November 2007

Consider termites for a moment. They chew on your house, eating away at it inside out and exposing their handiwork only when so much of what you value is lost. The thing is, they are easy to stop. Inexpensive countermeasures always work. But many homeowners are neglectful and the termites chomp away.

Well, as we speak, some tens of thousands (maybe more) of "cryptotermites" are chewing away at the mathematical intractability that protects your security protocols for e-payments and much else. Some of these "termites," the mathematicians at the National Security Agency, are paid with tax dollars. But others are paid with petrodollars or drug money and don't have such legitimate motives.

When security officials mind their protocols, they worry about password theft, PIN guessing, phishing, pharming, and other threats posed by street-corner hackers. The prospect that the RSA encryption system could lose its mathematical foundation is beyond their concern. It's just human nature, after all. What had concerned traffic officials in Minneapolis about the bridge that collapsed into the river was, of all things, lane marking.

RSA, AES, PGP, ECC--any ciphersystem you are likely to employ in your security protocol--is based on an unproven assumption that nobody is in possession of a mathematical shortcut that would render these ciphers useless. This assumption in turn is based on a somewhat arrogant proposition: We, the smart cryptographers of academia, were unable to find such a shortcut, so how could some hacker on the street outsmart us? Cryptographers don't particularly advertise this fundamental weakness of every ciphersystem they sell as secure, but they are worried sick about it.

As a matter of fact, for the last three decades they have been working feverishly, and without success, to prove that anything they produce is so hard to crack, even God wouldn't be able to do it easily. And while they are busy with this ambitious wild-goose chase, we are all vulnerable to the specter that tomorrow a young genius from, say, Budapest, could publish a mathematical shortcut for AES, rendering all dependent security protocols as void and useless.

What makes the lives of the cryptotermites easier is that the cryptographic community, mindful of this strategic threat, has come up with a certification process. In this process, hundreds, maybe thousands, of cryptographers are called on to chip away at the mathematical foundation of a ciphersystem. If they fail, that cipher is certified. The literature is replete with hundreds of cipher options, but only a handful attract a massive crypto attack. So only a handful get certified, and only the certified ciphers get implemented. That is how RSA and AES became cryptographic staples. Alas, these few certified ciphers pose as an unmoving target for the cryptotermites. A big trophy awaits their cracker. Some say it has already happened, but the successful agency is keeping their feat secret, waiting for the opportunity to pounce.

RSA is based on the expected difficulty of reversing the multiplication of two large numbers. The mathematics for doing so improve as we speak, and no sooner would it be possible to reverse the multiplication fast enough than RSA would be fit for the trash bin. But, as with the problem of real termites, the threat can be readily countered. In many applications, all that needs to be done is to add a step of re-encrypting the data with a variety cipher. A variety cipher has not been certified because it's not mainstream, but, for the same reason, it also has not been attacked by the cryptotermites.

At some point in the not-too-distant future, a strategic enemy of the Untied States could deploy a powerful asymmetric weapon that would stop all e-commerce and confidential communication. The weapon would become available by cracking RSA, DES, and AES. If a majority of crypto-users employed a variety cipher in step with the staple cipher, then such a strategic blow would be neutralized. Institutions that used an add-on variety cipher would be immunized against an overnight collapse of their staple cipher. Adding a variety cipher is inexpensive. It adds to security, without reducing it in any way. And a proper choice would not slow down data flow, a common concern with encryption techniques.

A few trusses affixed to the Minneapolis bridge would have prevented its collapse. A variety cipher would do the same cryptowise. To learn more, consult the International Association for Cryptographic Variety (www.iacv.org).