back to article Post-quantum crypto cracked in an hour with one core of an ancient Xeon

One of the four encryption algorithms America's National Institute of Standards and Technology (NIST) considered as likely to resist decryption by quantum computers has had holes kicked in it by researchers using a single core of a regular Intel Xeon CPU, released in 2013. The Supersingular Isogeny Key Encapsulation (SIKE) …

  1. druck Silver badge
    Stop

    Just say no...

    ...to the post quantum cryptography snake oil salesman. Don't replace proven algorithms that could be broken by some fantasy quantum computer which doesn't yet and will probably never exist, with what has now been demonstrated to be vastly inferior alternatives.

    1. Chris Miller

      Re: Just say no...

      As with all security issues, it all depends on what you're trying to protect and how valuable it is. I don't think anyone is suggesting that it would be a good idea for most people or organisations to replace their existing cryptography by one of these proposed standards (let alone a second tier standard, like this one) - and 99% of sys admins would have no idea how to go about doing so, even if they wanted to.

      I agree that a working large-scale QC, capable of breaking what are currently considered strong crypto systems, is probably at least a decade or two away. Few individuals or organisations need to worry that data they're encrypting today might be readily cracked in 20 years' time. But intelligence agencies (to take just one obvious example), very much do have such data, and I'd be very surprised if they weren't at least working towards deploying quantum-proof cryptography.

      This particular example is simply another case of "Schneier's Law": Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break.

    2. NeilPost Silver badge

      Re: Just say no...

      Unless they have infiltrated, be glad it’s subject to bounty test and not from some former ‘good guys’ like Crypto AG.

  2. heyrick Silver badge

    So these people have managed to break a shiny new extra special crypto using maths the likes of which the wiki pages read as undecipherable gibberish...

    ...and they only get a lousy fifty grand?

    Clearly NIST has approximately zero confidence in their creation. And, clearly, with good reason.

    Though, to be honest, this level of pwnage is just embarrassing. Destroyed in minutes not using some imaginary quantum computer, but a near decade old machine, and it probably didn't even exercise the cooling fan. Utter devastation.

    1. Little Mouse

      Expect much more of this for the forseeable future. This is a new discipline in its infancy, and the real lessons will only get learned the hard way.

    2. Spazturtle Silver badge

      "Clearly NIST has approximately zero confidence in their creation. "

      NIST didn't create it, they are the ones running the competition.

      In fact the article even says who created it:

      "Microsoft – whose research team played a role in the algorithm's development along with multiple universities, Amazon, Infosec Global and Texas Instruments"

      And these NIST competitions are known for being brutal, 69 algorithms were submitted to this competition. 7 made it to the first track final round which is for the ones that show the most promise and 4 were selected for approval.

      SIKE is in the alternative final round, it is yet to be seen if any from this round will get selected as they might all get broken.

      Remember AES and SHA are the winners of previous NIST competitions, this process has a proven track record.

    3. Blazde Silver badge

      and they only get a lousy fifty grand?

      They'll get some major props too - worth a lot in the small world of crypto research. Although the authors of these major crypto breaks don't have a strong history of becoming household names. Everyone here is familiar with Mitsuru Matsui, right? David Wagner.. anyone?

      Bounties for this work are a relatively new thing, and don't forget most of it is done by researchers on their dayjobs (in contrast to lots of freelance software vulnerability research). In this case: 'We acknowledge support by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (Grant agreement No. 101020788 – Adv-ERC-ISOCRYPT) and also by CyberSecurity Research Flanders with reference number VR20192203'.

      1. stiine Silver badge
        Facepalm

        all of that grant money

        And they bought a used pc off of EBay...

        But seriously, I wonder if they broke it on some monster machine and then ran the program one of their children's hand-me-down computers to see how it would fare.

        1. Blazde Silver badge

          Re: all of that grant money

          The same hardware crops up in a number of their papers, I think it's just what they have. Honestly mathematicians rarely need good hardware. Either they spend a few days making their algorithm a thousand times faster, or it's this kind of result common in cryptography: "We show the primitive can be broken in 10^40 billion years instead of the expected 10^50 billion years", which doesn't benefit from computational resources at all.

    4. EnviableOne

      to be fair KU Leuven have some chops when it comes to finding vulnerabilities.

      they are responsible for Plundervolt, Foreshadow and Krack

      they have also displayed vulnerabilities in wearable medical tech, keyless access systems and many others.

