Skip to main content

New Encryption System Provides Practical, Unbreakable Protection

Researchers Develop Mathematically Proven Solution to Internet Security Loophole

ZURICH - 24 Aug 1998: -- Mathematicians at IBM Research and the Swiss Federal Institute of Technology (ETH) have co-developed a new public-key cryptosystem that provides the first practical and mathematically proven way to secure information from even the most aggressive Internet hacking attempts.

The new Cramer-Shoup cryptosystem, revealed today at the Cryptoྞ conference at the University of California-Santa Barbara, effectively closes the backdoor on so-called "active" attacks. All current commercially available cryptosystems are potentially vulnerable to active attacks, which are considered to be the most dangerous hacking attempts any cryptosystem might face.

"This system delivers a new level of integrity for Internet communications, and is particularly suited for e-commerce applications such as cyber-auctions, credit card purchases, and protecting private information," said Jeff Jaffe, general manager for IBM's security products and services. "Businesses and consumers can have greater confidence in Internet transactions, because we've effectively closed down the only way around a cryptosystem's main line of defense."

IBM plans to incorporate the new system into a future version of its Vault Registry software, the IBM SecureWay public-key infrastructure product that allows e-commerce transactions to travel across organizational boundaries in a private, secure manner.

"It's important that we nip this type of powerful attack in the bud," said Victor Shoup of IBM's Zurich Research Laboratory, who invented the new cryptosystem with Ronald Cramer for the Swiss Federal Institute of Technology (ETH). "Earlier this year, an active attack decoded information secured by the most widely used encryption system for Web browsers. Our system will prevent this from happening."

Finesse vs. Muscle

Strong modern cryptosystems are based upon really difficult mathematical problems that are thought to be unsolvable. If a cryptosystem's underlying problem could be solved, then the cryptosystem's security could be broken.

"Active" attacks bypass the difficulty of solving the underlying mathematical problem by sending a series of cleverly constructed messages to a publicly accessible server. By analyzing the server's pattern of responses to the bogus text, an attacker can decode encrypted messages passing through that network. The Cramer-Shoup method thwarts these attacks by delivering the first non-malleable cryptosystem efficient enough for commercial use.

"This is a case of finesse over muscle," said Charles Palmer, head of IBM Research's Network Security and Cryptography Group in New York. "Previous systems left open the possibility of indirect attack. This system elegantly denies that access, shunting attackers back to the imposing mathematical problem at the core of the cryptosystem. In this case, it's the Diffie-Hellman Decision Problem, for which no feasible solution is known."

"Non-malleable" Vs. "Malleable" Protection

The Cramer-Shoup system extends the research earlier this decade of three computer scientists at IBM's Almaden Research Center, San Jose, CA. In 1991, Danny Dolev, Cynthia Dwork and Moni Naor recognized that all current cryptosystems were potentially "malleable." That is, without knowing the decryption key, an attacker could transform an encryption of one message into an encryption of a related message.

This is a serious security flaw because an active attacker could, for example, eavesdrop on a competitor's encrypted transmission of a bid for a contract and then submit an assuredly lower one -- all without knowing the value of the competitor's bid or even his or her own bid. An active attacker can further exploit the cryptosystem's malleability to decrypt targeted messages.

"A malleable cryptosystem is like the combination lock on a safe," says Dwork. "It provides good security, but a skilled safecracker can still open it by listening carefully to the lock mechanism as the dial is turned. An absolutely silent lock mechanism that gives no clue to the combination would be non-malleable and clearly more desirable."

Non-malleable cryptosystems neutralize active attacks by adding another series of calculations which ensure that the server leaks no information when responding to bogus text. Cramer and Shoup's major achievement is combining mathematical rigor with efficient operation, as their system requires little more than twice the computing time of current public key cryptosystems.

A Leader in Cryptography

IBM Research has been a leader in encryption research and development since developing the core technology for the Data Encryption Standard in the early 1970s. Other recent contributions in this area by IBM Research include:

The technical paper by Cramer and Shoup that describes their new cryptosystem in detail can be viewed on the World Wide Web at:

Additional information on IBM Research is available on the web at:

# # #

Contact(s) information

Mike Ross
IBM Research

Related XML feeds
Topics XML feeds
Chemistry, computer science, electrical engineering, materials and mathematical sciences, physics and services science
Information Management, Lotus, Tivoli, Rational, WebSphere, Open standards, open source