& cplSiteName &

What if Encryption Just Stopped Working?

Mitch Wagner
8/7/2015
50%
50%

The next segment of our science fiction serial is up:

Silence Like Diamonds – Episode 5: Circular Trail

Need to catch up? Read from the beginning: Silence Like Diamonds – Episode 1: Family Business

When you're up-to-date, come back here and we'll talk about encryption and how it's turned upside down in the world of "Silence Like Diamonds."

Over on his own blog, the author, John Barnes, calls out a key passage from Friday's episode: Silence Like Diamonds – Episode 3: Principle One

    Ever since the Yan-Dimri fast factorization algorithm had flipped the advantage from the encryptors to the cryptanalysts, only isolated systems could be really secure (at the cost of being really useless).

That sentence is cryptic (so to speak), but Barnes explains on his blog what he means -- and it's exactly what I thought he meant. (See Predictions Are Hard, Especially About the Future)

For the entire history of the public Internet -- call it 20 years or so -- we've enjoyed an asymmetry in encryption. It is far, far easier to encrypt a signal than it is to break the encryption.

How much easier? So easy that any $150 Chromebook or $100 smartphone can encrypt information so robustly that the most powerful and expensive supercomputer in the world can't break it.

That's very peculiar. We're not used to cheap computers being able to out-do expensive computers.

But we don't really think about it. We take it for granted, as if it's natural law.

In his blog, Barnes explains that this situation is only about 40 years old, dating back to the 1970s. Previous to that, encryption and codebreakers were in an arms race, with codebreakers breaking encryption nearly as fast as the codes were created.

Now here's where things get really interesting: Nobody has ever proven that it's impossible to quickly break a code created with the strong encryption we rely on.

And nobody's proven that it's possible, either.

We just don't know.

We know that it hasn't been done in the 40 or so years these codes have been around.

Well, probably not.

All of global commerce depends on these encryption algorithms, and the trust that they're practically impossible to break.

In the near future of "Silence Like Diamonds," someone has figured out a way to break the best encryption algorithms. Two someones, named Yan and Dimri.

What would that world be like?

So far at least, the Yan-Dimri breakthrough hasn't figured much into the main story of "Silence Like Diamonds."

My first thought when I read the story, and John's follow-up post, was, "Wow! The world would be completely different! We'd have no privacy, and no secrets!"

And yet isn't that the situation we live in now? We live in the world after Edward Snowden, and countless other data breaches. For millions of us, our privacy is already broken. If attackers could break encryption, they'd just have new tools. It wouldn't be a fundamental change for privacy.

The breakthrough John imagines would mean big changes for business, because encryption is how we enable e-commerce. How could anyone do credit card transactions or funds transfers if they knew that criminals were likely eavesdropping over the the wire, and collecting credit card numbers and bank information?


Find out more about the New IP on Light Reading's The New IP Channel


You wouldn't be able to trust the Internet for financial transactions anymore. You wouldn't be able to trust any means of electronic communications. You'd have to go back to transmitting funds and other private transactions by hand, using couriers, like in the 19th century and earlier. Instead of carrying documents, these couriers would carry portable disk drives and USB sticks, but otherwise the procedure would be the same.

Meanwhile, network managers would have to find new ways to innovate and do business on their networks. But that part isn't science fiction -- it's happening right now, part of the New IP revolution.

Read Light Reading every day to find out more about the New IP, and come back Tuesday for the next installment of "Silence Like Diamonds."

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to wagner@lightreading.com.

(18)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/27/2015 | 9:20:14 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Authentication doesn't require encryption.


Maybe I missed the point here. If someone can successfully pretend to be you, they can do transactions in your name with your money.


If they have access to  your traffic, then they can see the tokens etc that you send. Is that enough for them to imitate you, given the skills to appear to send from your ISP etc?


But if your messages are encrypted and they can't read them, then access to the messages doesn't help them pretend to be you.

If you have access to a code that no one  else can break, the very fact that you know the code is pretty good evidence that it's you. Or at least that it came from your own software, that they had access to more than just your packets.

The big point is that our current encryption systems were set up to allow anybody to do encrypted stuff with anybody else on the net. You don't have to exchange secret keys over a public system, or find an alternative medium to send them. It just works, for everybody. If we lose that, we'll have to fall back on secret communication only between entities that have actually exchanged secret keys some other way.

Unless I misunderstand.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/27/2015 | 8:40:31 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
There are two separate problems here: Authentication and payment. 

Authentication doesn't require encryption. You might use a token, something like the way Google and other sites now handle two-factor authentication.

Payment can be managed by the bank and amazon -- as it is now. The new system might require exchange of one-time pads. They can figure it out. 
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/27/2015 | 7:24:41 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Your bank has an incentive to work out an arrangement with you. They might for example hand you a read-only data packet of some sort when you visit your bank. It can serve as a one-time pad. The intermediate entity makes money from banks and such, who each trade one-time pads with it. This is easier for them than each of them sharing one-time pads with each other.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/26/2015 | 6:28:13 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
J Thomas - How does an entity like Amazon make money on immediate purchases, though? 

