(ElPais) The National Institute of Standards and Technology (NIST) wanted to put seven encryption formulas to the test in order to determine their vulnerability to the new processing systems. IQT-News shares recent news about the NIST effort and a well-publicized hacking.
Ward Beullens, from the IBM research center in Zurich, Switzerland, managed to crack an encrypted code in just 53 hours and with a simple laptop.
The challenge involved taking seven encryption models to the test bench. The plan was to create an impenetrable technique to develop invulnerable transmission formulas. NIST received 69 proposals, of which in the end there were only four encryption formulas and three secure signatures for the identification and execution of financial transactions.
One of the last of these three models was Rainbow, a signature system that has a secret key that is only known by the user and that can be verified by the recipient. Ward Beullens cracked the access system in a little less than a weekend and using only a laptop. This was the second time that Beullens has managed to do this. “I believe my previous attack was also fairly severe, and it was already clear that Rainbow would not be standardized.”
The researcher, who is the author of a study that was presented at the International Association for Cryptographic Research, explains: “Both attacks reduce the security level of Rainbow’s proposal below the requirements set by NIST. It would be possible to move to larger parameters to protect against the attacks at the cost of larger key sizes and signature sizes.”
Ray Perner and Daniel Smith-Tone, two math researchers involved in the standardization process of NIST, agree with the analysis. According to both of the scientists, before the current selection process “none of the parameters of Rainbow achieve their claimed security level,” but they admit that small changes are possible so that they can be reached.
However, Dustin Moody, also from NIST, believes that the “assault on Rainbow has been proven, and the method is now unlikely to be chosen as the final signature algorithm.”
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.