current computing power, making the encrypted data useless by the time you've finished decrypting it. In the future the current forms of encryption might not be so secure because computing power has increased or flaws in the encryption scheme have been found. This doesn't make encryption useless, but it does mean you have to keep up to date on it. Remember that there was a time we thought WPA was good and it wasn't that long ago. A code on the other hand isn't necessarily a mathematical construct, it's just replacing words with another word or words and these systems are a lot harder to crack as you have to have enough information on the code designer to link what they are replacing to what is being replaced. The Navajo Code is a good example, even though the US was only translating English into Navajo, it was suitably foreign and unknown enough that it was too difficult for the Japanese to crack.

      Other encryptions using symmetric keys are not sensitive to this issue, but they may be sensitive to other kinds of attack. Like the Enigma machine, it was never using any prime numbers, but had other flaws causing it to be cracked.

      The biggest flaws in Engima, JN25 and almost any cypher or coding scheme used by humans are the humans. With Engima and JN25 allied code breakers relied on what they called "cribs" or now days called a "known plaintext attack". British code breakers learned certain terms that German operators often used, things like names of girlfriends, jokes, et al. that made breaking the code extremely easy, especially early in the war. Add this to the superior detection capabilities of the British that could identify where the signals were being sent from.

      The Germans were aware of this flaw and took steps to correct it, especially later in the war but the Japanese were far worse with their culture having very rigid honorifics. American code breakers knew that a message to fleet admirals, high ranking captains, et al. would start with these honorifics and used that as a basis for rapidly decrypting the entire message.

      BTW, if anyone ever finds themselves in the Milton Keynes area, the Bletchley Park site has been turned into a museum and well worth a visit, but so is the UK's National Museum of Computing which is right next door to it and criminally overlooked. Apart from that, I'd recommend getting out of Milton Keynes.

      • "All encyrption can be broken..."

        Yeah, but no. There are a few companies producing one-time pads (OTP), for clients. Huge strings of random data, delivered to both parties. PITA to implement, compared to other methods ... but the messages themselves are secure. OTP is the *only* encryption method that is theoretically unbreakable.

        Random number generation is too important to be left to chance. :)

        • by ron_ivi ( 607351 )

          OTP is the *only* encryption method that is theoretically unbreakable.

          Not quite.

          If you categorize "secure quantum communication" as a form of encrypted communication, it's also theoretically un-eavesdroppable.

          • Un-eavesdroppable is not quite the same as unbreakable

            Also, 'secure quantum communication', as currently implemented, allows for a certain error rate (usually set somewhere between 15 and 20%) ... if you keep your sampling of the communication low, then it renders this method *practically* eavesdroppable. And yes, this attack method has been demonstrated, successfully, without the sender/receiver being able to identify it.

    • Like the Enigma machine, it was never using any prime numbers, but had other flaws causing it to be cracked.

      The biggest problem with Enigma was laziness on the operator's behalf. Rather than changing the code-wheels on a regular basis, the operators kept the same code wheels for months because they believed the encryption was uncrackable.

    • Before quantum becomes so good it can crack primenumbers it will be also good enough for private message distribution.

      The primary use of assymetric key encription-- the ones based on prime number factoring-- is to distribute a symmetric key securely. So all you need to do is solve the secure key distribution problem.

      Quantum distribution doesn't prevent eavesdropping per-se. It just makes eaves dropping detectable. So you don't want to send the secret payload message that way. INstead you send the encryp

  • by Rosco P. Coltrane ( 209368 ) on Monday June 03, 2019 @05:40AM (#58699118)

    Communication or archives you've encrypted years ago with encryption X, Y or Z that are now considered weak. Revisit the files today and hey presto, fascist states of all kinds know what you've been doing years ago and can come after you for it.

  • by Anonymous Coward on Monday June 03, 2019 @05:43AM (#58699126)

    I think Quantum Computing is overstated when it comes to decryption. Is like people is thinking "quantum computing can do whetever a normal computer can't". But this is not true. Sure, if you find a simple method to approach prime numbers theorem, you could break SOME kind of encryption currently in use. Besides, For cryptographic purposes, though, we do know that cracking a 2048-bit RSA key will require thousands of entangled quantum bits (qubits). Entangled qubits form a single, very large state capable of doing the complex calculations needed to crack RSA. Entangling different kinds of qubits—photons, ions, or superconductors—is done with different processes. So far, no process seems to be more successful than the others.

