A new "quantum proof" encryption standard is broken by a low-end PC

This is the thing- The Vigenère cipher is provably uncrackable, so the hard problem in cryptography changes to that of key distribution.

Of course, that’s why the world tends to use asymmetric key algorithms rather than the technically more secure methods that we know about. The gains from not having to set up a parallel system of key distribution are large enough to offset the increased “crackability” of the cipher.

… and if you can securely hand off the pad text, why not just give them the message instead :thinking:

6 Likes

I always assumed that it was spelled “psych” because you are trying to “psych somebody out.” and that the word has the same root as psychology.

10 Likes

Perhaps they’ll have to go back to the KG-84A, punched paper tape, and private key encryption.

1 Like

i think the problem is you leak information that way. the reason the pad has to be larger is so that the data can’t be determined through things like frequency analysis. ( at simplest like knowing the most common vowel in english is e )

i’d imagine if you have a system that is safe enough to send scrambled keys, you could just use one of the existing public/private key systems as is. no scrambling necessary

they’d all fall to quantum analysis anyway… in theory

3 Likes

Not sure whether this is a joke or not :thinking: But there may be others who are confused, so I will answer anyhow…

If I meet you, I can give you gigabytes of one-time pad numbers, where I have the only other copy. Now you have the key, I can send you securely many drafts of my forthcoming paper “How to break all codes using quantum”, even though I have not written it yet. This is usually a fatal thing to do with crypto, because the messages are big, and one draft probably has a lot in common with the next one. But if I do a really trivial encoding like XOR each character with a byte from the one-time pad, then all an eavesdropper gets is the number of characters.

1 Like

Wait, what? I had always believed the word was “psych” as in “I psyched you out”! In fact I still believe that and maintain that urban dictionary don’t understand the etymology of the phrase.

ETA: yeah, what @simonize said.

10 Likes

Giving one time pads to a few agents, dropping them behind enemy lines and communicating text messages with them back and forth is pretty easy. It’s a bit more difficult if you’re sending rich data like images. But if you picture a fleet of ships (or military units, or a network of agents) You probably want them to be able to communicate with each other. And that requires that every ship have a separate OTP for every other ship. And since you also probably want to be able to send messages to groups of units, you also need OTPs for different combinations of of units. Which quickly becomes prohibitively larger than all the messages sent.

I am reminded of the time that I have spent explaining to pretty smart people that four letter acronyms are terrible search terms when they are also words in English.

2 Likes

Also the weird habit of naming legislation so the initials make an oh so hilarious and vaguely relevant word.

Why?

Syke is a common way to spell the slang term. I agree that ‘psych’ is probably a more accurate way to spell the phrase as derived from ‘psychological’, but slang being slang ‘syke’ isn’t exactly incorrect either. I imagine ‘syke’ came about simply from not knowing how to correctly spell ‘psych’ and just spelling it phonetically.

1 Like

Gonna have to dig out the 'ol KOI-18 tape reader to load my KYK-13

4 Likes

We just used the KOI-18 directly into the KG-84A. Neither they or the tape ever left the vault. Hooked up to a dedicated phone line and a 2400 baud modem from the 70s. That’s the rig that we were using to search DROLS into the early 2000s.

3 Likes

image

10 Likes

Another would-be cryptographer re-discovers Schneier’s Law: “Any person can invent a security system so clever that she or he can’t think of how to break it.”

Despite the algorithm suffering this massive failure, it’s actually a reason for all of us to celebrate: it’s a triumph of a well-designed process. The methodology of having a contest to pick the winner is working exactly as we need it to. Flawed algorithms are being weeded out. It proves that offering the public the chance to attack newly proposed algorithms for several years before settling on a new standard can indeed solve some really hard problems, like cryptographic review.

And it’s another demonstration of why Kerckhoffs’s principle remains critical for security: you have to start with the assumption that the enemy knows every aspect of your cryptosystem except for the secret key. If SIKE was a “secret” algorithm that we weren’t allowed to study, we might have adopted it as a standard and entrusted it with our secret data. Who knows how long it might have survived as a standard before someone discovered this flaw?

7 Likes

Ted Danson Yes GIF by The Good Place

2 Likes

Or “siked” out? :wink:

Came to mention Schneier’s law, thank you.

I think cryptography [1] quietly sails along, never crossing most people’s radar. But the absolute wonder of it: two people who have never met (e.g. you and your bank) can establish a secret code they’ll use to scramble their communication, and can pass messages back and forth in privacy. It blows my mind that a third party can snoop all they want, including the initial messages where the secret is established and shared, and never know what is said in the conversation that follows.

It’s not new [2], but it’s still mind-boggling to me.

[1] Cryptography, not cryptocurrency. The former is a useful branch of applied mathematics. The latter is a high-tech way of re-creating old problems.
[2] 1976 was the first practical implementation.

3 Likes

This is just one of those continual reminders that quantum computers don’t exist yet, and so anything that is “quantum proof” is, by nature, a lie, becuse we don’t actually have quantum computers.

Is it like Dune? “The slow blade penetrates the shield.”