Swiss Company Claims Weakness Found in Post-Quantum Encryption, Touts Its New Encryption Protocol (bloombergquint.com) 63
"A Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption," reports Bloomberg:
Terra Quantum AG said its discovery "upends the current understanding of what constitutes unbreakable" encryption... Terra Quantum AG has a team of about 80 quantum physicists, cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and the U.S. "What currently is viewed as being post-quantum secure is not post-quantum secure," said Markus Pflitsch, chief executive officer and founder of Terra Quantum, in an interview. "We can show and have proven that it isn't secure and is hackable..."
The company said that its research found vulnerabilities that affect symmetric encryption ciphers, including the Advanced Encryption Standard, or AES, which is widely used to secure data transmitted over the internet and to encrypt files. Using a method known as quantum annealing, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum computers that could be available in a few years from now. Vinokur said in an interview that Terra Quantum's team made the discovery after figuring out how to invert what's called a "hash function," a mathematical algorithm that converts a message or portion of data into a numerical value. The research will show that "what was once believed unbreakable doesn't exist anymore," Vinokur said, adding that the finding "means a thousand other ways can be found soon."
The company, which is backed by the Zurich-based venture capital firm Lakestar LP, has developed a new encryption protocol that it says can't be broken by quantum computers. Vinokur said the new protocol utilizes a method known as quantum key distribution. Terra Quantum is currently pursuing a patent for the new protocol. But the company will make it available for free, according to Pflitsch. "We will open up access to our protocol to make sure we have a safe and secure environment," said Pflitsch. "We feel obliged to share it with the world and the quantum community."
The company said that its research found vulnerabilities that affect symmetric encryption ciphers, including the Advanced Encryption Standard, or AES, which is widely used to secure data transmitted over the internet and to encrypt files. Using a method known as quantum annealing, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum computers that could be available in a few years from now. Vinokur said in an interview that Terra Quantum's team made the discovery after figuring out how to invert what's called a "hash function," a mathematical algorithm that converts a message or portion of data into a numerical value. The research will show that "what was once believed unbreakable doesn't exist anymore," Vinokur said, adding that the finding "means a thousand other ways can be found soon."
The company, which is backed by the Zurich-based venture capital firm Lakestar LP, has developed a new encryption protocol that it says can't be broken by quantum computers. Vinokur said the new protocol utilizes a method known as quantum key distribution. Terra Quantum is currently pursuing a patent for the new protocol. But the company will make it available for free, according to Pflitsch. "We will open up access to our protocol to make sure we have a safe and secure environment," said Pflitsch. "We feel obliged to share it with the world and the quantum community."
Re: (Score:2)
Re: (Score:1, Troll)
Wow! The Jews are behind Everything, there's nothing, nothing they cannot do. I'll bet they are even using lasers from space to break encryption. Have you told Fox News? They go for your kind of stories.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Spooky keys at a distance. (Score:3)
Quantum Key Distribution.
Isn't that what the Chinese satellite is about?
https://www.cbc.ca/news/techno... [www.cbc.ca]
Re: (Score:2)
Hmmm, well the Chinese do use physics with their satellites. QKD uses physics. So the answer to your question is yes, most definitely.
Re: (Score:2)
That was about as useful as a pogo-stick in a volcano.
Re: (Score:1)
A swiss company selling unbreakable cryptography? (Score:5, Interesting)
Re:A swiss company selling unbreakable cryptograph (Score:4, Interesting)
For some non-paywall info:
Crypto AG was a Swiss company specialising in communications and information security. It was secretly jointly owned by the American Central Intelligence Agency (CIA) and West German Federal Intelligence Service (BND) from 1970 until about 1993, with the CIA continuing as sole owner until about 2018.[1] With headquarters in Steinhausen, the company was a long-established manufacturer of encryption machines and a wide variety of cipher devices.