    The best results so far are:

    - 18 fully entangled photon qubits in 2018
    - 16 superconducting qubits, also in 2018
    - 14 calcium ion qubits in 2011

    Clearly there has been progress since the first pair of qubits was entangled in 1998, but it is not clear which process will scale best and no one has come close to the thousands of entangled qubits that will be needed to crack contemporary cryptosystems.

    At this rate, RSA will not be cracked soon. Some researchers suggest five years; NIST thinks it may be 15. We'll see whose guess is closest eventually, but it seems fairly sure that there are at least a few years to prepare.

    • by gweihir ( 88907 ) on Monday June 03, 2019 @05:55AM (#58699182)

      Indeed. And considering they have been at this for over 30 years, it seems there is an inverse-exponential scaling at work, i.e. adding one qbit adds exponentially larger effort. With that, they may never even reach 30 qbits and will stay far, far below what a modern programmable pocket calculator can do.

      Incidentally, for block-ciphers with long keys a QC is not even a threat: It just halves the key-bits. For example, AES-256 stays completely secure.

    • by Megane ( 129182 )

      I think Quantum Computing is overstated when it comes to decryption. Is like people is thinking "quantum computing can do whetever a normal computer can't".

      It's basically the same thing with stem cells. Some people want to believe in a magic bullet which can do anything, it's just a matter of "a few small details!" Details which they have no capability to understand, so they simply assume that someone that knows more will figure it out. Then we get people just randomly injecting stem cells, believing that of course they will cure whatever random ailment that person has, and with no other side-effects.

      "Star Trek has sliding doors and warp drives. We already ha

  • Just presume that any communication online is compromised. I'd love to be proved wrong.
  • First, even working QCs could not do that. Second, we will very likely not get working QCs. And third, what the hell?

  • As long as they're close to or greater then the length of what they're encrypting.

  • when aliens arrived...
    when other algorithms are found vulnerable...

    You find a new way, and watch as software slowly updates.

  • by stealth_finger ( 1809752 ) on Monday June 03, 2019 @05:54AM (#58699172)
    Same thing as when anything breaks I would imagine. A new one will be developed that works in a different way.
  • by tyler2016 ( 4691999 ) on Monday June 03, 2019 @06:01AM (#58699206) Homepage

    As someone else mentioned, one time pads could be used in certain applications, but the following things (and certainly more) could no longer be trusted:

    • Online Shopping
    • Online Banking
    • Email
    • Wireless Home Networks
    • Internet Software Distribution- no app store, no package managers, no internet updates
    • Anything of importance that relies on private electronic communication would no longer be viable
    • by Immerman ( 2627577 ) on Monday June 03, 2019 @08:34AM (#58699900)

      >Email
      Email has never been trustworthy, it was originally designed as a plain-text prototcol, and virtually every advancement in security has been a patchwork at best, in order to maintain backwards compatibility with existing infrastructure. That's why everyone always tells you to never send passwords, bank information, or any other sensitive information by email.

      You can use something like PGP to safely ignore the insecurity of email by using an "encrypted envelope" separate from the email infrastructure, but almost nobody does that.

    • As someone else mentioned, one time pads could be used in certain applications

      Yes they could but the list is short because the logistics, effort, and cost involved in using one time pads is challenging even in the best of (non-trivial) cases. If they were practical to use for every day normal life then they would already be used. That's why they are only used for the most sensitive of use cases where security concerns are sufficient to justify the overhead and cost of using them. The problem is in the key exchange and keeping the keys secure. This problem is the entire reason pub

  • by Anonymous Coward on Monday June 03, 2019 @06:03AM (#58699218)

    If prime factorization became an easily solved problem then people would switch to cryptography based on a different underlying hard problem, like a lattice-based system for public/private keys. Quantum computers canâ(TM)t break RSA today but it will come eventually, companies with a lot of money at stake are already looking at alternatives now because changing the banking infrastructure can take 10 years or more. As others have said, breaking prime factorization for 2k or 4k numbers would mean data previously encrypted or signed would become suspect so if youâ(TM)re worried about it happening in 10 years and your data will need to survive more than 10 years (e.g. the RSA signature of some legal record) you need to worry about this today.

