A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade

The original version of this story appeared in Quanta Magazine.
In our increasingly digital lives, security depends on cryptography.
Send a private message or pay a bill online, and you're relying on algorithms designed to keep your data secret.
Naturally, some people want to uncover those secrets-so researchers work to test the strength of these systems to make sure they won't crumble at the hands of a clever attacker.
One important tool in this work is the LLL algorithm, named after the researchers who published it in 1982-Arjen Lenstra, Hendrik Lenstra Jr. and László Lovász.
LLL, along with its many descendants, can break cryptographic schemes in some cases; studying how they behave helps researchers design systems that are less vulnerable to attack.
The algorithm's talents stretch beyond cryptography: It's also a useful tool in advanced mathematical arenas such as computational number theory.
Over the years, researchers have honed variants of LLL to make the approach more practical-but only up to a point.
Now, a pair of cryptographers have built a new LLL-style algorithm with a significant boost in efficiency.
The new technique, which won the Best Paper award at the 2023 International Cryptology Conference, widens the range of scenarios in which computer scientists and mathematicians can feasibly use LLL-like approaches.
The tool has been the focus of study for decades, he said.
LLL-type algorithms operate in the world of lattices: infinite collections of regularly spaced points.
As one way of visualizing this, imagine you're tiling a floor.
You could cover it in square tiles, and the corners of those tiles would make up one lattice.
You could choose a different tile shape-say, a long parallelogram-to create a different lattice.
Let's imagine a lattice with a basis consisting of two vectors: [3, 2] and [1, 4]. The lattice is just all the points you can reach by adding and subtracting copies of those vectors.
That pair of vectors isn't the lattice's only basis.
Every lattice with at least two dimensions has infinitely many possible bases.


This Cyber News was published on www.wired.com. Publication date: Sun, 11 Feb 2024 13:43:04 +0000


Cyber News related to A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade

DORA and your quantum-safe cryptography migration - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. New requirements for financial entities in the EU. DORA lays out a set of requirements across ICT risk management, incident ...
10 months ago Securityintelligence.com
Post-Quantum Cryptography Alliance Launches to Advance Post-Quantum Cryptography - PRESS RELEASE. SAN FRANCISCO, Feb. 6, 2024 /PRNewswire/ - The Linux Foundation is excited to announce the launch of the Post-Quantum Cryptography Alliance, an open and collaborative initiative to drive the advancement and adoption of post-quantum ...
10 months ago Darkreading.com
A Celebrated Cryptography-Breaking Algorithm Just Got an Upgrade - The original version of this story appeared in Quanta Magazine. In our increasingly digital lives, security depends on cryptography. Send a private message or pay a bill online, and you're relying on algorithms designed to keep your data secret. ...
10 months ago Wired.com
Tech Giants Form Post-Quantum Cryptography Alliance - The Linux Foundation today announced the launch of the Post-Quantum Cryptography Alliance, an initiative to advance and drive the adoption of post-quantum cryptography. Founded by AWS, Cisco, IBM, IntellectEU, Nvidia, QuSecure, SandboxAQ, and the ...
10 months ago Securityweek.com
Safeguard Your Network in a Post-Quantum World - There is an imminent threat to existing cryptography with the advent of quantum computers. A quantum computer works with qubits, which can exist in multiple states simultaneously, based on the quantum mechanical principle of superposition. Thus, a ...
10 months ago Feedpress.me
RSAC panel debates confidence in post-quantum cryptography - Lattice-based cryptography is a proposed answer to the post-quantum cryptography dilemma, but a recently published paper cast doubt on this theory. While it appears to be a false alarm, experts were left questioning their confidence in PQC efforts. ...
7 months ago Techtarget.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
5 months ago Helpnetsecurity.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
Serious Security: Outdated Crypto Causes Samba Logon Bug - Over the years the Samba project has not only introduced and fixed its own unique bugs, as any complex software project generally does, but has also inherited bugs and shortcomings in the underlying protocol, given that its goal has always been to ...
1 year ago Nakedsecurity.sophos.com
Got Now Suffers Security Breach After Acquisition of LastPass - Got Now, the parent company of password vault LastPass, recently suffered a massive security breach, resulting in malicious actors gaining access to LastPass user data. LastPass, a cross-platform password manager which is used as an authentication ...
1 year ago Thehackernews.com
Ex-Cybersecurity Adviser to Bush, Obama Weighs in On Current Admin - Melissa Hathaway hasn't shied away from advising corporate boards and government leaders on cybersecurity policy since leaving the White House a decade ago. Currently a member of the Centre for International Governance Innovation's board of ...
1 year ago Darkreading.com
The US National Institute of Standards and Technology Announces the Successful Encryption Algorithm for Securing Internet of Things Data - The National Institute of Standards and Technology (NIST) recently announced that ASCON was the winning bid for its Lightweight Cryptography Program. This program was designed to find the best algorithm to protect small Internet of Things (IoT) ...
1 year ago Bleepingcomputer.com
How Communications Companies Can Prepare for Q-Day - After a grueling eight years of testing, the National Institute of Standards and Technology (NIST) has finalized the first three algorithms that will form the backbone of the world's strategy to counter the potential threats of quantum ...
2 months ago Darkreading.com
What You Need to Know to Embrace the Imminent Quantum Shift for Your Cryptography Future - Cryptography has long been essential in ensuring the protection of data and communication networks. Remaining reliant on outdated cryptographic standards certainly adds to the dangers of compromise. As we usher in an era of cloud-scaling and quantum ...
9 months ago Cyberdefensemagazine.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
2 months ago Aws.amazon.com
Infosec pros sound off on usefulness of higher education The Register - Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. The ...
10 months ago Go.theregister.com
Infosec pros sound off on usefulness of higher education The Register - Half of infosec professionals polled by Kaspersky said any cybersecurity knowledge they picked up from their higher education is at best somewhat useful for doing their day jobs. On the other hand, half said the know-how was at least very useful. The ...
10 months ago Theregister.com
CVE-2017-2154 - Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST ...
7 years ago
Getting your organisation post-quantum ready - While quantum computing is still very much in its early stages, it's important that companies are already thinking about this evolving technology - and more importantly implementing and stress testing much needed solutions suitable for a post-quantum ...
1 year ago Cybersecurity-insiders.com
CVE-2022-23540 - In versions `<8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do ...
1 year ago
CVE-2022-23539 - Versions `<8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm ...
1 year ago
Apple alert: India opposition says government tried to hack phones - Some Indian opposition leaders have accused the government of trying to hack into their phones after receiving warning messages from Apple. Apple's alert said it believed the recipient was "Being targeted by state-sponsored attackers". He added that ...
1 year ago Bbc.com
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords - SandboxAQ has announced its membership in the FIDO Alliance, an open industry consortium focused on minimizing the world's dependence on passwords-a prevalent source of security and usability problems. By joining forces with prominent FIDO Alliance ...
5 months ago Itsecurityguru.org
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords - SandboxAQ has announced its membership in the FIDO Alliance, an open industry consortium focused on minimizing the world's dependence on passwords-a prevalent source of security and usability problems. By joining forces with prominent FIDO Alliance ...
5 months ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)