Encryption Security May Not Be Secure Anymore

All current banking transactions, digital signatures, network communications, credit and debit card transactions, not to mention personal communications have been compromised.

Encryption security may not be secure anymore, if a breakthrough being touted as 'possibly the biggest event in computer science and financial services for 50 years' is proved correct.

Encryption security may not be secure anymore, if a breakthrough being touted as ‘possibly the biggest event in computer science and financial services for 50 years’ is proved correct.

The breakthrough by students at the University of Toronto allows huge integer numbers to be factored quicker than previously thought possible, meaning encrypted files can be broken into in as little as ‘100 hours compute time’.

All current banking transactions, digital signatures, network communications, credit and debit card transactions, not to mention personal communications on platforms such as WhatsApp, use encryption.

We have always been told that encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.

How did they do it?

The University of Toronto academic press release:

AES-256 Encryption Possibly Now Broken After New Method To Speedily Factor Integers Greater Than 128 Bits Found

Mathematics Dept./Computer Science Dept.

Factoring of large integers using estimation of weak intermediate key points along a quadratic curve has been discovered by Dept. of Computer Science PhD candidates xxxxxx x. xxxxxxxx xxxxxx and Dept. of Mathematics MSc candidate xx xx xxxxx and his visiting professor advisor xxxxxx xxxxxxxxx (PhD, Princeton University).

Quadratic Curves embodied within numeric sentences such as Fibonacci Sequences, Non-Evenly Divisible Values including PI, Catalan Numbers, Mersenne Primes, were examined by IBM-sourced data mining software originally developed as part of the Deep Blue project which became the core for IBM’s Jeopardy-winning Watson SuperComputer.

The University of Toronto students were awarded thousands of hours of CPU time on an IBM Watson-based supercomputing system as part of a Youth in Computer Sciences Initiative sponsored by the Government of Ontario and Government of Canada.

After completion of the data mining experiment, the students found that intermediate keys created specifically within the AES-256 encryption algorithm had cryptographically weak output that followed a Quadratic curve when initial keys contained identifiable Fibonacci sequences, non-evenly divisible values including PI, Catalan numbers and Mersenne primes which allowed the students to estimate possible integer factors allowing them to recover the initial encryption key within as little as 100 hours compute time.

The students and their advisor will be presenting an abstract of their final paper at the August 1 to August 4 2016 Conference on Applications of Computer Algebra at the Kassel University, Kassel, Germany.

As part of the presentation, source code will be distributed for peer review and an announcement on further papers and conference appearances will be forthcoming after the conference in Germany.

Hushed up

Any organisation with a computer powerful enough to factor huge interger numbers quickly will be able to gain the key to unlock any file, and it won’t only be governments, corporations and large institutions who can afford supercomputers.  The students at the University of Toronto were using an IBM Watson supercomputer that has an IBM Power Server System of 80 teraflops.  Anyone with the right know how can purchase the same CPU horsepower for around $25,000 these days.

Which sounds like a lot, but not when you consider that you could use it to wire yourself $2 billion in a SWIFT money transaction or stock trade account by impersonating CitiGroup or Goldman Sachs.

Trillions of dollars is at risk if this information is let out.  Does the university realize how dangerous this discovery could be?  Perhaps they do, because the press release has been removed and they are not responding when asked if they still plan to release the source code and take the abstract of their final paper to the conference in Kassel, Germany.

According to industry experts, the discovery also raises the question of whether the ‘flaw’ was actually an inbuilt component of encryption technology, introduced on purpose by its creators or encryption standards modifiers.

If this is the case, governments may have had the skeleton key to unlock every encrypted file in the world all along.

From financial transactions to personal communications, it is possible nothing has been truly secure and private.

Baxter Dmitry

Baxter Dmitry

Baxter Dmitry is a writer at Your News Wire. He covers politics, business and entertainment. Speaking truth to power since he learned to talk, Baxter has travelled in over 80 countries and won arguments in every single one. Live without fear.
Email: baxter@yournewswire.com
Follow: @baxter_dmitry
Baxter Dmitry
  • commonlaw

    Hard copies and snail mail!!

  • Poopy Pants

    AES encryption isn’t used for most internet traffic. This is mostly a non-issue.

    • Zuzana Rehakova

      pgp gnupg do use it in email
      swift is using it in transactions. what do we know.

  • Alex

    This article is really really bad from a content point of view…
    This is obviously bullshit and anybody with a bit of expertise in the field would have told you so

    • Paul Ronco

      Please be more specific.

  • Zuzana Rehakova

    peter shore’s algorithm and quantum comp. can do it even faster, within seconds. so what.

  • SemiMike

    Reads like a conspiracy story so far. But other comments seem to imply that is already easy to break the AES256 encryption, so why not use 1024? And for IoT use, what’s the “rest of the story.” Stuxnet virus infected Iranian control systems, so is IoT doomed or will IBE approaches eventually be faster-better-cheaper-stronger?

  • Helder Figueira

    This isn’t news!!!.. A solution to factor primes has been known for some time now. 1024 bit products can be factored in 47 days with a simple laptop (that’s searching the entire space!!!). What’s funny, is the level of denial in the encryption industry. Assumed mathematical complexity will NEVER be a solid foundation for security. Fortunately, a new equivocation-based cryptographic system has already been invented. And if you don’t know what equivocation is, stick to stuff you know about, because you don’t know s**t about cryptography.

    • Apoorva

      How is it possible

    • Paul Ronco

      Way to be a smartass.

  • Peter R

    Salient comment on a web discussion:

    ‘Obviously fake article. Besides the obvious bullshit (what has factoring integers got to do with AES? or Fibonacci sequences to do with anything related to cryptography?) and the fact that it’s only being published on tinfoil-hat conspiracy sites, the article specifically cites a press release from the University of Toronto as its source, which is trivially easy to verify. The University of Toronto has issued no such press release. And if the press release is a fabrication, so is the whole story, since there’s literally nothing else backing it.

    It’s embarrassing that people actually fall for these hoaxes.’

    The maths labels jumbled together is a giveaway.