For exmple, last night I was lying in bed at 11 pm and decided I needed a new computer bag (to go with my new MacBook Air, which replaced my MBP), and some other little travel and consumer electronics doodads. Total purchase came to about $65. I hit the check out key immediately, and the entire transaction was done in about 15 minutes. How would that work in an era where encryption could no longer be trusted?

Bear in mind that if I wait a day I might remember that I already have a room of the house devoted to computer bags and electronic gadgets I'm not using, and don't need anymore.

Hmmm... answering my own question here: I think the answer is credit. Amazon extends credit to me as a customer, and I only have to pay my bill monthly. That bill-payment can be done over a period of however long time it takes to transmit and receive a one-time pad. 

Whew! We've saved Amazon! Jeff Bezos will be relieved! :)
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/25/2015 | 3:22:55 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
"Similarly, how could Amazon sell sweatsocks?"

You can have a known mailing address. It might take, say, a week for you to change it if you move.

Amazon sends your sweatsocks to your address. If someone ordered them for you with your money, then you return the sweatsocks and they return your money. The somebody who pretended to be you did not get the sweatsocks. Amazon can do this if it doesn't happen so often that they lose more than they can afford on mailing.

Harder version: Somebody says he sold you sweatsocks and takes your money. The sweatsocks never arrive, you didn't order them anyway, and your money is gone. The account was closed out and the mony sent through some complicated laundering operation. What can anyone do about it?

One possibility -- You send the money to a professional escrow organization that verifies to the seller they have it. They send you the product, you then validate payment. You don't get your  money back. If you don't send the money on then you claim what happened, the other guy claims what happened, and anybody who wants to do business with either of you gets to review the record if they want to. Now the big trust issue isn't between you and everybody, it's mostly between you and your trusted escrow agency.

Better -- you have a trustworthy link with your bank. Your bank has a trustworthy link with your vendor's bank.

Instead of needing a trusted communication link with every entity in the system, you only need a path of trusted links, between pairs of entities that can presumably afford one-time pads or couriers to physically transfer private keys.

 
brooks7
50%
50%
brooks7,
User Rank: Light Sabre
8/14/2015 | 11:56:11 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
"Yes, it is breakable -- but it takes billions or trillions of years to do it through compute. So instead attackers use man-in-the-middle attacks, social engineering, or exploiting software bugs. Those things can be be protected against."

I think you have the timescale wrong.  Just ask the NSA.  Try more like a year not billions of years.  The problem is that most people don't have the compute resources of the NSA.  That is just one reason why hackers try to take over machines (to assign them work).

And it is impossible to defend against Social Engineering attacks.  Imagine that I give Light Reading's IT head $1B to let me break in.  Think he would let me?  It is all a question of resources - not of technology.

So let me ask a question.  You ever gotten a Flash Drive at a trade show?  Ever plug it in?  How do you know that it does not have a Root Kit that the person that gave it to you did not know was there?

seven

 
John Barnes
50%
50%
John Barnes,
User Rank: Blogger
8/14/2015 | 3:27:41 AM
A little historical perspective on this over at my blog...
... as in what do a message wrapped in cigars, the Dreyfuss affair, and the history of shinplasters have to do with fast factorization?


Mosey on over to my blog announcing Episode 7 for things in a bit more detail.  Sure hope there are a lot of cigar and shinplaster aficionados out there ....
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/11/2015 | 10:31:28 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
brooks7 - "Here is the thing...again it is completely breakable right now.  There is no new tech required to break things.  But it takes say a year.  So, you can change your password before it becomes decrypted."

Yes, it is breakable -- but it takes billions or trillions of years to do it through compute. So instead attackers use man-in-the-middle attacks, social engineering, or exploiting software bugs. Those things can be be protected against.

Decryption can't be protected against, so instead you rely on couriered messages, or one-time pads as described in the next installment of "Silence Like Diamonds." 
brooks7
50%
50%
brooks7,
User Rank: Light Sabre
8/10/2015 | 12:59:23 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Mitch,

Here is the thing...again it is completely breakable right now.  There is no new tech required to break things.  But it takes say a year.  So, you can change your password before it becomes decrypted.

Multi-factor Auth is much better than changing the sign on procedures.  You just need an out of band comms mechanism.

seven

 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/10/2015 | 10:52:13 AM
Re: Biometrics
brooks7 - You are technically correct. Today's encryption is indeed breakable, just not in a "reasonable time frame."

