[Cryptography] New attacks on discrete logs?

Hanno Böck hanno at hboeck.de
Thu May 22 05:14:08 EDT 2014 

On Wed, 21 May 2014 21:00:38 -0400
Jerry Leichter <leichter at lrw.com> wrote:

> I can't figure out from these two articles exactly what's been
> attacked.  (It's not even clear to me if they are describing two
> *different* attacks.)  Anyone been following the details?
> 
> http://phys.org/news/2014-05-unassailable-encryption-algorithm-hours.html
> 
> http://phys.org/news/2014-05-algorithm-cryptography.html

Okay, to clear this up:
There's been an algorithm improvement on discrete logs in so-called
finite fields with small characteristics. However, it's not that "new",
it's from early 2013, it just has been presented at the eurocrypt
conference recently.

What does that mean for crypto? Almost nothing at all.

Crypto algorithms that are based on discrete logarithms usually either
use finite fields with large characteristics (usually prime fields) or
elliptic curves.

In theory one could build a cryptosystem in finite fields with small
characteristics. Such systems have been proposed in the past. However,
nobody uses them.

DSA, ElGamal, Diffie Hellmann, ECC-based crypto etc. are all still safe.

So there are two things to learn from this research:
a) If you invent a new cryptosystem, don't rely on discrete log
hardness in finite fields of small characteristics.
b) maybe (but very very unlikely) these results can be extended to
discrete logs in general. Then lots of crypto is screwed. But most
people who know this stuff don't think there's any chance this can be
extended to normal discrete logs.

Oh, and actually there is a third thing you can learn:
Press departments of research organizations tend to present research in
a misleading and exaggerated way. And some journalists tend to just
write that down without critically investigating the claims made.
(and to make that clear: I don't blame the researchers. This is
important stuff. I just blame PR and press people for making this sound
like something it just is not)

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140522/19d9f669/attachment.pgp>

More information about the cryptography mailing list