9 hours ago

Researchers at the Laboratoire Lorrain de Recherches en Informatique et ses Applications (CNRS/Universit de Lorraine/Inria) and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC) have solved one aspect of the discrete logarithm problem. This is considered to be one of the 'holy grails' of algorithmic number theory, on which the security of many cryptographic systems used today is based. They have devised a new algorithm that calls into question the security of one variant of this problem, which has been closely studied since 1976.

This result, published on the site of the International Association of Cryptologic Research and on the HAL open access archive, was presented at the international conference Eurocrypt 2014 held in Copenhagen on 11-15 May 2014 and published in Advances in cryptology. It discredits several cryptographic systems that until now were assumed to provide sufficient security safeguards. Although this work is still theoretical, it is likely to have repercussions especially on the cryptographic applications of smart cards, RFID chips, etc.

To protect confidentiality of information, cryptography seeks to use mathematical problems that are difficult to solve, even for the most powerful machines and the most sophisticated algorithms.

The security of a variant of the discrete logarithm, reputed to be very complex, has been called into question by four researchers from CNRS and the Laboratoire d'Informatique de Paris 6 (CNRS/UPMC), namely Pierrick Gaudry, Rzvan Brbulescu, Emmanuel Thom and Antoine Joux. The algorithm they devised stands out from the best algorithms known to date for this problem. Not only is it significantly easier to explain, but its complexity is also considerably improved. This means that it is able to solve increasingly large discrete logarithm problems, while its computing time increases at a far slower rate than with previous algorithms. The computation of discrete logarithms associated with problems that are deliberately made difficult for cryptographic applications is thus made considerably easier.

Since solving this variant of the discrete logarithm is now within the capacity of current computers, relying on its difficulty for cryptographic applications is therefore no longer an option. This work is still at a theoretical stage and the algorithm still needs to be refined before it is possible to provide a practical demonstration of the weakness of this variant of the discrete logarithm. Nonetheless, these results reveal a flaw in cryptographic security and open the way to additional research. For instance, the algorithm could be adapted in order to test the robustness of other cryptographic applications.

Explore further: NIST removes cryptography algorithm from random number generator recommendations

More information: "A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic," Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thom, Advances in Cryptology EUROCRYPT 2014, Lecture Notes in Computer Science, Volume 8441, 2014, pp 1-16. dx.doi.org/10.1007/978-3-642-55220-5_1

Following a public comment period and review, the National Institute of Standards and Technology (NIST) has removed a cryptographic algorithm from its draft guidance on random number generators. Before implementing the change, ...

(Phys.org)Protecting sensitive electronic information in different situations requires different types of cryptographic algorithms, but ultimately they all depend on keys, the cryptographic equivalent ...

Go here to read the rest:
New algorithm shakes up cryptography

Terrorists loyal to al Qaeda and its offshoots are using new encryption software, most likely in response to revelations that the National Security Agency is able to bypass standard cryptographic protections as part of an expansive surveillance program, according to a recently released report from intelligence firm Recorded Future.

Supercomputers, trickery, court orders, and persuasion defeat widely used crypto.

The influx of new programs for al Qaeda members came amid revelations that the NSA was able to decode vast amounts of encrypted data traveling over the Internet. Among other things, according to documents Snowden provided, government-sponsored spies exploited backdoors or crippling weaknesses that had been surreptitiously and intentionally built in to widely used standards.

Cryptography and security expert Bruce Schneier said the release of new crypto tools wasn't likely to adversely affect US intelligence agents monitoring al Qaeda.

"I think the reverse is true. I think this will help US intelligence efforts," he wrote in a blog post published Wednesday. "Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight. Last fall, Matt Blaze said to me that he thought that the Snowden documents will usher in a new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising. My guess is that this an example of that."

Read the original here:
Al-Qaeda’s new homebrew crypto apps may make US intel-gathering easier

May 13, 2014 // Nick Flaherty

Microsemi is seeing the Heartbleed SSL vulnerability as an opportunity for its cryptography key management plugin and drop-in replacement for OpenSSL.

Page 1 of 2

The Heartbleed vulnerability in OpenSSL is one of the most devastating hosted server-side vulnerabilities of all time, said Michael Mehlberg, vice president of security products management at Microsemi. Though a patch was quickly released, there is no guarantee server keys will not be compromised through similar vulnerabilities discovered in the future. Microsemis WhiteboxSSL product is more than a patch; it is a fundamental solution to the security problems related to generating, storing, and transferring crypto keys through networked systems. With WhiteboxSSL, server keys are substantially better protected against memory attacks.

WhiteboxSSL provides security for server keys in memory and at rest. Designed for IT administrators who are responsible for maintaining the IT security infrastructure, the white box cryptography key protection techniques enable them to protect the keys generated and managed by servers running the popular OpenSSL software.