But that unreasonable time frame is longer than the known life of the universe
Page 1 / 2   >   >>
More Blogs from Wagner’s Ring
The Aftershokz Bluez 2S lets you listen to spoken word audio or music while still hearing outside sounds, making it less likely you'll get smooshed by a car while walking a badly behaved dog.
I love my Martian Notifier. But it was not a love that was meant to last.
The best Twitter jokes about Apple's big spring news.
The company reorganization disclosed this week – including the departure of longtime service provider chief Kelly Ahuja – signals a fundamental realignment of Cisco and the industry around cloud computing.
From The Founder
Cisco's Conrad Clemson, recently promoted to head up the company's Service Provider Apps & Platforms developments, talks to Light Reading's Founder and CEO Steve Saunders about how he's bringing cloud video, mobile and virtualization together to empower network operators.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Huawei Video Resource Center
Turkcell Challenges Turkey's Current TV Market

3|29|17   |     |   (0) comments


Baris Zavaroglu, TV and rntertainment business director of Turkcell, explains Turkcell's strategy in elevating the small and uncertain TV market in Turkey.
LRTV Huawei Video Resource Center
Altibox’s Infrastructure Synergy Strategy Reduces Deployment Costs

3|29|17   |     |   (0) comments


Thomas Skjelbred, CEO of Altibox, on how to improve efficiency and reduce deployment coast through infrastructure synergy in Norway.
LRTV Huawei Video Resource Center
Ismail Butun on the Changing Role of Turkcell

3|29|17   |     |   (0) comments


Ismail Butun, chief marketing officer of Turkcell, explains the importance of video and mobile services for the future of the company.
LRTV Huawei Video Resource Center
IDC's Emir Halilovic on Trends of Cloudification

3|29|17   |     |   (0) comments


Emir Halilovic of IDC CEMA discusses the future and direction of cloudification. Also, the all-cloud approach taken by Huawei and others in the industry.
LRTV Custom TV
How Intel Is Powering the 5G Era

3|29|17   |     |   (0) comments


Light Reading tours a series of 5G "super demos" so see how Intel envisions the 5G-connected future. We take a look at a prototype connected BMW, a light pole with environmental sensors that provides 5G wireless to a smart home and a fully untethered virtual reality experience.
LRTV Custom TV
Source Photonics CEO Doug Wright Talks About the Future of Source Photonics

3|29|17   |     |   (0) comments


Source Photonics' CEO, Doug Wright, talks to Light Reading about how the company is continuously investing in its operations to meet not only its customers' current technology demands but also to deliver their next-generation technology needs.
LRTV Custom TV
Live Demo: DevOps in Service Chains & 5G Network Slices PoC

3|29|17   |     |   (0) comments


Executives from PoC collaborating companies – Patrick Waldemar, VP and Head of Technology at Telenor Research, John Healy, VP of the Datacenter Network Solutions Group at Intel, Vincent Spinelli, SVP of Global Sales and Marketing at RIFT.io, Mats Eriksson, CEO and co-founder of Arctos Labs, and Mats Nordlund, CEO and co-founder of Netrounds – review ...
LRTV Documentaries
The Year of Fat & Skinny Bundles

3|29|17   |   21:06   |   (0) comments


In this fireside chat, Roku's Andrew Ferrone predicts that 2017 will be the year of multichannel OTT video bundles and spells out other trends in the OTT and pay-TV markets.
LRTV Huawei Video Resource Center
BBWF 2016: Orange Poland's Next-Gen Central Office

3|28|17   |     |   (0) comments


Introduction to Orange Poland's legacy next-generation central office solution.
LRTV Custom TV
Viavi at OFC 2017

3|28|17   |   4:15   |   (0) comments


Light Reading's Editor-in-Chief Craig Matsumoto reports from the Viavi booth at OFC and gets an update on the 400G testing market from Tom Fawcett, VP and GM of LAB & Production. At this year's event, Viavi won three awards from Lightwave magazine and showcased an interoperability demo with Ethernet Alliance and Finisar.
LRTV Custom TV
Connecting the Entire Home With DOCSIS 3.1

3|28|17   |   3:58:   |   (0) comments


Hitron Technologies had the first cable modem certified for DOCSIS 3.1 and already has over 120,000 units in the field. Greg Fisher, CTO of Hitron, provides an update on his company's rollout of new gateways and why he thinks DOCSIS 3.1 will continue to drive value for operators into 2017 and beyond.
LRTV Interviews
Amazon Prime's Hand of God Creator on Producing for OTT

3|28|17   |     |   (1) comment


Ben Watkins is the creator, writer and producer of Hand of God, a series on Amazon Prime. At Light Reading's Cable Next-Gen conference in Denver, he explained the advantages of producing for an OTT platform versus traditional TV.
Upcoming Live Events
May 15-17, 2017, Austin Convention Center, Austin, TX
May 15, 2017, Austin Convention Center - Austin, TX
June 6, 2017, The Joule Hotel, Dallas, TX
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
FTTH No Slam Dunk for Cable
Carol Wilson, Editor-at-large, 3/23/2017
Unlocking China's $194B Telecom Market
Robert Clark, 3/27/2017
Ericsson Tightens Focus, Warns of $1.7B Q1 Hit
Iain Morris, News Editor, 3/28/2017
Welcome to the Wild West of Privacy
Carol Wilson, Editor-at-large, 3/24/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
TEOCO Founder and CEO Atul Jain talks to Light Reading Founder and CEO Steve Saunders about the challenges around cost control and service monetization in the mobile and IoT sectors.
At MWC 2017, Qualcomm's CTO Matt Grob talks to Light Reading's CEO and Founder Steve Saunders about the progress being made in the development of the technologies and standards that will underpin 5G.
Animals with Phones
Working From Home Doesn't Work for Everyone Click Here
You shouldn't nap on your keyboard, for instance.
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.