  3. Twanky

    Ancient?

    Stuff circa 2013 is ancient? New stone (silicon) age perhaps? I'm still using a 2010 Dell laptop most days. Admittedly, not for cryptographic research.

    ...the rest of you... keep banging the rocks together.

    1. katrinab Silver badge
      Meh

      Re: Ancient?

      I have a pair of i7-3770s sitting in my pile of recently retired computers. I don't know how the Ivy Bridge i7 compares with the Xeon version for single core performance, but either way, I could definitely use one of them to crack this in a few minutes.

      Now imagine how quick this would be on an Alder Lake, or even an A14.

      1. Twanky
        Thumb Up

        Re: Ancient?

        From time to time I've looked at what the pay-back time would be to replace my server - mostly in terms of power savings. Previously I've decided that I probably won't last long enough. With current energy prices and lower component costs (if we can get them), I'm now not so sure.

        Time for some more spreadsheet arithmetic on my prehistoric laptop.

        1. John Robson Silver badge

          Re: Ancient?

          So how many times do you need to run the arithmetic to cost more than the replacement ;)

      2. oiseau
        Facepalm

        Re: Ancient?

        Ancient? 8^D

        My ca. 2011 Sun Ultra24 workstation running on a Quad Core Q9550 and 8.0Gb RAM does just fine, thank you.

        Does Devuan Linux 5.10 and a headless Devuan Chimaera VM for PiHole/Unbound duties.

        Got it 2nd. hand/newish for a song in late 2015: upgraded CPU/RAM, threw in a SAS-II board and 4xHDD and was off to the races.

        It's been seven years with no issues (save the utter crap Sun BIOS) and I don't see myself changing rig anytime soon.

        But if for some reason I was forced to do it, it will probably be just the mainboard/CPU/RAM as the box is top notch even by today's standards.

        O.

        1. atle

          Re: Ancient?

          I'll see you 2011 Sun and raise you a 2009 IBM x3440 with 16Gb RAM and 5.4Tb disks running Ubuntu 20.04, then I'll switch it off again because it sounds like I'm sitting in the middle of the runway at Gardermoen airport.

          1. oiseau
            Facepalm

            Re: Ancient?

            > ... I'll see you 2011 Sun and raise you a 2009 IBM x3440 with 16Gb RAM and 5.4Tb ...

            Hmm ....

            Could be, but that is a different kind of muscle.

            If it comes to that, how about my ca. 2010 Asus 1000HE/Atom N280/2Gb RAM?

            Purchased almost new in 2010 also running Devuan Linux 5.01 (32bit).

            Works a wonder, serves as the hardware I use for my coffee roasting software and travelling companion.

            It is also silent ...

            I wonder how it would have done with the post-quantum crypto? 8^° !

            Not in 4 hours but maybe in 48 or 72?

            O.

        2. katrinab Silver badge

          Re: Ancient?

          I was running a pair of i7-3770s each with 32GB RAM, and recently replaced them with a Threadripper Pro 3945WX with 256GB RAM.

          Part of the reason for using desktop/workstation stuff rather than server stuff is that I am in the same room as it and want something quiet.

          1. J. Cook Silver badge

            Re: Ancient?

            That is also the same reason why my old salvaged Poweredge 2950 sits powered off- too loud, and it dumps too much heat into the room. (also, it pulls rather a lot of juice for the room's single circuit...)

            1. atle

              Re: Ancient?

              Living in Norway, we use electricity for heating anyway, and living next to the motorway, I didn't think the noise would be that much of a problem since I could drown it out with heavy metal.

              It worked okay for a while, but then the neighbors moved and some intolerant music hating misanthropes moved in. I was forced to buy a brand new HUANANZHI twin-CPU motherboard with 32GB Ram, a new RAID, new disks, a 900W power supply and a box to put it in. The new system generates twice as much heat as the Old Iron, but due to a small headphone jack on the front panel, at least I can live in peace with my fellow humans. I can compile the Linux kernel in 2 minutes, but the crypto challenge would take the same time on the new system as it did on Old Iron.

      3. Korev Silver badge

        Re: Ancient?

        > Now imagine how quick this would be on an Alder Lake, or even an A14.

        Single thread performance hasn't really increased that much in recent times on x86. The Arm chip could be more interesting to see though.

        1. Anonymous Coward
          Anonymous Coward

          Re: Ancient?

          No it hasn't. A brand new $$$$ CPU wouldn't make much of a difference.