The company has been criticised for selling backdoored products to benefit the American, British and German national signals intelligence agencies, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), and the BND, respectively.[
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
That is all I got too. Swiss company sells encryption, wait what, are they kidding, surely they must be joking. Swiss company sells encryption and everyone goes yeah nahhh, you have got to be fucking kidding. Want to sell encryption don't fucking do it out of Switzerland, encryption is dead in Switzerland and the Swiss murdered it to, FEED THEIR GREED.
The profited off world war two pillaging of everyone else and then they profited off secret banking for organised crime, terrorists and corrupt governm
Re: (Score:2)
One of the reasons that the British government kept the whole WW2 breaking of Enigma a secret until the mid-1970s was so that people would continue using it, trusting to it's unbroken encryption capabilities. So from 1945 to the mid-70s, the British government could read a significant proportion of the world's encrypted traffic.
Obviously the CIA and/ or BND decided to get in on the act after the UK's 20-odd years of owning, in a quite real sense, the world of encryption.
(Not for
Re: (Score:3)
Or more simply... company says current something is broken, but they're patenting and will be selling something that's not -- sorry, "make it available for free". Only time will tell about both parts ...
Did they just claim to do the impossible! (Score:5, Informative)
Which means at most a quadratic speed up, so doubling key length completely negates the quantum advantage. In practice, the (hypothetical) quantum computer would have to be very large and run for a very long time. Neither of which is projected to be possible for quite a long time.
Re: (Score:2)
See Grover's algorithm which is proven optimal for searching arbitrary sets (like the output of a hash or AES). It is optimal because it has a proven bound, which is O(sqrt(n)).
Which means at most a quadratic speed up, so doubling key length completely negates the quantum advantage. In practice, the (hypothetical) quantum computer would have to be very large and run for a very long time. Neither of which is projected to be possible for quite a long time.
This. There are also algorithms that have security guarantees beyond 'safe from Shor and Grover'. Mostly around entropy extraction. The proofs show there is no arrangement of atoms following quantum rules, that are fully entangled with the state of an entropy source that can predict the output of the downstream entropy extraction algorithm better than chance. 2-EXT by Prof Yevgeny Dodis is an example algorithm. The underlying mechanism is entangling every internal state with some other internal state so ext
Someone please explain (Score:2)
Do they mean the key schedule? I don't remember AES using any hash function. Anyway, their solution is quantum key distribution.
How does key distribution solve the problem of the encryption algorithm being broken?
Or do they mean they didn't break AES at all, but the key distribution currently used for AES?
Re:Someone please explain (Score:5, Interesting)
I think they are claiming that they've found a way to feasibly invert the pseudorandom permutation [wikipedia.org] (round function) that is the heart of Feistel ciphers [wikipedia.org]. But like Brent Waters says, it is hard to understand their claims -- much less figure out if they are right -- until they publish a solid technical description.
For example, it would be interesting to know whether (they think) their attack is usable against crypto protocols that use the sponge construction. NIST selected Keccak for SHA-3 because the construction is different enough from SHA-2 that the resulting digest functions were not likely to share many weaknesses.
Re: (Score:1)
they are assuming use of QC that don't exist and won't exist for a while... or will never exist.
Re: (Score:2)
Re: (Score:2)
Don't put too much weight on my guess -- I am just trying to translate their claim of inverting a hash function into something more with more concrete meaning in cryptography. Like Great_Geek said up-thread, most cryptographers think Grover's algorithm is the most feasible attack on general cryptosystems. If they are claiming to have a significantly better general result, it would upset a lot of assumptions about crypto.
Re: (Score:3)
AES is one of the few symmetric algorithms that does NOT use a Feistel network. AES uses array multiplication to encrypt, and then multiplication by the inverse of that array to decrypt, essentially.
As to what Quantum computers/algorithms can do, I have never found an intelligible explanation.
Re: (Score:2)
Stuff 1024 bits into a hash algorithm and pull out 256. An inversion will on average map each output state to 2^768 possible input states.
So that isn't going to be very effective at breaking the primary hash property. First and second preimage resistance might be up for grabs if you have the rainbow unicorn quantum computer and the Swiss firm isn't as compromised as Crypto AG was.
