Security Experts:

Fujitsu Labs and NICT Break 278-digit Pairing-based Cryptography

On Monday, Fujitsu Laboratories, the National Institute of Information and Communications Technology (NICT), and Kyushu University, announced that they have successfully performed a full cryptanalysis of a 278-digit (923-bit)-long pairing-based cryptography.

Up to this point, cryptanalysis of pairing-based cryptography of such a length was thought to be impossible. It was assumed that to do so would require massive effort and several hundred thousand years. This logic was only seemingly confirmed when the cryptography was in its development stage, as all attempts to break it failed.

Cryptanalysis of Next-Generation CryptographyIt wasn’t until researchers tried a new approach that the fragility of pairing-based cryptography at this length was proven. After some work, Fujitsu and NICT proved that it could actually be broken in 148.2 days.

“This result is used as the basis of selecting secure encryption technology, and is proving useful in the standardization of next-generation cryptography in electronic government systems in Japan and international standardization organizations,” an announcement on the accomplishment explains.

“As for a security evaluation of cryptographies, we succeeded with the cryptanalysis of the pairing-based cryptography of 278 digits (923 bits) by using 21 personal computers (252 cores) in 148.2 days. The cryptanalysis is the equivalent to spoofing the authority of the information system administrator. As a result, for the first time in the world we proved that the cryptography of the parameter was vulnerable and could be broken in a realistic amount of time.”

In related cybersecurity news, NICT has developed a real-time network monitoring system called Daedalus, which can visualize attacks and other data.

Based on the video demo, Daedalus looks like something that has come from the future, and will remind many IT geeks of the technology seen in the anime – Ghost in the Shell

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.