          The article didn"t mention if a single thread was a mandated requirement to using the cracking algorithm, I assume it was as it usually is. If using multiple threads on a single/linear target ever becomes the normal, a whole bunch of shit is about to break. At the same time, I still want time travel to happen..

    2. Peter2 Silver badge

      Re: Ancient?

      I did think "hah, a Xeon E2650" for a moment.

      I then remembered that our company still has those running in a 2012R2 server, and the only likely change is switching the OS to server 2019 before it goes EOL in october 2023. The hardware is perfectly adequate for testing and BCM so there's no point in paying to dispose of it.

    3. PerlyKing
      Thumb Up

      Re: keep banging the rocks together.

      Thumbs up for the HHGTTG reference :-D

  4. Benegesserict Cumbersomberbatch Silver badge

    Counter to standard practice

    I thought the basic idea was

    1. Identify the broken algorithm

    2. Develop exploit

    3. Wait til it gets implemented and widely adopted

    4. Use it to exfiltrate lots of secrets

    5. Someone else who can't keep their trap shut publishes (1.)

    6. Repeat

    They seem to have skipped a few steps.

    1. Brewster's Angle Grinder Silver badge

      Re: Counter to standard practice

      But it's fifty grand now rather than having to wait.

      And planning a scot free getaway take a lot of effort that could be used to study algebraic geometry.

  5. Chewi
    Thumb Up

    Oh well

    At least they can afford a better computer now.

  6. Anonymous Coward
    Anonymous Coward

    Cheaters!

    The algorithm was supposed to resist decryption by *quantum* computers.

    Nobody said anything about an old Pentium.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cheaters!

      Or a short length of rubber hose.

      1. Twanky

        Re: Cheaters!

        I'm pretty sure it's supposed to be a $5 wrench.

        1. Anonymous Coward
          Anonymous Coward

          Re: Cheaters!

          Quality rubber hose is only £0.49 for an adequate length.

          It makes a difference if you're planning an attack at scale.

          1. Ken Hagan Gold badge
            Pint

            Re: Cheaters!

            The mental image of a large-scale rubber-hose attack tickles my fancy.

            1. Loyal Commenter Silver badge
              Gimp

              Re: Cheaters!

              Wrong icon -->

              1. Korev Silver badge
                Devil

                Re: Cheaters!

                Bring back the.... ....Moderatrix....

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Cheaters!

                  She's still lurking somewhere in the code. Try upvoting a post and kill the connection before the reply comes through. :)

            2. J. Cook Silver badge
              Coffee/keyboard

              Re: Cheaters!

              To quote George Takei: "OH MY!"

    2. Charlie Clark Silver badge

      Re: Cheaters!

      The new algorithms are supposed to be resistant to both conventional approaches. Turns out this one had side channels. Pity that wasn't flagged during the evaluation but that's why this is an open process and where there are multiple algorithms.

  7. Howard Sway Silver badge

    Supersingular Isogeny Key Encapsulation

    Dang! Our super complicated sounding name will no longer impress people!

    Onto Extralinear Metamorphic Hyperbarocentric Key Discombobulation it is then!

    1. Anonymous Coward
      Anonymous Coward

      Re: Supersingular Isogeny Key Encapsulation

      Cue Mary Poppins...

      'Supersingular Isogeny Key Encapsulation'

      They tried to create a standard

      But failed due to a strike at the station...

      (sorry, more William Topaz McGonagall than Poet Laureate)

    2. yetanotheraoc Silver badge

      Re: Supersingular Isogeny Key Encapsulation

      Supersingular - what a nice buzzword. It's not just singular, it's _super_ singular. It's more singular than the number one. With overtones of saving the planet.

      1. Kobus Botes
        Pint

        Re: Supersingular Isogeny Key Encapsulation

        @yetanotheraoc

        ... It's not just singular, it's _super_ singular.

        A non-sensical term that trips me up EVERY time I hear it, is "one of the only".

        Example: Company X is one of the only companies in the world that can produce XXX widgets".

        Another use I have encountered more that once is "(this person) is one of the only people who have ..."

        I keep vacillating between "Is it the only" or "Is it a member of a small collection?

        It's a gordian knot that drives me into despair and can turn me almost catatonic if I am not careful.

        I suppose what the utterrer(s) of this phrase means is "one of a select few", or maybe "one of the very few". who can do whatever difficult task is under discussion.