Re:Someone please explain (Score:4, Interesting)
They are claiming the quantum machines and algorithms that don't yet exist could attack AES someday, that someday is not today.
In short, nothing is threatened, no action need be taken. The machines that don't exist may continue to not exist indefinitely.
Re: (Score:3)
I wonder how and why /. editors have let this slip:
A classic example of could-be, would-be, should-be. Let's get back to the topic when such quantum computers are even remotely real. Quantum computers have been touted as being able to solve anything and everything, only so far they've seen quite limited application.
Re: (Score:3)
That depends on if you want your info secret tomor (Score:2)
> In short, nothing is threatened, no action need be taken. The machines that don't exist may continue to not exist indefinitely.
May not exist, may exist. Probably will.
So the question is:
Are you encrypting something today that still needs to remain secret ten years from now?
If your secrets will no longer matter in ten years, no action is needed now. You can say "maybe they can decrypt it in2030; I don't care if they can."
If today's secrets need to STAY secret for a long time, you have reason to think a
Re: (Score:1)
Don't know why you pick 10 years, quantum computers have existed for over 20 years and are still very pathetic and useless for any practical application. At this rate let's say another 20 years will pass and they'll still be nifty grad school projects.
Re: (Score:2)
You and Thomas Watson seem awfully sure of your predictions.
Things might go the way you predict, you may turn out to be just as prescient as Ken Olsen and Robert Metcalf.
Re: (Score:3)
They’re valid because we understand that most nations now have a SigInt function which collects encrypted transmissions created by foreign nations. Even if the collector lacks the technical capability to access the data immediately, steady advances in cryptanalysis and the inexorable march of hardware capabilities may gradually combine to give that collec
Re: (Score:2)
One thing that can be of use much later is the key.
Some systems keep using the same master key even as they update the choices of algorithms. So it's entirely possible that the VPN at your job is using the same key as when it was set up eight years ago, and it may still be using the same key eight years from now. Some systems mitigate this threat.
There is theoretical work that perhaps one day quantum crypto could be used to detect a tap. It's still a long way from a product you can buy that isn't easily d
Re: (Score:1)
Entangled quantum communication to detect eavesdropping is another matter, that doesn't have anything to do with use or nonuse of encryption. Seeing the state of an entangled photon for example lets one know the state of its pair. The goal would be to prevent interception and also storage for later time. That has been done in laboratory at least.
Meanwhile QC are going nowhere fast, the IBM ones of this article are 3 years old. Adding qubits makes holding system in coherent state for any useful length o
Re: (Score:2)
May not exist, may exist. Probably will.
Can you offer credible evidence to support this?
If today's secrets need to STAY secret for a long time, you have reason to think about how quantum computers are going to be used in ten years to decrypt something you encrypt today.
What I find most amusing about all of this is QC was never known to be a credible threat to symmetric ciphers in the first place even in the alternate reality where QC's capable of killing off RSA are readily accessible.
The problem with "thinking about" is there is almost never any reasonable basis upon which to make any kind of useful determination at all. For all anyone knows their favorite key exchange and or cipher will stand for a million years or fall t
Re: (Score:2)
Re: (Score:2)
What a mess (Score:2)
What a mess. Inverting hash functions, then randomly throwing out quantum annealing. Then moving into a key derivation protocol that says still use some other kind of crypto post key generation.
Is there any news at all here?
Re: (Score:3)
Well, you have to remember that whatever is being said by the company is passing through the filter of a journalist (who may be more technically minded than most other journalists; but, in the end, isn't an expert in the field).
I've seen this happen fairly often in academia as well - a researcher says something, the news person interprets it differently, and even after some back-and-forth... what comes out in the press doesn't necessarily accurately convey what the researcher said.
Of course, there's also a
Re: (Score:3)
> Inverting hash functions
If they mean putting in a megabyte of data and getting 64 bytes out, then 'reversing' that, "because quantum" - I think nobody who is an engineer would be working there any more.
So, yeah, publish a paper, not a press release guys.
