<<< Date Index >>>     <<< Thread Index >>>

[IP] more on on crypto systems from CTO PGP





Begin forwarded message:

From: Brad Templeton <btm@xxxxxxxxxxxxxx>
Date: July 10, 2006 12:06:08 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: job@xxxxxxx
Subject: Re: [IP] on crypto systems from CTO PGP

On Mon, Jul 10, 2006 at 06:04:17AM -0400, David Farber wrote:
Modern cryptographic systems are essentially unbreakable,
particularly if an adversary is restricted to intercepts. We have
argued for, designed, and built systems with 128 bits of security
....
If you want to brute-force a key, it literally takes a planet-ful of
...
They could know something we don't. They could know some fundamental
truth about mathematics (like how to factor really fast), some
effective form of symmetric cryptanalysis, or something else. They
could know about quantum computers, DNA computers, systems based upon

While it is also a non-scientific statement, this history of
"unbreakable" cryptography is checkered.   Significant numbers of
systems judged unbreakable using the thinking of the day have ended up
having flaws.   Some claims of unbreakability also fell victim to
the unexpected push of Moore's law (such as DES, which we at the EFF
demonstrated the crackability of many years ago.)

One of my favourite charts at a crypto conference did a graph between
the predicted lifetime of cryptosystems (often expressed, in terms of
tens of thousands of years, or now lifetimes of the universe) and the
actual lifetime under unanticipated cryptanalysis techniques.  It was
meant to be an amusement but it looked like a real trend.

2^128 will not be readily brute-forced with the technology we envision
today.   The point is that most of these systems were not broken with
the technology (and other aspects of cryptanalysis) we know today.
Each flaw found in a cryptosystem makes our next system stronger, of course,
but it's very risky to say we've found the last flaw, discovered the
last breakthrough in cryptanalysis.

As for quantum computing, a classmate of mine has endowed a center
for quantum computing at Waterloo, using his RIM money.  I asked him
recently how many q-bits they could do, he told me they had classified
the answer.   That could mean they are being overly paranoid in their
classifications (quite likely) or that they have classified it because
they wonder if the future answer will be military level, or if they
have classified it just to keep people wondering.  But one can't help
but wonder.

All this said, I feel pretty confident in our modern systems.  But
not enough to say essentially unbreakable.


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/