close
    • chevron_right

      SIKE Broken

      news.movim.eu / Schneier · Wednesday, 3 August, 2022 - 09:03

    SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition.

    It was just broken , really badly.

    We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the protocol. Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core.

    News article .

    • chevron_right

      NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

      news.movim.eu / Schneier · Wednesday, 6 July, 2022 - 16:49 · 1 minute

    NIST’s post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms:

    For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.

    For digital signatures, often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-Dilithium , FALCON and SPHINCS+ (read as “Sphincs plus”). Reviewers noted the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NIST’s other selections.

    NIST has not chosen a public-key encryption standard. The remaining candidates are BIKE , Classic McEliece , HQC , and SIKE .

    I have a lot to say on this process, and have written an essay for IEEE Security & Privacy about it. It will be published in a month or so.