Re:So happy I left security field (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
I have to re-run the quantum decryption against
Re: (Score:3)
One time pads don't have keys, they are a stream of random data as long as the message that are XOR'd with the message. That means that the same ciphertext could be absolutely anything, there is no way to 'decrypt' it unless you know the exact plaintext you are trying to recover.
Re: (Score:2)
The reason OTP's are uncrackable is because you can feasibly get back anything so long as it's a string of the correct length. Any string at all. And there's no way to know that any particular string is the correct one. Randomly-chosen one-time pad encryption produces random encrypted data. Without knowing the exact sequence of the OTP, the original text is literally unrecoverable. You could try brute force, but there are keys that exist, that you have to check through which produce literally every other po
Re: (Score:2)
Will OTPs be enough? The [hyped] premise of using quantum techniques to crack encryption [if I understand, which is admittedly dubious] is that a quantum computer can effectively test all possible permutations to decrypt ciphertext *at the same time*... In other words, what ever the time requirement for a conventional computer to test a single decryption key , a quantum computer can theoretically test *all possible decryption keys*, and find the correct one.
The problem is that there is no "correct key". Every possible OTP is equally "correct" and each one will result in a different, but equally valid decryption.
For example, let's assume that the "to test a single decryption key" part of your message is encrypted by XORing it with an OTP.
Pray tell how will my quantum computer decide between hex key 3916001c0a0511520252120f1a4705160002100f1e591f12490a0b4c184458 and hex key 3d4f571d091f544e0e54530b1b1e4c11480d1643061612150a0c014e02160d when decrypting it?
Re: (Score:2)
In general, If the key is as large or larger than the data, no algorithm out there is going to be able to decrypt it. Of course, the downside of a OTP is that the key material is pretty large, so you have to find a way to get it to both sides in a secure manner.
Some companies have tried this. In the late 1990s, there was a company in Austin called Ultimate Privacy which created a OTP app where two parties could distribute the OTP material via a secure physical method (not online), and then the OTP app wou
Setec Astronomy... (Score:2)
Dawn of the dead (Score:2)
How will we know if this idea works?
It will be when we wake up one morning and find that Bitcoin has suddenly become worthless. Imagine a million Redditors stumbling out of their basements into the unaccustomed sunlight, not knowing what to do with themselves next...
Swiss Encryption (Score:2)
Weakening security by way of spooky commentary (Score:2)
Company looking for funding makes extraordinary claim to press.
Offers no evidence nor useful specificity.
Company then proceeds to claim they are seeking a "patent" on the solution.
I believe in the concept of crypto agility (where applicable) to hedge against the unknown yet jumping the shark and switching to some newfangled untested scheme in an anticipation of something for which there is no evidence is a fools errand.
Proof? (Score:2)
Where is a technical paper backing this claim?
Doubt it. (Score:3)
It's hard to prove unbreakable, but easy to prove broken.
If they could invert a hash function, then they could easily find a collision in that hash function.
Publishing a collision in even a weakened version of any hash function in use would be easy, and would be nearly irrefutable evidence of what they claim.
The fact that they didn't, makes their claim highly suspect.
Is this simple algorithm for encryption strong? (Score:1)
I wrote this simple data encryption / decryption algorition and am curious what anyone thinks of whether or not it is easy to crack, as my intent was to do the quickest, shortest thing that's good enough for now.
Looks like O(N^3) to me to decrypt, it's basically an accumulated increment and XOR shift. Being XOR I'd imagine that'd make it much more complex, and I can change the accumalation to something with more complexity and add a nounce. //Encryption of filedata[]
int iter=0;
int accum=0;
for(int di=0;difi
Biggest case of NIH fraud I've ever seen. (Score:2)
Apparently, they call classical encryption, namely AES, "post-quantum", then go on to show you can break it with regular quantum algorithms, which is exactly the whole point of quantum conputing and always has been, but treat it as if they invented a new type of crack, ... and then present regular quantum encryption methods, know for quite some time now, as their "new" "one step further" algorithm.
How fuckin stupid do they think we are??
Or is the article just *insanely" badly written. (I mean they do put "h