New algorithm shakes up cryptography

May 16, 2014

Researchers at the Laboratoire Lorrain de Recherches en Informatique et ses Applications (CNRS/Université de Lorraine/Inria) and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC) have solved one aspect of the discrete logarithm problem. This is considered to be one of the 'holy grails' of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm that calls into question the security of one variant of this problem, which has been closely studied since 1976.

This result, published on the site of the International Association of Cryptologic Research and on the HAL open access archive, was presented at the international conference Eurocrypt 2014 held in Copenhagen on 11-15 May 2014 and published in Advances in cryptology. It discredits several that until now were assumed to provide sufficient safeguards. Although this work is still theoretical, it is likely to have repercussions especially on the cryptographic applications of smart cards, RFID chips, etc.

To protect confidentiality of information, cryptography seeks to use mathematical problems that are difficult to solve, even for the most powerful machines and the most sophisticated algorithms.

The security of a variant of the discrete logarithm, reputed to be very complex, has been called into question by four researchers from CNRS and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC), namely Pierrick Gaudry, Răzvan Bărbulescu, Emmanuel Thomé and Antoine Joux. The algorithm they devised stands out from the best algorithms known to date for this problem. Not only is it significantly easier to explain, but its complexity is also considerably improved. This means that it is able to solve increasingly large discrete logarithm problems, while its computing time increases at a far slower rate than with previous algorithms. The computation of discrete logarithms associated with problems that are deliberately made difficult for cryptographic applications is thus made considerably easier.

Since solving this variant of the discrete logarithm is now within the capacity of current computers, relying on its difficulty for cryptographic applications is therefore no longer an option. This work is still at a theoretical stage and the algorithm still needs to be refined before it is possible to provide a practical demonstration of the weakness of this variant of the discrete logarithm. Nonetheless, these results reveal a flaw in and open the way to additional research. For instance, the algorithm could be adapted in order to test the robustness of other cryptographic applications.

Explore further: NIST removes cryptography algorithm from random number generator recommendations

More information: "A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic," Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thomé, Advances in Cryptology – EUROCRYPT 2014, Lecture Notes in Computer Science, Volume 8441, 2014, pp 1-16.

add to favorites email to friend print save as pdf

Related Stories

Fighting tomorrow's hackers

Feb 05, 2009

One of the themes of Dan Brown's The Da Vinci Code is the need to keep vital and sensitive information secure. Today, we take it for granted that most of our information is safe because it's encrypted. Every time we use a ...

The road to quantum computing

May 15, 2014

Anticipating the advent of the quantum computer, related mathematical methods already provide insight into conventional computer science.

Recommended for you

Saving lots of computing capacity with a new algorithm

Oct 29, 2014

The control of modern infrastructure such as intelligent power grids needs lots of computing capacity. Scientists of the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg have ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (2) May 16, 2014
I am confused by the last paragraph. How can an algorithm be theoretical? You either have a working algorithm or you don't. I can theorize an algorithm to perfectly simulate human intelligence. It doesn't mean i have the thing.
5 / 5 (1) May 16, 2014
@jalmy: I, on the other hand, is confused by your comment.

First, the described work was purely theoretical, and they had neither showed that a practical algorithm existed (as I understand it) nor constructed any.

Second, there is a world of difference between everyday theory of a possibly not rigorous and/or testable enough idea of whatever, which seems to be your idea of it, science theory of a rigorous, testable body of work (i.e. comprises a set of facts), and a mathematical theory of an area of mathematics based on a set of techniques.

The latter is very much akin to computer science, and they both have existence proofs of mathematical objects or algorithms, without having any idea whatsoever how to construct those. "An existence theorem may be called pure if the proof given of it doesn't also indicate a construction of whatever kind of object the existence of which is asserted. ... ubiquitous in contemporary mathematics." [ http://en.wikiped..._theorem ]
not rated yet May 18, 2014
@Torbjorn: ?!
QUOTE:"Researchers ... have solved one aspect of the discrete logarithm problem." unquote.
QUOTE:"They have devised a new algorithm..."unquote.
QUOTE:"The algorithm they devised..."unquote.
The crux of jalmy's confusion is probably:"This work is still at a theoretical stage and the algorithm still needs to be refined before it is possible to provide a practical demonstration..."
Jalmy's point, that either a real algorithm exists or it doesn't is valid. Calling a proof of existence (if that is what they did) an "algorithm" stretches the meaning of the term past the breaking point (imho, in the context presented here).
Let us know if you need any additional help with your English reading comprehension.
BTW, there is an old comic where two professors are staring at a blackboard filled with equations which has as its last line "and then a miracle happens...". If any of the steps in the "theoretical" algorithm are not yet established, it is like the joke.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.