[Ach] "New algorithm shakes up cryptography"

Hanno Böck hanno at hboeck.de
Sun May 18 19:06:17 CEST 2014

On Sun, 18 May 2014 18:55:28 +0200
Aaron Zauner <azet at azet.org> wrote:

> Hanno Böck wrote:
> > I had mail contact with one of the authors today and also talked to
> > someone who was at the talk, it's basically "just" the final
> > version of the paper that was preprint-released last year.
> It seems to extend it a bit though?

From what I'm aware of no. I had some jabber discussions about it with
Tanja Lange, who was at the Eurocrypt conference in the presentation. It
is the same algorithm, it just contains some fixes for errors that were
spottet in last years version of the paper.

I'm aware not all people here speak german, but for the ones who do, I
wrote a text about the whole thing yesterday:

> > I think the press release is vastly overblown. This still only
> > affects finite fields of small characteristics, which is not really
> > relevant for crypto.
> Yup, that's also basically what their conclusion section states.
> Nevertheless it is obvious that further improvements with real
> applicability to crypto are possible in the near future.

Possible but from what I heared not very likely. See e.g. Schneier:

> > Yeah, I agree on that. I don't see the Joux et all results really
> > frightening, as most people I ask seem to think that they don't
> > apply to any real-world crypto. But the quantum threat is looming
> > and became much more likely in recent years.
> From what I understand of current quantum computing research: papers
> like this one are far more likely to produce follow up work that'll be
> dangerous for deployed crypto systems than quantum computers. At least
> in the next 20-30 years. The idea of post-quantum cryptography is a
> general one: create new systems for different fields of cryptography
> that do not rely on our classical approaches of computational
> complexity for cryptographic security.

I heared a number of times recently when physicists said things like
"maybe in 10 years", so I'm a bit more worried about quantum computers.

But generally you're right, our main problem is that in public key
crypto we basically don't have much alternatives, everything relies on
three related problems (factoring, dlp in primefields and dlp in
elliptic curves).
Compare that with symmetric encryption or hashing, where we could
probably easily name 10 algorithms that we could consider secure
enough replacements if any of the widely used algorithms fail.

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cert.at/pipermail/ach/attachments/20140518/f1318637/attachment.sig>

More information about the Ach mailing list