Home > Event > News
Stream Ciphers Cower Before Adi Shamir's CUBE ATTACK
Swee Won Lo  Mail to Swee Won Lo Date : 2008-10-09 AM 09:54, Hit : 4110  
Adi Shamir brought a big new wrecking ball to bear on stream ciphers at Crypto 2008, the 28th International Cryptology Conference, one that will send architects of the algorithms back to their keyboards.

Cryptographers view stream ciphers as the vanguard of encryption for embedded systems, so Shamir's new class of attack was a "wake up call" for the field, said David Wagner, the conference's program chair and associate professor of computer science at the University of California, Berkeley.

Stream ciphers are applied in devices like cell phones, radio frequency identification (RFID) chips, car key fobs, and other low-end appliances that are not computers per se, but incorporate software.

Shamir and coauthor Itai Dinur presented their "cube attack" in a talk at the conference. While a more-detailed paper is still forthcoming, Shamir and Dinur's work was the talk of the conference. And with good reason: Shamir is cryptographic royalty, having invented the RSA algorithm with Ron Rivest and Leonard Aldeman almost 30 years ago.

Researchers at the conference were stunned with the cube attack's simplicity and efficacy.

"There were lots of people like me who slapped their foreheads and said, 'Why didn't I think of that!'"

Stream ciphers employ symmetric key cryptography, an approach that uses one key for encryption and another closely-related key for decryption. The keys are usually so closely related that they are identical, meaning a compromised key can decrypt encrypted information.

"People knew that for some of these stream ciphers, they could express the output as a formula of the key," Wagner said. A given key's formula, though, is complex. As long as the formula was too long to write down - which many are - experts felt the algorithms were secure.

"What Adi discovered is, well, that isn't necessarily so," he said.

Shamir and Dinur noticed patterns in the output of certain keys if the output could be expressed as a polynomial. In its original form, the polynomial is unmanageably long. But their attack helps boil the string of variables down to a smaller, more comprehensible size. The shorter formula then leaks bits of the cryptographic key, Wagner said, enabling an attacker to break the encryption and access the data.

The above excerpt is taken from arstechnica.com and is modified to suit the context in this webpage. For the complete article, please head to arstechnica.com.
Today 0 , Total 18 , 1/2 Page.
18 Call for Papers WISA 2010 4782 2010-02-18
17 Call for Papers ICISC 2010 4286 2010-02-18
16 Mobile Security's Stature Increases As RIM Acquires Certicom 3680 2009-03-03
15 Cryptography, Steganography and Watermarking 14455 2009-01-21
Stream Ciphers Cower Before Adi Shamir's CUBE ATTACK 4110 2008-10-09
13 [DPA] How Power Usage Can Tumble Security 3532 2008-10-07
12 [ECC] About Elliptic Curve Cryptography 4943 2008-09-05
11 2008 Ewha-KMS International Workshop on Cryptography 6898 2008-06-09
10 2008 International Conference on Information Culture 2754 2008-06-09
9 Call for Papers in WISA 2008 2964 2008-06-09
 1  2