& cplSiteName &

What if Encryption Just Stopped Working?

Mitch Wagner
8/7/2015
50%
50%

The next segment of our science fiction serial is up:

Silence Like Diamonds – Episode 5: Circular Trail

Need to catch up? Read from the beginning: Silence Like Diamonds – Episode 1: Family Business

When you're up-to-date, come back here and we'll talk about encryption and how it's turned upside down in the world of "Silence Like Diamonds."

Over on his own blog, the author, John Barnes, calls out a key passage from Friday's episode: Silence Like Diamonds – Episode 3: Principle One

    Ever since the Yan-Dimri fast factorization algorithm had flipped the advantage from the encryptors to the cryptanalysts, only isolated systems could be really secure (at the cost of being really useless).

That sentence is cryptic (so to speak), but Barnes explains on his blog what he means -- and it's exactly what I thought he meant. (See Predictions Are Hard, Especially About the Future)

For the entire history of the public Internet -- call it 20 years or so -- we've enjoyed an asymmetry in encryption. It is far, far easier to encrypt a signal than it is to break the encryption.

How much easier? So easy that any $150 Chromebook or $100 smartphone can encrypt information so robustly that the most powerful and expensive supercomputer in the world can't break it.

That's very peculiar. We're not used to cheap computers being able to out-do expensive computers.

But we don't really think about it. We take it for granted, as if it's natural law.

In his blog, Barnes explains that this situation is only about 40 years old, dating back to the 1970s. Previous to that, encryption and codebreakers were in an arms race, with codebreakers breaking encryption nearly as fast as the codes were created.

Now here's where things get really interesting: Nobody has ever proven that it's impossible to quickly break a code created with the strong encryption we rely on.

And nobody's proven that it's possible, either.

We just don't know.

We know that it hasn't been done in the 40 or so years these codes have been around.

Well, probably not.

All of global commerce depends on these encryption algorithms, and the trust that they're practically impossible to break.

In the near future of "Silence Like Diamonds," someone has figured out a way to break the best encryption algorithms. Two someones, named Yan and Dimri.

What would that world be like?

So far at least, the Yan-Dimri breakthrough hasn't figured much into the main story of "Silence Like Diamonds."

My first thought when I read the story, and John's follow-up post, was, "Wow! The world would be completely different! We'd have no privacy, and no secrets!"

And yet isn't that the situation we live in now? We live in the world after Edward Snowden, and countless other data breaches. For millions of us, our privacy is already broken. If attackers could break encryption, they'd just have new tools. It wouldn't be a fundamental change for privacy.

The breakthrough John imagines would mean big changes for business, because encryption is how we enable e-commerce. How could anyone do credit card transactions or funds transfers if they knew that criminals were likely eavesdropping over the the wire, and collecting credit card numbers and bank information?


Find out more about the New IP on Light Reading's The New IP Channel


You wouldn't be able to trust the Internet for financial transactions anymore. You wouldn't be able to trust any means of electronic communications. You'd have to go back to transmitting funds and other private transactions by hand, using couriers, like in the 19th century and earlier. Instead of carrying documents, these couriers would carry portable disk drives and USB sticks, but otherwise the procedure would be the same.

Meanwhile, network managers would have to find new ways to innovate and do business on their networks. But that part isn't science fiction -- it's happening right now, part of the New IP revolution.

Read Light Reading every day to find out more about the New IP, and come back Tuesday for the next installment of "Silence Like Diamonds."

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to wagner@lightreading.com.

(18)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/27/2015 | 9:20:14 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Authentication doesn't require encryption.


Maybe I missed the point here. If someone can successfully pretend to be you, they can do transactions in your name with your money.


If they have access to  your traffic, then they can see the tokens etc that you send. Is that enough for them to imitate you, given the skills to appear to send from your ISP etc?


But if your messages are encrypted and they can't read them, then access to the messages doesn't help them pretend to be you.

If you have access to a code that no one  else can break, the very fact that you know the code is pretty good evidence that it's you. Or at least that it came from your own software, that they had access to more than just your packets.

The big point is that our current encryption systems were set up to allow anybody to do encrypted stuff with anybody else on the net. You don't have to exchange secret keys over a public system, or find an alternative medium to send them. It just works, for everybody. If we lose that, we'll have to fall back on secret communication only between entities that have actually exchanged secret keys some other way.

Unless I misunderstand.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/27/2015 | 8:40:31 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
There are two separate problems here: Authentication and payment. 

Authentication doesn't require encryption. You might use a token, something like the way Google and other sites now handle two-factor authentication.