        Icon: imbibing copious amounts of this beverage causes a headache that only approximates a slight throbbing in comparison to the headaches I get when being confronted with this evil phrase.

        Perhaps the nuclear explosion icon would have been more appropriate, come to think of it.

        1. that one in the corner Silver badge

          Re: Supersingular Isogeny Key Encapsulation

          Preach, Brother.

          Like many of these current linguistic idiocies, it is used by people who want to shove extra words in, so they sound oh-so-clever (e.g. Management Speak) but only coming out sounding like idiots.

          Similarly, wanting to use long words when the short one will do: "soon" does the job, "momentarily" - what the heck does that actually mean?

          My current tooth-grinder is "second of all". One gets the distinct feeling that these people have heard the usage "First of all ...", have absolutely no idea what it means, have no ability to find out what it means, but have spotted another chance to bung in some extra words and make themselves sound clever to their fellow knuckle-draggers.

          (Cue all the people repeating "that is how language works, it changes" as though they have just found out that Middle English wasn't the same as Modern English, Woah Man, can you believe it!)

          PS

          Get OFF my lawn! Gah, now my Horlicks has gone cold.)

          1. Cliffwilliams44 Silver badge

            Re: Supersingular Isogeny Key Encapsulation

            Sort of like out Current US Vice President.

            The mind set is this: Use meaningless smart sounding words and phrases, repeat the same phrases with slightly different words, Don't say anything specific and absolutely don't make any commitments, throw in some emphasizing hand gestures, then finish with a flourish if absolute gibberish!

            This is supposed to make you feel, that when you absolutely failed to understand what the speaker said, that you will be too embarrassed to question the speaker for fear that others will see you as stupid for not understanding.

          2. Jamie Jones Silver badge

            Re: Supersingular Isogeny Key Encapsulation

            1) People would exaggerate claims.

            2) The word "literally" was used to differentiate between these wild claims and reality.

            3) People started to use "literally" to mean "even wilder" claims,.

            4) We now need a word for "literally, literally"

          3. Anonymous Coward
            Anonymous Coward

            Re: Supersingular Isogeny Key Encapsulation

            > "momentarily" - what the heck does that actually mean?

            It means "for a very short time", my dear chap.

        2. Kobus Botes
          Mushroom

          Re: Supersingular Isogeny Key Encapsulation

          Two downvoates?

          Are you users of the term?

          Just curious and would appreciate an answer - I have not met any users - only heard it on the radio or seen it on TV or in print.

          Some other people I would like to speak to are the ones who, whilst well below the speed limit (say, doing 100 km/h in a 120 zone), slam on their brakes when approaching a speed camera, crawl past it at another 20 km/h lower than their previous speed, and then speed up again once safely past the hazard.

          Do they expect leniency should they be caught with a traffic violation later on ("Officer, please forget about this one - I always slow down at speed cameras, so you owe me something")?

          Some other ones are the people who slow down about 200m before a green traffic light, in some instances down to 20 km/h, only to accellerate and charge through the red light which they would have avoided entirely had they just continued at normal speed.

          Why slow down if you do not intend to stop in any case?

    3. Sudosu Bronze badge

      Re: Supersingular Isogeny Key Encapsulation

      Supercalifragilisticexpialidocious?

  8. Pirate Dave Silver badge
    Pirate

    "Microsoft – whose research team played a role in the algorithm's development..."

    That's unexpected. I mean, sure, I expect Microsoft to have trouble developing complex, almost mind-meltingly difficult-to-comprehend software like printer drivers and remote-printing subsystems, but I would think they'd have an easy time with something simple like post-quantum cryptography algorithms. Color me disappointed.

    </sarcasm>

    1. Ken Hagan Gold badge

      Microsoft, IBM, Bell Labs, Xerox ...

      Sooner or later, if you throw enough money at an organisation, no matter how incompetent it is, something good will happen by mistake, somewhere where manglement aren't looking too hard.

    2. Korev Silver badge

      Some of the stuff coming out of Microsoft Research looks pretty fun

      1. stiine Silver badge

        ctional? perhaps your keyboard died.

  9. Anonymous Coward
    Anonymous Coward

    So, given that this garbage algorithm made it through a round, I can't say that I have any great confidence in "NIST certification." :(

    1. Spazturtle Silver badge

      It made it to the alternative final round which is for ones that they though were weak but didn't have proof of the weakness yet. The good ones went to the first track final round.

    2. MysteryGuy

      > So, given that this garbage algorithm made it through a round,..

