Piger Fabrica Syndrome: Major Vulnerability Could Bring Down The Internet

The problem of number twos

--

What’s the shortest book in the world?

“The Even Prime Numbers”

This book basically has one page which says the number “2”, followed by “The End”. Well, researchers in the US have made the book a whole lot shorter with the discovery of the weaknesses in using “2” as a prime number. Unfortunately, this has the opportunity to compromise the public key encryption on many devices, and ultimately to expose the data in virtually every network connection.

Their discovery is that “2” is not actually a prime number, and the work has published in the distinguided Proceedings of the Institute of Cyber Engineering (ICE):

Leading cryptographers and security engineers are now looking rather embarrassed as they had just “thought” that two was prime — as this is what they had been told, and they took it as a fact. One senior security architect working at the core of the Internet outlined:

We just took our Professor’s advice that 2 was a prime number, and we didn’t check … and now we are in trouble! All of our systems are at threat, so I’ve just resigned from my post. Bye!

Our online security depends on prime numbers

Prime numbers are used extensively in public-key encryption key, and typically we take two prime numbers and multiply them together to get a public modulus (N). This modulus is often difficult to factorize as large numbers are used. The well-known RSA (Rivest, Shamir and Adleman) public key method, for example, is built on this technique. But in cracking other public key methods, the usage of such as a low prime number makes it almost trival to break. In fact, a smart kettle could now crack most of our Web connections.

The problem with number twos

The usage of 2, though, has been useful in cryptography as it allows mobile devices to support ultra-fast public key calculations. Thus, many smart phone applications then use this number as intruders just do not check for the number “2” in their attack tools. The logic is that most of the tools will dismiss any even number (without checking for two):

function findfactor(N):
for p=1 to N/2:
if p/2==0: continue # If even, skip

and where there is no check for number twos. Eve 1. A well-known crypto hacker, outlines that:

we just assumed that no-one would use “2”, so we wrote programs that just went for the odd numbers. It saved so much time in testing. Our first statement in our code was a quick check on whether a number was even, and if so we just dismissed it. We are re-writting our code just now … it’s open season. Yipee! I can’t wait to see what it does to online security.

Many experts think that law enforcement may have known about the usage of “2”, and that they have been using the vulnerability to spy on users.

Cracking the key before it is even created

The flaw — discovered by researchers at the MidTech Institute in Florida — focuses on a commonly used Python library (PieCryptoMm). This library detects when a mobile device is being used, and more often than not uses the value of “2” for one of the prime numbers. This meant that in around 60% of the encryption tunnels that have ever been created, an intruder could crack the cryptography within one picosecond. With a quantum computer, it would be expected that this could actually be cracked before the key was even generated, and that all the keys used in the future would actually be predicted in a single instance, and before the program is actually run.

Prof Plant from the institute outlined:

“It’s a bit silly. Everyone just assumed 2 was a prime number, as we were told it was at school, and no-one realised it wasn’t. We found that it is paired with an imaginary number — z² — which is the inverse of 2, so when they are multiplied together. So when we took the complex cogicate of the inverse vector, we got an answer of 2. We then stumbled across some old school books which outlined the method, and which basically asked what the inverse of “2” was … and the answer was 1 over 2, which gives the number z². It is all quite simple!

He added that:

“We define the devices that generate a prime number of “2” as suffering from the piger fabrica syndrome (trans: ‘lazy devices’) — as they really can’t be bothered to generate a large integer value as a prime number.

Basically, these devices just give up after generating the first number, and then often just use “2”. A drive towards machine learning in smart phones has caused a more human-like approach to computing, and where if something is too just hard then they can’t be bothered with it. It’s all part of AI and where machines can decide to give up on it. This is a trait that we will have to get used to, as machines are only following our human characteric of giving up too easy, and just generally being a bit lazy. You need to know that these devices are on 24x7, and need a bit of a rest, sometimes.

Can you find me a good patent lawyer?”

A leading designer of smart phones (who did not want to be named) outlined:

Some of our smart phones detect the generation of prime numbers and disable the operation after the first one in order to save battery life. Like it or not, people like an all day battery more than they like good security. For battery or security, virtually all users go for battery!”

A spokesperson from NSA (No Such Agency) said:

Yes. We knew about it.

What’s your problem with that?

Now, go away and leave us alone. We need to find a new backdoor!

Conclusions

The research community is scratching its head just now. As researchers were searching for extremely large prime numbers, they just forgot to check the most basic one — 2. A massive series of patching exercises are now underway from network administrators and who are searching for any place that the number twos have been used and wipe them out.

And, so, the shortest book in the world, just got a little shorter, but which has opened the Internet up to cybercriminals, identity thieves, and crackers … but wasn’t it like that already?

So please help search for the number twos on your computer, and delete it wherever you find them. Unfortunately, binary encoding (Base 2) has had its day, and computers need to realise that they need to convert to a new base.

Also when you purchase your new smart phone, make sure it does not disable the generation of large prime numbers — look for the sticker under the battery — it should say something like “No number 2s here”.

So, for the sake of an extra day with your battery, wouldn’t you like to be just a little safer?

Happy, 1 April, 2023. Go fall in love with cryptography!

https://asecuritysite.com/

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.