  • by Ronin Developer ( 67677 ) on Monday June 03, 2019 @06:21AM (#58699280)

    Clearly, there would be no more secrets. Didnâ(TM)t this guy watch âoeSneakersâ?

    Seriously, as someone else noted before me, not all encryption is based on prime factorization. elliptic curved donâ(TM)t rely on prime factorization. And, there are other âoepost quantumâ algorithms in existence all ready. Heck, even the one-time pad is still considered secure.

    • by Meneth ( 872868 )

      The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm.

      - Post-quantum cryptography [wikipedia.org]

      Elliptic curves are, as I recall, even worse off than regular RSA, because ECC keys are smaller.

    • This would never happen. The three letter agencies would erase anybody that could do it besides them...Too Many Secrets...
  • Setec Astronomy (Score:2, Insightful)

    by mrbester ( 200927 )

    Shares in the above will go up.

  • by Anonymous Coward on Monday June 03, 2019 @06:35AM (#58699344)

    Finally Bitcoin reaches its actual value!

  • Traveling Salesman [imdb.com]. Not bad at all.
  • by gotan ( 60103 ) on Monday June 03, 2019 @06:58AM (#58699420) Homepage

    The NSA is known to have the money and the personnel to do the research, so i would expect them to have their own QC research project.

    As some already stated, prime factorization affects only some encryption, and AFAIK there is research which public key encryption methods can be attacked by QC, but i wouldn't put it past them to have broken at least some encryption and make use of that. The surest sign of that would be recommendations to government agencies not to use specific encryption methods (because they'd figure that others can replicate their work).

    • The surest sign of that would be recommendations to government agencies not to use specific encryption methods (because they'd figure that others can replicate their work).

      The NSA don't do that kind of thing anymore, if they ever did. These days, when they find vulnerabilities they just sit on them and exploit them until their work becomes public and the internet shits itself [theverge.com].

      On the other hand, NIST (among others) does make such recommendations, but they're hardly privy to NSA capabilities.

  • One Time Pad (Score:5, Interesting)

    by JasterBobaMereel ( 1102861 ) on Monday June 03, 2019 @07:02AM (#58699442)

    One time Pad has been proven mathematically unbreakable ... So not all encryption

    The only issue is they are inconvenient to use which is why we use prime numbers of most day to day encryption

    • One time Pad has been proven mathematically unbreakable ... So not all encryption

      A distinction without a difference for practical use. How about we keep the discussion to forms of encryption that are actually being used by approximately normal people under normal circumstances?

      The only issue is they are inconvenient to use which is why we use prime numbers of most day to day encryption

      "Inconvenient" hugely understates what a pain in the ass they are to use. One time pads work great but we don't use them because they are immensely cumbersome and expensive to use and to administer. It's why they seldom see use outside of extremely high stakes situations like war and spying. Heck, public key

  • and retire on a south pacific island with my toes in the warm beach sand drinking pina coladas served up by native girls
  • by holophrastic ( 221104 ) on Monday June 03, 2019 @07:56AM (#58699676)

    You can walk up to anyone on the street, and demand their money. Maybe you have a weapon, maybe you hold a baseball bat, maybe it's your finger in your pocket, maybe it's a threat, or maybe it's just being scary. By the way, it's just as easy, if not easier, to kill a stranger in exactly the same way. And breaking into someone's house through their glass window is easier still.

    The one and only thing that stops billions of people from doing billions of bad things like thievery and murder is the concept of consequences. Not getting away with it, punishment, prison, and guilt.

    We don't tend to peak at stalls in bathrooms. We don't look sideways standing in front of urinals. It's not because of prime factorization. I know this to a high degree of certainty.

    We're still in the wild wild west era of digital crimes. There are very few electronic criminals who can't easily get away with murder.

    That's the only thing that needs to change. And we have a word for that kind of change: "civilization". Being "civilized" is exactly that.

    So the current solution of encryption isn't the long term solution. The long term solution is accountability -- which is to say, law enforcement.

    I have no idea what that would look like. I'm pretty sure the wild wild west had no idea how a gun-toting public would ever be ruled by a single sheriff with a badge. But that's exactly what happened.

    I'm certainly not suggesting that government oversight, all-tracked, all-the-time, is any sort of answer -- that's not what ended the wild wild west either. I don't know what did, but I'd guestimate that the benefits and stability of living in a known residence, and a court system, probably combined to make it easier to work legitimately than to get away with criminal activity.