      From the sounds of it, the weakness came about because a 'different' area of mathematics was unexpectedly discovered to be able to attack the area that the problems used by the algorithm are based on.

      I'm not a mathematician, but it sounds like the maths involved in both areas are quite advanced.

      So not really 'garbage' as much as an unexpected discovery rendering it unsuitable.

      1. Loyal Commenter Silver badge

        This could also be seen as "it uses an area of maths that isn't well described, and it turns out that someone came along and proved that the bit of maths it was using wasn't as strong as they thought it was"

  10. Mike 137 Silver badge

    "NIST's nifty new algorithm"

    It's not "NIST's" - they may have proposed it for testing but it was developed by a consortium of vendors and universities "Microsoft [...] along with multiple universities, Amazon, Infosec Global and Texas Instruments". So it's not really fair to brand NIST with this failure.

  11. Ropewash

    Sike

    https://www.cyberdefinitions.com/definitions/SIKE.html

    Coincidence? I think not.

    1. Blazde Silver badge
      Windows

      Re: Sike

      Watch us wreck the Mic. Watch us wreck the Mic. Watch us wreck the Mic

  12. Anonymous Coward
    Anonymous Coward

    Ernst Kani, not Ernest Kani

    The importance not being Ernest. (He was one of my tutors in Uni, a loooooooong time ago.)

  13. fidodogbreath

    YIKES

    (Yucky Isogeny Key Encapsulation Surprise)

  14. Gerhard den Hollander

    Fermat

    Elliptic curves.

    We'rent those the things Willey used to prove Fermats last theorem.

    Elliptic curves are full of hidden depths and unexpected shortcuts.

  15. Anonymous Coward
    Anonymous Coward

    I use my own encryption system

    Since π goes on forever and is irrational, I just send the position in π where what I want to transmit starts.

    NB: this also renders all copyright claims invalid since everything is in the digits of pi somewhere

    1. FrogsAndChips Silver badge
      Boffin

      Re: I use my own encryption system

      "everything is in the digits of pi somewhere"

      This hasn't been proven.

      1. Anonymous Coward
        Anonymous Coward

        Re: I use my own encryption system

        /me codes up something to looks for the ASCII-art goatse in pi

        It hasn't been disproven.

      2. that one in the corner Silver badge

        Re: I use my own encryption system

        >> "everything is in the digits of pi somewhere"

        > This hasn't been proven.

        Yet we do seem to find pretty much everything we could wish for in Pi *

        https://m.youtube.com/watch?v=dET2l8l3upU

        Matt Parker "I found Amongi in the digits of pi!"

        * Damn fine cherry, for preference

    2. Brewster's Angle Grinder Silver badge

      Re: I use my own encryption system

      "this also renders all copyright claims invalid since everything is in the digits of pi somewhere"

      Conjecture: the number of bits required to hold the index and length of arbitrary data in pi is greater than or equal to the number of bits it takes to store the data itself, for non-trivial values.

      "Trivial values" includes the digits of pi itself. You can store the first thousand digits of pi as (0,999) which is pretty small. But for most useful things, you quickly find its further into pi that it takes to represent the data.

      TL;DR the good stuff is closer to infinity, than the decimal point.

      1. Loyal Commenter Silver badge

        Re: I use my own encryption system

        You could prove this stochastically, by plotting all the 1-digit numbers against how many digits into pi they can be found, then all the two digit numbers, all the three digit numbers, and so on.

        As the number of digits gets larger, and thus the sample size for each round increases, you could take intervals and plot how many numbers are found in that interval, and you'd almost certainly see a poisson distribution.

        e.g. for ten-digit numbers, you'd see that a small number occur very early on, with the number in each interval (let's make the interval size 10,000 digits, you might get a better curve with larger intervals) increasing, then falling off. Some sequences won't be found until very far along.

        The interesting thing to see would be where the peak of that curve falls, compared to the mean value of what you are trying to "encode". I have a hunch that it's going to be a bigger number (e.g. a ratio of higher than 1), and with each round, where you add a digit, that ratio is likely to increase.

        If this is the case, then this is a demonstration (if not a formal proof) that as the length of what you are encoding increases, the position of that thing within the digits of pi tends to infinity.

        A real mathematician might be able to turn this into a formal proof. The last time I studied any maths was at A-level *mumble* years ago.