Payment can be managed by the bank and amazon -- as it is now. The new system might require exchange of one-time pads. They can figure it out. 
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/27/2015 | 7:24:41 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Your bank has an incentive to work out an arrangement with you. They might for example hand you a read-only data packet of some sort when you visit your bank. It can serve as a one-time pad. The intermediate entity makes money from banks and such, who each trade one-time pads with it. This is easier for them than each of them sharing one-time pads with each other.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/26/2015 | 6:28:13 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
J Thomas - How does an entity like Amazon make money on immediate purchases, though? 

For exmple, last night I was lying in bed at 11 pm and decided I needed a new computer bag (to go with my new MacBook Air, which replaced my MBP), and some other little travel and consumer electronics doodads. Total purchase came to about $65. I hit the check out key immediately, and the entire transaction was done in about 15 minutes. How would that work in an era where encryption could no longer be trusted?

Bear in mind that if I wait a day I might remember that I already have a room of the house devoted to computer bags and electronic gadgets I'm not using, and don't need anymore.

Hmmm... answering my own question here: I think the answer is credit. Amazon extends credit to me as a customer, and I only have to pay my bill monthly. That bill-payment can be done over a period of however long time it takes to transmit and receive a one-time pad. 

Whew! We've saved Amazon! Jeff Bezos will be relieved! :)
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/25/2015 | 3:22:55 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
"Similarly, how could Amazon sell sweatsocks?"

You can have a known mailing address. It might take, say, a week for you to change it if you move.

Amazon sends your sweatsocks to your address. If someone ordered them for you with your money, then you return the sweatsocks and they return your money. The somebody who pretended to be you did not get the sweatsocks. Amazon can do this if it doesn't happen so often that they lose more than they can afford on mailing.

Harder version: Somebody says he sold you sweatsocks and takes your money. The sweatsocks never arrive, you didn't order them anyway, and your money is gone. The account was closed out and the mony sent through some complicated laundering operation. What can anyone do about it?

One possibility -- You send the money to a professional escrow organization that verifies to the seller they have it. They send you the product, you then validate payment. You don't get your  money back. If you don't send the money on then you claim what happened, the other guy claims what happened, and anybody who wants to do business with either of you gets to review the record if they want to. Now the big trust issue isn't between you and everybody, it's mostly between you and your trusted escrow agency.

Better -- you have a trustworthy link with your bank. Your bank has a trustworthy link with your vendor's bank.

Instead of needing a trusted communication link with every entity in the system, you only need a path of trusted links, between pairs of entities that can presumably afford one-time pads or couriers to physically transfer private keys.

 
brooks7
50%
50%
brooks7,
User Rank: Light Sabre
8/14/2015 | 11:56:11 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
"Yes, it is breakable -- but it takes billions or trillions of years to do it through compute. So instead attackers use man-in-the-middle attacks, social engineering, or exploiting software bugs. Those things can be be protected against."

I think you have the timescale wrong.  Just ask the NSA.  Try more like a year not billions of years.  The problem is that most people don't have the compute resources of the NSA.  That is just one reason why hackers try to take over machines (to assign them work).

And it is impossible to defend against Social Engineering attacks.  Imagine that I give Light Reading's IT head $1B to let me break in.  Think he would let me?  It is all a question of resources - not of technology.

So let me ask a question.  You ever gotten a Flash Drive at a trade show?  Ever plug it in?  How do you know that it does not have a Root Kit that the person that gave it to you did not know was there?

seven

 
John Barnes
50%
50%
John Barnes,
User Rank: Blogger
8/14/2015 | 3:27:41 AM
A little historical perspective on this over at my blog...
... as in what do a message wrapped in cigars, the Dreyfuss affair, and the history of shinplasters have to do with fast factorization?


Mosey on over to my blog announcing Episode 7 for things in a bit more detail.  Sure hope there are a lot of cigar and shinplaster aficionados out there ....
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/11/2015 | 10:31:28 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
brooks7 - "Here is the thing...again it is completely breakable right now.  There is no new tech required to break things.  But it takes say a year.  So, you can change your password before it becomes decrypted."

Yes, it is breakable -- but it takes billions or trillions of years to do it through compute. So instead attackers use man-in-the-middle attacks, social engineering, or exploiting software bugs. Those things can be be protected against.

Decryption can't be protected against, so instead you rely on couriered messages, or one-time pads as described in the next installment of "Silence Like Diamonds." 
brooks7
50%
50%
brooks7,
User Rank: Light Sabre
8/10/2015 | 12:59:23 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Mitch,

Here is the thing...again it is completely breakable right now.  There is no new tech required to break things.  But it takes say a year.  So, you can change your password before it becomes decrypted.

Multi-factor Auth is much better than changing the sign on procedures.  You just need an out of band comms mechanism.

seven

 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/10/2015 | 10:52:13 AM
Re: Biometrics
brooks7 - You are technically correct. Today's encryption is indeed breakable, just not in a "reasonable time frame."