    So that's my answer: what would happen without encryption? Better law enforcement -- because it would become immediately mandatory to civilization. And it could probably be as simple as the rest of our court system -- a complaint, a detailed log of the incident, a subpoena for ISP logs, an international treaty, an accusation, an arrest, an inquisition, and a sentence.

  • by lkcl ( 517947 ) <lkcl@lkcl.net> on Monday June 03, 2019 @08:53AM (#58700004) Homepage

    interestingly, a mathematician friend of mine told me of a serious debate over *whether* to publish a paper on an algorithm that they discovered on how to speed up prime number factorisation. in the end, they decided, against my advice, *not* to publish the algorithm, despite it being a huge leap forward in number theory.

    what little i remember of the algorithm - they didn't send me the paper - was that it was based on the riemann zeta function, it was recursive, and it *did not use divide*, which is incredibly important for speeding up prime number detection, given that the "usual" methods are to attempt factorisation (through division). having worked on hardware pipelined implementations of divide and of square-root (and inverse square root), i suspect that the algorithm somehow "absorbed" these "long-square-root" functions, somehow.

    hopefully, someone else will discover - and this time publish - the algorithm, because, just as the OP says, you can bet that someone with a lot to gain (criminals, various TLAs), have long since discovered the algorithm and are exploiting it. then, once it is well-known, the bar on RSA and Diffie-Helmann, and anything else that relies on factorisation of prime numbers, can be properly raised to give people privacy and security back.

  • Re "what would happen if all encryption could be broken?"
    To France by the NSA and GCHQ before France fully understood TEMPEST.
    What happened was the US and UK had so much material in French in real time they needed more translators.
    Germany with Enigma.
    The Falklands War and Argentina. A total loss of all mil communications systems to the GCHQ in real time.
    The NSA / GCHQ with Bullrun / Edgehill https://en.wikipedia.org/wiki/... [wikipedia.org]
  • I think we need to call Dan Aykroyd.

  • Cryptography depends on mathematics. In order for crypto to be easily compromised, our understanding of mathematics would have to be incorrect. The upheaval from a complete rewrite of the math textbooks would probably have a greater impact than the loss of effective encryption.

    However, more than even mathematics would have to change in order for one-time pads to become ineffective. Reality would have to go totally topsy-turvy. Night becoming day and black becoming white (and plaid becoming paisley) would be

  • Unless you can, without consent of the individual, read someone's mind as if it were a physical book, it is conceptually impossible to break *ALL* encryption. And of course, if you can read their mind, then you don't even really need to break the encryption in the first place because you will already know what they said.
  • While governments continue to whine about end-to-end encrypted messaging, we can assume they don't have the means to break it and monitor our communications. It is only when they stop complaining that we should start worrying.
  • See? That was easy. And what IS your bank account number, anyway? Information wants to be FREE!
  • Many would scramble and panic at their loss of perceived privacy.
    Anyone who practices safe, secure communications would consider tweaking their usual jargon and keep on keeping on.

    If encryption is your only "secure" way to communicate, you're not doing it right.

  • With unrealistical assumption that all kinds of crypto would be completely broken, I can imagine total IT mayhem. Many systems (OS and their device drivers, databases, generally large SW packages) depend on cryptographically secure schemes for integrity and authenticity protection, we would be in a world without any guarantee, nobody would be able to distinguish legitimate updates from malware. The end of e-commerce and other aspects were already mentioned several times, so I won't repeat them.

    Fortunately

  • Encryption is already broken, with ONE exception, where the encryption key is used only once and is at least as big as the message being sent. Even this is breakable, but the issue is you don't know which of the plain text messages you can generate from the encrypted message is the right one.

    The question isn't can we break encryption, we ALWAYS can, but HOW LONG will it take? Guessing a key is all one needs to do, it may take you 1,000 years to try them all, but eventually you will find the right one. The

  • Since some encryption (one-time pads) cannot be broken by any amount of computing power, the question is moot.

    The keys must be genuinely random. If there's an algorithm behind them they can be cracked.

    ...laura

  • by h8sg8s ( 559966 )

    Either everyone would have it or nobody would. Paper would be cool again. www.travellingsalesmanmovie.com/

  • Comment removed based on user account deletion

Over the shoulder supervision is more a need of the manager than the programming task.

Working...