WhiteboxSSL replaces vulnerable key libraries found in OpenSSL, and is packaged as a complete OpenSSL implementation or plugin, and is also packaged with MicroSemis FPGA technology for embedded designs. It uses typical OpenSSL cryptography algorithms such as AES, ECC, SHA, and RSA; each is uniquely obfuscated to an individual server. That is, every user of WhiteboxSSL has a uniquely constructed key algorithm preventing an attacker from creating a break-once-run-everywhere attack.

According to Netcraft, OpenSSL is used on 66% of the active websites on the Internet today, and approximately 17% of those sites were exposed to the Heartbleed bug. A typical server running OpenSSL will generate thousands of keys in its lifetime. These keys are critical to securing the data stored and transferred through that system. Compromising these keys can lead to major breaches in privacy, exposure to sensitive user data, and even loss of company IP. Microsemis WhiteboxSSL enhances and complements its field-tested WhiteboxCRYPTO providing the capability to protect OpenSSL-generated keys with complex crypto-algorithm obfuscations and key transformations rendering attempts to capture network keys impractical given the tools available to a network-based attacker.

Authentication & Encryption,Embedded tools

See the article here:
Protecting against Heartbleed attacks

Public Key Cryptography SUB ITA
Public Key Cryptography: Diffie-Hellman Key Exchange ITALIANO Generazione di una chiave condivisa tra due calcolatori senza che un terzo la scopra tramite l #39;...

By: Travian Condor

More here:
Public Key Cryptography SUB ITA - Video

May 11, 2014

Bitcoin is a form of cryptography-based e-money that can be stored either virtually or on a user's hard drive, and offers a largely anonymous payment system. Reuters pic, May 11, 2014. Some 200 virtual currency enthusiasts excitedly traded name cards and participated in panel discussions yesterday at China's first-ever Global Bitcoin Summit but several expressed shock that the event was given the green light in the first place.

Bitcoin is a form of cryptography-based e-money that can be stored either virtually or on a user's hard drive, and offers a largely anonymous payment system.

Speculators drove China's Bitcoin prices into the financial stratosphere last year, peaking at 7,588.88 yuan (now US$1,224 or RM4,000) in November, prompting the ruling Communist Party to take a series of steps that have triggered a tumble in the virtual currency and cast doubt on its future.

"I'm a little bit worried," Eric Gu, the co-founder of the Shanghai-based Bit Angels Club, told AFP on the sidelines of the gathering at Beijing's National Convention Centre.

"This morning, when I woke up, I was concerned, 'Will I be able to get into this summit at all?'"

This week, China's five largest Bitcoin exchanges abruptly declared they were pulling out of the Global Bitcoin Summit. The announcement followed an order from China's central bank to the country's top banks to crack down on activity related to the virtual currency.

At least 11 banks have ceased providing services related to Bitcoin, according to separate announcements, including China's "Big Four" -- ICBC, Bank of China, China Construction Bank and Agricultural Bank of China.

Despite government attempts to rein in the virtual currency and an order from Chinese authorities prohibiting domestic media from covering the event, the first day of the two-day summit was allowed to take place as planned yesterday.

Several attendees told AFP that they were cautiously optimistic about the future of Bitcoin, with some even voicing support for the Chinese government's stepped-up regulation of the currency, which is not backed by any government or central bank.

Excerpt from:
bitcoin-tokyo-reuters-022514.jpg.JPG

BEIJING: Some 200 virtual currency enthusiasts excitedly traded namecards and participated in panel discussions Saturday at China's first-ever Global Bitcoin Summit -- but several expressed shock that the event was given the green light in the first place.

Bitcoin is a form of cryptography-based e-money that can be stored either virtually or on a user's hard drive, and offers a largely anonymous payment system.

Speculators drove China's Bitcoin prices into the financial stratosphere last year, peaking at 7,588.88 yuan (now $1,224) in November, prompting the ruling Communist Party to take a series of steps that have triggered a tumble in the the virtual currency and cast doubt on its future.

"I'm a little bit worried," Eric Gu, the co-founder of the Shanghai-based Bit Angels Club, told AFP on the sidelines of the gathering at Beijing's National Convention Centre.

"This morning, when I woke up, I was concerned, 'Will I be able to get into this summit at all?'"

This week, China's five largest Bitcoin exchanges abruptly declared they were pulling out of the Global Bitcoin Summit. The announcement followed an order from China's central bank to the country's top banks to crack down on activity related to the virtual currency.

At least 11 banks have ceased providing services related to Bitcoin, according to separate announcements, including China's "Big Four" -- ICBC, Bank of China, China Construction Bank and Agricultural Bank of China.

