Encryption discovery could lead to advancements in cybersecurity
Two MIT researchers have recently discovered how to secure widely used encryption schemes against attackers who have intercepted examples of successful decryption, marking a major advancement in computer security.
An MITnews profile highlighted the recent development that was unveiled at the International Conference on the Theory and Applications of Cryptographic Techniques, where postdoctoral candidates Huijia Lin and Stefano Tessaro described a new technique for protecting against chosen ciphertext attacks (CCAs). A CCA is a method in which codebreakers gather information primarily via an algorithm-encoded text (ciphertext), where it is then able to obtain its decryption under an unknown key.
According to MITnews, standard public-key encryption is secure as long as an attacker knows nothing other than the public key. Most financial transactions use public key encryption, which utilizes a key each assigned to the sender and the recipient. Assuming that an attacker only knows its public key, information remains secure. In reality, attackers obtaining sophisticated CCA decryption schemes do exist, making it difficult for public-key security to perform its function.
What Lin and Tessaro discovered is that by combining a weakly encrypted ciphertext with a strongly encrypted one, the result is a strongly encrypted hybrid key that eliminates all known vulnerabilities.
"In real life, maybe it seems more plausible that people would just get a couple of examples of ciphertexts and messages, but as cryptographers, we always want to prevent the worst possible scenario," said Lin. "By considering the strongest attack, we automatically become immune to all possible scenarios."
The postdoctoral candidates' findings could be of practical use in the development of more-secure encryption protocols, but it could also provide theoretical insight into the very nature of cryptographic security and potentially lead the way toward future developments.
Stay safe when accessing information. Protect your sensitive data with an SSL certificate today.