But that unreasonable time frame is longer than the known life of the universe
Page 1 / 2   >   >>
More Blogs from Wagner’s Ring
Facebook is building out its networking infrastructure to provide for the needs of nearly 2 billion active users.
Awards ceremony! Party! Media executives wearing disco duds!
The Aftershokz Bluez 2S lets you listen to spoken word audio or music while still hearing outside sounds, making it less likely you'll get smooshed by a car while walking a badly behaved dog.
I love my Martian Notifier. But it was not a love that was meant to last.
From The Founder
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
From the Founder
How the NIA Aims to Advance NFV

5|25|17   |   08:07   |   (0) comments


Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
LRTV Custom TV
Better Solutions That Address Growing Scale

5|25|17   |     |   (0) comments


For Comcast, the X1 rollout and 17-fold increases in broadband speeds in the past 16 years are among factors driving the need for Energy 2020 solutions that reduce cost and consumption, says Mark Hess.
LRTV Custom TV
Ethernity Network Delivers Instant Offloading of Network Functions Wth All-Programmable Intelligent NIC

5|25|17   |     |   (0) comments


David Levi, CEO of Ethernity Networks, explains that programmability of the hardware makes the company's All-Programmable Intelligent NIC uniquely beneficial for communications service providers that need advanced data appliances with agile support of virtualization. Utilizing the company's patented network processing technology, Ethernity offers data path ...
LRTV Documentaries
BCE 2017: Vodafone Gets Obsessed With Cloud-Native

5|25|17   |     |   (0) comments


Vodafone's Matt Beal updates us on Project Ocean and explains why simple virtualization isn't enough of a goal for network transformation. Catch up with other BCE 2017 keynotes and news at http://www.lightreading.com/bce.asp.
LRTV Documentaries
BCE 2017: Intel's Take on Network Transformation

5|24|17   |     |   (0) comments


In this BCE 2017 keynote, Lynn Comp discusses Intel's vision for areas such as analytics, automation and service assurance. For more videos and BCE coverage, see http://www.lightreading.com/bce.asp.
LRTV Documentaries
Order From Chaos: The Steve Saunders BCE Keynote

5|24|17   |   17:27   |   (0) comments


Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability testing.
Think of this as the video sequel to the recent columns he's written about NFV and the prospect of a telecom app store. (See

LRTV Documentaries
Service Provider Panel: Partnering in the Digital Era

5|22|17   |     |   (0) comments


Coopetition has always been part of telecom, but the ecosphere now includes data centers, vendors, apps developers, cloud service providers and Internet content providers. This BCE 2017 panel explores the new attitudes among network operators as to the value and variety of ...
LRTV Interviews
Site Demo: AT&T's IoT Flow Platform

5|19|17   |   04:25   |   (0) comments


At AT&T's R&D center in Tel Aviv, Israel, project leader Eyal Segev talks about the operator's Flow platform and how it helps to prototype IoT applications.
LRTV Documentaries
Agent of Change: A Q&A With AT&T's John Donovan

5|18|17   |     |   (0) comments


Carol Wilson talks with the man leading AT&T's transformation efforts about the challenge of change.
LRTV Documentaries
BCE Service Provider Panel: The New Business Realities

5|18|17   |     |   (0) comments


For virtualization to happen, the telecom industry first has to grapple with key functional aspects of SDN and NFV that need to be universal, such as onboarding of virtualized network functions and federation of software-defined networks.
LRTV Interviews
BCE Service Provider Keynote: CenturyLink

5|16|17   |   22:32   |   (0) comments


Aamir Hussain leads the Product Development and Technology organization at CenturyLink, which includes the company's information technology function. He is an experienced senior technology executive with more than 25 years of proven success in the implementation of global technology operations, operationalization of complex technology, infrastructures and business ...
LRTV Interviews
CenturyLink CTO on Transformation

5|16|17   |   7:43   |   (0) comments


The 80-year-old telco has already gone through several transformations, including every time it made an acquisition, but its purchase of Level 3 coupled with changes in technology and customer expectations necessitates its biggest transformation yet.
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Cities Clamor for More Clout at FCC
Mari Silbey, Senior Editor, Cable/Video, 5/23/2017
What's Blocking 4K TV Today
Alan Breznick, Cable/Video Practice Leader, Light Reading, 5/22/2017
Sonus & Genband Finally Combine to Form $745M Company
Dan Jones, Mobile Editor, 5/23/2017
Apple Looking to Cook 5G Test Devices
Dan Jones, Mobile Editor, 5/24/2017
Fright Wigs & Cocktails: BCE 2017 in Pics
Mitch Wagner, Editor, Enterprise Cloud, 5/19/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
Animals with Phones
What Brogrammers Look Like to the Rest of Us Click Here
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.