An encryption algorithm apparently resistant to the most powerful cyber attacks has been brought down from a very simple computer. The US National Institute of Standards and Technology (NIST) has been unpleasantly surprised to find out how the highly complex SIKE (Supersingular Isogeny Key Encapsulation) algorithm, which passed all the security tests of the country’s Department of Commerce, has been hacked using a single core computer.
The experiment shows that taking down an encryption algorithm expressly created to withstand the worst cyberattacks is not as difficult as once thought. The PC that broke it in just an hour had a single-core processor, which means it’s much simpler and cheaper than a regular laptop.
The PC that broke it in just one hour had a single-core processor
The SIKE “post-quantum” algorithm, which was a candidate for the reference standard in cybersecurity encryption, does not guarantee great security against a hypothetical threat from quantum computers. The US government is taking this issue very seriously and has invested in creating new encryption standards that would resist future hardware attacks.
The National Institute of Standards and Technology (NIST) announced last month that the four encryption algorithms would provide the best protection after a year-long contest. In theory, these new encryption standards are so strong that they could easily crack today’s public-key ciphers, such as RSA, Diffie-Hellman, and elliptic-curve Diffie-Hellman.
The SIKE algorithm created by David Jao was shot down by a very simple computer
After announcing the four finalists, NIST announced four more that were being considered as possible candidates for standardization. One of those secondary finalists was the SIKE algorithm, created by David Jao.
Its creator spoke told Ars Technica that “the newly discovered weakness is a big blow to SIKE, the attack is really unexpected.” Jonathan Katz, a fellow at the Institute of Electrical and Electronics Engineers (IEEE), stated that “what the latest attack indicates is that we may still need to be cautious and conservative with the standardization process going forward.”