Technology Review - Published By MIT
Advertisement
[1] 2 Next »

Tuesday, November 18, 2008

An Algorithm with No Secrets

Cryptographers will compete to define a new standard.

By Erica Naone
smaller text tool iconmedium text tool iconlarger text tool icon
Credit: Technology Review

Cryptographers from around the world have laid their best work on the line in a contest to find a new algorithm that will become a critical part of future communications across the Internet. The winning code will become a building block of a wide variety of Internet protocols, including those used to safeguard communications between banks and their customers. The National Institute of Standards and Technology (NIST) organized the competition and plans to release a short list of the best entries by the end of this month, beginning a four-year process of painstaking analysis to find the overall winner.

All this effort is necessary because the current standard--the Secure Hash Algorithm 2 (SHA-2)--is starting to show its age. In 2005, Xiaoyun Wang, a professor at the Center for Advanced Study at Tsinghua University, in China, found weaknesses in several related hashing algorithms. Since then, she and her peers in the field have chipped away at other hashing schemes, making officials worry that SHA-2 will also eventually succumb.

A hash algorithm turns an ordinary message into a "digital fingerprint," which can then be used to keep the original message secret during transit or to guarantee that it hasn't been tampered with en route. But a hash function is only considered secure if there is no practical way to run it backward and find the original message from the fingerprint. Equally important, there should be no trivial way to produce two messages with exactly the same fingerprint. The weaknesses discovered by Wang and others relate to this problem--something cryptographers call "a collision." The latter issue is complicated by the fact that it is impossible to completely avoid collisions. So the best algorithm is one that simply makes collisions extremely hard to produce. "You shouldn't be able to find them," says William Burr, manager of the Security Technology Group for NIST. "The computation should be too great."

But competition entrants face another major challenge. While encryption algorithms rely on keeping a "key" secret from attackers, cryptographic hash functions can have no such secrets. This gives an attacker plenty of avenues for cracking a hash algorithm, says Burr.

"Hash functions are the most widely used and the most poorly understood cryptographic primitives," adds Bruce Schneier, chief security technology officer at BT Counterpane and one of the competition entrants. "It's possible that everything gets broken here, simply because we don't really understand how hash functions work."
[1] 2 Next »

Tags

algorithms hacker security

Comments

  • FUD
    zig158 on 11/18/2008 at 7:24 AM
    Posts:
    64
    Avg Rating:
    4/5
    Just because they found a collision does not mean the hash is any ware near broken. Sha-1 for example has 2^(64 - 1) possible values. One page of text has many times more possible values, so if you hashing your letter to grandma and signing it with an sha-1 hash, any collision found will likely be:
    a. be longer or shorter than the original message
    b. will be complete gibberish and will be obvious it is a fake

    This is why message length must be taken into account when signing and hashing messages. My point is that you may want to use sha-512 for your super double top secret memo, but for everything else sha-1 or sha-256 is fine.
    Rate this comment: 12345
    • Re: FUD
      rkomatsu on 11/18/2008 at 8:22 AM
      Posts:
      9
      Avg Rating:
      3/5
      The attack uses controlled modifications of the original message. If you attack a MS Word document, there's plenty of room in the hidden control information (or an embedded image scaled down to almost zero size when rendered) to play with and get a collision.
      Rate this comment: 12345
    • Re: FUD
      Erica Naone on 11/18/2008 at 8:33 AM      		 Technology Review TR Staff
      Assistant Editor
      Posts:
      29
      Avg Rating:
      4/5
      It's not about FUD, it's about prudence. As I note in the article, Burr told me SHA-1 is "more damaged than destroyed." And what cryptographers mean when they say "broken" is very different from what the average person means. At the same time, considering that it will take about 4 years to find a new algorithm, plus more time to get it deployed so that it can be used, NIST is wise to start looking for new solutions now. No one is saying that the sky is falling. What people are doing is trying to ensure that security solutions stay ahead of attacks.
      Rate this comment: 12345
  • Compromising?
    dfaktor on 11/22/2008 at 9:56 AM
    Posts:
    1
    We are forcing a compromise by using a single hashing algorithm for both encryption and to verify the integrity of the data.  This compromise comes about because the perfect algorithm for verifying data integrity causes problems for the perfect encryption solution and vice versa.  The perfect algorithm to prevent collisions would be one that acted on each byte of data rather than a group of bytes and didn’t condense the output.  This is not feasible for encryption purposes because you would only have to guess the first byte of clear text to reverse the computation and solve for the key.  The perfect algorithm then for encryption would be one that acted on the entire clear text.  This would make it extremely hard to just guess the clear text.  However, this has a problem with collisions as you would have a lot of leeway in manipulating the data contained within.  So what I wonder is, why are we compromising?  Why not use an algorithm optimized for encryption in conjunction with an algorithm optimized for data integrity each using a different set of keys?
    Rate this comment: 12345
Add New Thread

Related Articles
Advertisement

Current Issue

Technology Review January/February 2009
Lifeline for Renewable Power
Without a radically expanded and smarter electrical grid, wind and solar will remain niche power sources.
•  Subscribe
Save 41%
•  Table of Contents
•  MIT News

Magazine Services

•  Gift Subscription
•  Digital Subscription
•  Reprints, Back Issues, Customer Service

Career Resources

Visit the Job Board and Resource Center to move your career to the next level.

MIT Technology Insider

Stories and breaking news from inside MIT about the latest research, innovations, and startups--in a convenient monthly e-newsletter. Subscribe today
Advertisement

Follow us on Twitter

Twitter

Get Technology Review updates via the web, cellphone, or Instant Messager – Follow techreview on Twitter!
Advertisement

More Technology News from Forbes

Wire Stories

Advertisement
Advertisement
TECHNOLOGY RESOURCES
Advertisement
MIT Massachusetts Institute of Technology