Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

• A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour’s time.
• The algorithm in question is SIKE — short for Super singular Isogeny Key Encapsulation — which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization process initiated by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST).”Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively,” KU Leuven researchers Wouter Castryck and Thomas Decru said in a new paper.
• “A run on the SIKEp434 parameters, previously believed to meet NIST’s quantum security level 1, took about 62 minutes, again on a single core.
• “The code was executed on an Intel Xeon CPU E5–2630v2 at 2.60GHz, which was released in 2013 using the chip maker’s Ivy Bridge microarchitecture, the academics further noted.
• Microsoft, which is one of the key collaborators on the algorithm, said SIKE uses “arithmetic operations on elliptic curves defined over finite fields and compute maps, so-called isogenies, between such curves.
• “Quantum computers can easily solve the hard problems underlying RSA and ECC, which would affect approximately 100% of encrypted internet traffic if quantum computers were to be built.
• “While SIKE was positioned as one of the NIST-designated PQC contenders, the latest research effectively invalidates the algorithm.
• “The work by Castryck and Decru breaks SIKE,” Jao said. “
• Some of these, such as B-SIDH, are also based on SIDH, and are also broken by the new attack.
• “As for the next steps, Jao said while SIDH can be updated to remediate the new line of the key recovery attack, it’s expected to be put off until further examination.

To learn more about our Darkweb Monitoring, contact CyberNX

Disclaimer: Opinions/viewpoints expressed in this blog are entirely personal to the author. Ronnie Rodrigues (CyberNX Technologies Pvt Ltd) has nothing to do with these contents and they are not liable for anything whatsoever