    3. Chris 239
      Joke

      Re: I use my own encryption system

      Not much good for encryption anymore since you just told everybody the key! :-)

      Still could work as a compression algorithm more than an encryption system?

      Of course the compression % might be a bit variable and the (de)compression/(en/de)cryption overhead might be a problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: I use my own encryption system

        No, that's not the key, that's the algorithm.

        The key would be (e.g..) the 10,232,343,454,233,673,431,435,652,343,173,555,343,255,222nd digit after the decimal point onwards.

  16. MachDiamond Silver badge

    Observations

    The "standards" put forward by Three-Letter-Agencies, or even those with four, may not be entirely for the public good. They would likely be more pleased with something that is just difficult enough that the average crypto-analyst (there's a concept for you to ponder) can be held off but still something that wouldn't take too long to smash using a big Cray or similar. The last thing they want is to get stymied when they want to spy on their own overseers.

    Quantum computing may be on it's way, but such new technologies take some time to go from university lab curiosity to commercially useful to affordable by entities less wealthy than large country governments. Until they are less expensive and far more ubiquitous, very good encryption can be good enough. Beyond encryption should also be a data flow that protects bad things from going on should the data be exposed. If a quantum computer is needed to break encrypted communications in a reasonable amount of time, the selection of what gets run through the machine will have to be limited. Having "quantum computing proof encryption" isn't a necessity. Perhaps governments behaving better and not needing to keep so many secrets is a better goal.

    1. Ken Hagan Gold badge

      Re: Observations

      Russia and China have mathematicians, too, you know. Even places like Iran, currently ruled by complete idiots, has a long and distinguished pedigree in STEM. NIST would be complete idiots to promote an algorithm that they knew, from day one, was crackable.

      1. Lordrobot

        Re: Observations

        Unless of course, they wanted to disseminate, intentional misinformation, then the MSFT encryption would be ideal, especially if Muricas everyone else in the world was dumber than they are... which is par for the Ameican view of others.

    2. Displacement Activity

      Re: Observations

      If a quantum computer is needed to break encrypted communications in a reasonable amount of time, the selection of what gets run through the machine will have to be limited. Having "quantum computing proof encryption" isn't a necessity.

      We already have crypto which is resilient to attack by any computer, quantum or not. It's called, confusingly, Quantum Crypto. Currently, it's expensive, clunky, and relatively slow, but is deployed in the real world (even on [Chinese] satellites). It uses quantum mechanics, and not a mathematical algorithm which can be 'cracked'. What we're discussing here is conventional crypto, which is implemented with algorithms that researchers hope aren't amenable to cracking on future Quantum Computers (and, presumably, old Pentiums).

  17. Paul Crawford Silver badge

    Ah well, this is a timely reminder not to brew your own cryptography...

  18. that one in the corner Silver badge

    The isogenies have been let out of their bottle

    Do the Belgians get three wishes now?

    1. Paul Crawford Silver badge

      Re: The isogenies have been let out of their bottle

      I thought they did already?

      Fruit beer, Chocolate, and David Suchet playing Hercule Poirot

  19. pjpmd

    Damn. Another missed opportunity during lockdown.

    I appreciated the author's wit.

  20. aerogems Silver badge
    Joke

    Easy solution

    This is easy to solve, and the solution fits right in with our celebrated ignorance society of conspiracy theories and general bonkers nuttery so it should be easy to get political support behind it.

    Solution: Ban math

    It's both simple and elegant! If no one knows complex math, no one can crack the encryption, and everyone is safe! Problem solved and we can all rest easy at night knowing those terrorist mathematicians are in prison where they belong. Let's see how good differential equations are at preventing a shiv in the kidney, buddy!

  21. Ian Mason
    Joke

    What purple and commutes?

    An abelian grape!

    I'll get my coat. It's the one with the Euler identity printed on the scarf hanging out of it.

  22. Lordrobot

    Did Microsoft pay up?

    It sounds like Microsoft is a recalcitrant equivocator deadbeat.

  23. Anonymous Coward
    Anonymous Coward

    Designed by Microsoft?

    "I see you're trying to create a new crypto standard. Do you want help with that?"

  24. RobDog

    SIKE or ‘ha! Psyche!’

    It serves then right for giving it such a stupid name. Are they 8 year olds?

  25. Kung-Fu Grip

    Has anyone considered perhaps the main reason these top three were chosen, is because someone (like the NSA) had enough time to find vulnerabilities with them which would allow them to bypass the encryption?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like