Despite government attempts to rein in the virtual currency and an order from Chinese authorities prohibiting domestic media from covering the event, the first day of the two-day summit was allowed to take place as planned on Saturday.

Several attendees told AFP that they were cautiously optimistic about the future of Bitcoin, with some even voicing support for the Chinese government's stepped-up regulation of the currency, which is not backed by any government or central bank.

"I think the government was pretty good to the Bitcoiners in China -- at the beginning," said Gu, whose company invests in Bitcoin startups. "It was kind of too good."

Excerpt from:
Cautious optimism at China bitcoin summit despite uncertain future

59859023 story Posted by Soulskill on Friday May 09, 2014 @03:10PM from the more-than-one-way-to-skin-schrodinger's-cat dept. KentuckyFC writes: "Random numbers are the lifeblood of many cryptographic systems and demand for them will only increase in the coming years as techniques such as quantum cryptography become mainstream. But generating genuinely random numbers is a tricky business, not least because it cannot be done with a deterministic process such as a computer program. Now physicists have worked out how to use a smartphone camera to generate random numbers using quantum uncertainties. The approach is based on the fact that the emission of a photon is a quantum process that is always random. So in a given unit of time, a light emitter will produce a number of photons that varies by a random amount. Counting the number of photons gives a straightforward way of generating random numbers. The team points out that the pixels in smartphone cameras are now so sensitive that they can pick up this kind of quantum variation. And since a camera has many pixels working in parallel, a single image can generate large quantities of random digits. The team demonstrates the technique in a proof-of principle experiment using the 8-megapixel camera on a Nokia N9 smartphone while taking images of a green LED. The result is a quantum random number generator capable of producing digits at the rate of 1 megabit per second. That's more than enough for most applications and raises the prospect of credit card transactions and encrypted voice calls from an ordinary smartphone that are secured by the laws of quantum physics." You may like to read: Post

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...

Here is the original post:
Physicists Turn 8MP Smartphone Camera Into a Quantum Random Number Generator

IMA Public Lectures : Secrecy, privacy, and deception: the mathematics of cryptography; Jill Pipher
Secrecy, privacy, and deception: the mathematics of cryptography 7:00P.M., Wednesday, March 9, 2011, 2011, Willey Hall 175 Jill Pipher (Mathematics Departmen...

By: IMA UMN

Originally posted here:
IMA Public Lectures : Secrecy, privacy, and deception: the mathematics of cryptography; Jill Pipher - Video

Sometimes encrypting messages isnt enough, and the very act of sending them must be hidden as well. Now physicists have discovered how to camouflage messages and guarantee that they remain hidden.

The world of cryptography has undergone a quiet revolution in recent years. Thats largely because of the advent of techniques that exploit the laws of quantum mechanics to send messages with perfect privacy. So-called quantum cryptography ensures that an eavesdropper cannot decode a message under guarantee by the laws of physics.

But sometimes perfect privacy isnt enough. Sometimes the knowledge that a message has been sent is all that an adversary needs. So the question arises of how to hide a message so that an eavesdropper cannot tell whether it has been sent or not.

Read this article:
World's First Covert Communications System with Camouflage Guaranteed

SHANGHAI: Chinas biggest bank ICBC has banned activities related to trading in Bitcoin, joining at least 10 other Chinese banks participating in a government crackdown on virtual currencies.

Bitcoin, invented in the wake of the global financial crisis by a mysterious computer guru, is a form of cryptography-based e-money that can be stored either virtually or on a users hard drive, and offers a largely anonymous payment system.

Speculators drove Chinas Bitcoin prices into the financial stratosphere last year, peaking at 7,588.88 yuan (now US$1,224) in November, before they crashed following moves by exchanges, financial institutions and the government to rein in the virtual currency.

From this date, any institution or individual must not use accounts set up with our bank for the deposit and withdrawal and transfer of funds for Bitcoin and Litecoin trading, the Industrial and Commercial Bank of China (ICBC) said in a statement.

Litecoin is another virtual currency

The move aimed to protect the property rights and interests of the public, prevent money laundering risks as well as to safeguard the status of the renminbi as the legal currency, ICBC said, referring to Chinas yuan currency.

China tightly controls the yuan and enforces capital controls, which e-currencies threaten by their very nature.

ICBC threatened to suspend and close bank accounts if clients failed to comply with the new rules.

In its annual financial stability report released late last month, Chinas central bank labelled Bitcoin a tool for speculation and warned against risks the e-money could pose to capital flows as well as its possible use in illegal activities including drug dealing and money laundering.

Last month, the central Peoples Bank of China instructed banks and third-party payment providers to completely cut off the capital chain for Bitcoin trading, the Southern Metropolis Daily newspaper reported.

See the original post here:
China’s largest bank bars Bitcoin trading