1998-08-24 - Re: “Unbreakable Crypto” announcement??

Header Data

From: Steve Bryan <sbryan@vendorsystems.com>
To: Fade <fade@mail1.i1.net>
Message Hash: 0b5b40010b65c7244bb0114630afa7a1c1cd7b6f3f9f1a4351682b16d5f5e82f
Message ID: <v03102800b2076d9f43cb@[192.168.3.63]>
Reply To: <Pine.BSI.3.95.980824130502.222A-100000@mail1.i1.net>
UTC Datetime: 1998-08-24 19:34:57 UTC
Raw Date: Mon, 24 Aug 1998 12:34:57 -0700 (PDT)

Raw message

From: Steve Bryan <sbryan@vendorsystems.com>
Date: Mon, 24 Aug 1998 12:34:57 -0700 (PDT)
To: Fade <fade@mail1.i1.net>
Subject: Re: "Unbreakable Crypto" announcement??
In-Reply-To: <Pine.BSI.3.95.980824130502.222A-100000@mail1.i1.net>
Message-ID: <v03102800b2076d9f43cb@[192.168.3.63]>
MIME-Version: 1.0
Content-Type: text/plain


>Does anyone with access to the Financial Times know what the hell this
>snippet is talking about??
>
>-=fade=-
>
>ENCRYPTION BREAKTHROUGH ANNOUNCED TODAY
>August 24, 1998
>
>     According to the Financial Times a new "unbreakable" encryption
>technology, called the "Cramer-Shoup cryptosystem," will be annouced today
>by mathematicians from the International Federal Institute of Technology
>which supposedly will thwart even the most aggressive Internet hackers.
>They claim to have created the first "unbreakable protection" which would
>reportedly be a breakthrough that could ensure the security of electronic
>commerce. The Financial Times said, "The breakthrough comes amid growing
>anxiety about the vulnerability of Internet transactions since the
>discovery by researchers earlier this year of a new way to break through
>even the strongest encryption systems."

Who would have guessed that a journalist would so grievously misrepresent
the claims of a soberly presented scholarly report? The title of the
technical paper is: "A Practical Public Key Cryptosystem Provably Secure
against Adaptive Chosen Ciphertext Attack". The only new claim is security
against a chosen ciphertext attack, not "unbreakable". The specific
internet angle is that an attacker might have access to a "decryption
oracle" due to the nature of high volume anonymous transactions. If one
could slip through a few million adaptively chosen ciphertexts, current
systems could leak enough information to compromise themselves. The
reported results are for a new proposed system that is not vulnerable to
this sort of attack.

Steve Bryan
Vendorsystems International
email: sbryan@vendorsystems.com
icq: 5263678
pgp fingerprint: D758 183C 8B79 B28E 6D4C  2653 E476 82E6 DA7C 9AC5







Thread