IBM 5 in 5: Lattice Cryptography will outwit hackers
The scale and sophistication of cyber-attacks escalates every year. But within the next five years, a new security method called lattice cryptography will help create an intractable barrier for black hats. The key is hiding data inside complex math problems called lattices, designed to protect data from the threat of crypto-breaking quantum computers. Current encryption protocols are being outpaced by advances in computing technology, but with lattice cryptography, we’re working to get ahead of the problem. Hackers gonna hack—but we’re coming prepared.
A brief history of GnuPG: vital to online security but free and underfunded
Most people have never heard of the software that makes up the machinery of the internet. Outside developer circles, its authors receive little reward for their efforts, in terms of either money or public recognition.
One example is the encryption software GNU Privacy Guard (also known as GnuPG and GPG), and its authors are regularly forced to fundraise to continue the project.
GnuPG is part of the GNU collection of free and open source software, but its story is an interesting one, and it begins with software engineer Phil Zimmermann.
i wonder what it’s like, psychologically, to be a humanities academic. i feel like…in STEM, theres a clear understanding that even if youre not working on something with practical applications, pure STEM definitely leads to practical applications *sometimes*, often enough that society as a whole maybe net-benefits, on a material level, from funding it. but if youre studying literature or history or whatever, its just…fun? like thats the point of it. its fun. which isnt bad ofc. fun things are good! but i guess i would feel like i was…idk, getting away with something, something illicit
When was the last time pure math led to society-benefitting practical applications though? I feel the whole field is coasting on its achievements from the 19th century and earlier…
hmm, yeah i mean thats a fair point, im not sure how much of that is like, an actual move towards less practical pure math and how much is that like. new modern engineering is based on really abstruse physics and maybe therefore based on obscure math? idk. lcd’s or something
the whole “pure math has no practical applications” discourse was ruined by RSA and later variations on public-key cryptography, now pure math is economically and technologically crucial. ghastly
We demonstrate the correctness of the deciphering algorithm using an identity due to Euler and Fermat
which was proved in 1640…
Like, maybe there’s somecontribution from 20th century math in e.g. factoring algorithms, but I definitely don’t get the feeling this connects significantly with the very fancy topics studied in modern math.
Far be it from me to taint pure math by associating it with practical applications
Actually, no, close be it to me. That first line is totally how I thought in undergrad and it’s stupid and it fucked me up. I’d be happier now if I hadn’t fallen to the cult of purity that happens in a lot of math undergrads.
But anyway, sure, you can build RSA specifically with older tools. But modern cryptography as it’s actually practiced depends on a lot of more modern stuff.
The best general attack on RSA is Pollard’s general number field sieve, which dates to between 1988 and 1990. It supplanted the quadratic sieve, which is from about 1981.
Because the general number field sieve is so good, we mostly don’t actually use RSA any more. Instead, we use elliptic curve cryptography. Elliptic curves have been a thing more or less since the mid-1800s, but the group law was first formlized in 1901, and a ton more development of the ideas was necessary before we could have built the encryption scheme.
In particular, elliptic curve cryptography depends on studying elliptic curves over finite fields, not over the rationals as they originally were. Understanding the security requires the Hasse bound which is from 1936. The whole setup is fundamentally a mid-20th-century approach.
But we’re currently in the process of trying to replace elliptic curve cryptography with more modern methods. This is driven by the threat of quantum computers employing Shor’s algorithm (1994) for factoring large numbers on a quantum computer.
To build post-quantum cryptography, we’re largely using lattice-based methods. This involves the study of lattices and rings, which are all fundamentally modern mathematics. The Learning with Errors scheme comes from 2005; it’s been updated to Ring Learning with Errors. Gentry introduced a homomorphic encryption scheme in 2009, which also fundamentally depends on modern mathematical ideas. (The word “homomorphism” itself only dates to 1892!)
如果兩個人(下稱 A 跟 B)要秘密通訊,其中發送訊息的人(A)會把訊息(下稱「明文」),經過一些複雜的手續(加密),變成一堆外人看不懂的東西(密文),然後再傳送給對方(B)。B 收到密文後,會透過另一套複雜的手續(解密),把密文再轉換成明文,解讀 A 的訊息。
問題就在於,A 跟 B 玩的加密、解密手續,過程中會需要一些關鍵訊息(密碼學的人會叫它「金鑰」,另見註一)。傳統的加解密方法(例如凱撒法或表格法)基本上都會有個問題:A 和 B 手上都要有同一個金鑰、要知道同樣的數學方法,才能正確加、解密。所以問題會變成:如何安全地把金鑰送到對方手上?想想看,在戰爭的過程中,我方的金鑰被敵方截走,所有的秘密通訊就會被看光光。這在密碼學發明千年以來一直都是一場惡夢,直到有人在二十世紀七零年代發展了所謂「非對稱加密法」(註二),這個問題才終於獲得(暫時的)解決(註三)。
然後還是要提醒:如果你的電腦不乾淨,不管你使用再好的加密程式也是白搭。千萬不要在自己不信任的電腦上登入 email 或留下任何的個人資訊。至於如何安全地保護自己的電腦,可以參考Security in a Box(簡體中文)這篇文章(雖然說我覺得它有些建議有點太嚴格,在台灣不太需要啦),然後也要學會如何使用 email 或社群網站的兩階段驗證服務(據我所知 Google,facebook和蘋果都有)。
Back in middle school, my friends and I used a very simple coded language for writing secret messages. I saw some posts about needing to hide one’s beliefs from partners/bosses/parents so I wanted to share it with you! These would also be great to incorporate into sigils since they are simple lines and dots.
Cryptography has been used for thousands of years to help to provide confidential communications between mutually trusted parties. In its most basic form, two people, offend noted as Alice and Bob, have agreed on a particular secret key. At some later time, Alice may wish to send a secret message to Bob (or Bob might want to send a message to Alice).The key is used to transform the original message (which is usually termed the plain text) into a scrambled form that sun intelligible to anyone who does not possess the key. This process is called encryption and the scrambled message is called the cipher text. When Bob receives the cipher text, he can use the key to transform the cipher text back into the original plain text; this is thedecryptionprocess.Acryptosystemconstitutesacompletespecificationofthe keys and how they are used to encrypt and decry pt information.
They didn’t teach me how to encrypt my heart in Cryptography lessons. I wish I could. And wait for someone to decrypt it. Maybe it’s somewhat encrypted already, and the decryption time hasn’t come yet. Someone will come with the “key”, perhaps the “private key” I once used and forgot.