Pages

Apr 8, 2014

New Unbreakable Encryption based on Biology? Unlikely

It's being reported that scientists at Lancaster University have developed an 'unbreakable' encryption methodology, inspired by human biology. Their paper is here.

Admittedly, the paper is too technical for me to decipher, let alone critique. However, if what is being reported (such as here.) is an accurate representation, we can begin to scrutinize this, at least on principle.


1. Modeled on how the heart and lungs coordinate their rhythms

I'm initially skeptical at the cryptographic value in this type of communication. Don't get me wrong, there are plenty of cryptographic schemes implemented in nature. Most notably would be stenography in the form of camouflage. However, this is cryptography implemented as a defense mechanism between species, I don't see how or why the body would evolve cryptographic communication between organ systems.

The issues involved with coordinating heart and lungs is a timing issue, and you'd want to ensure, foremost, the success of the signal being sent and, secondarily, the fidelity of the information content (which would most certainly be simplistic). While some cryptographic principles come into play in ensuring the integrity of a message, they don't provide actual encryption and are a far cry from a "revolutionary new method of [encryption]".

More to the point, if the method is so unbreakable, how did we break it to determine what it was?

2. Infinite key choices

The primary (if only) strength allegedly offered by this scheme is the fact that it allows for an infinite number of choices for key. Given the premise that modern cryptographic codes are broken by discovering the key through brute force methods, making the key size potentially unlimited makes the code unbreakable.

Simple. Too simple. First, brute force guessing of the cryptographic key is not the only form of cryptanalysis. Cryptanalysis is a broad field incorporating methods such as differential cryptanalysis, known-plaintext attacks, and side-channel attacks. Brute force attacks are essentially the lowest and least efficient form of cryptographic attack and we are already at the point where it would take lifetimes to break modern-day encryption through that method.

Second, the value of making the key size unlimited is dubious. There are always limitations. The reason why key sizes are limited to specific sizes today is the fact that the algorithms are specificly designed with those key sizes in mind. Larger key sizes allow for greater substitutions to be made, obfuscating the data to a greater degree. The implication here is that this algorithm is somehow dynamic that it can handle any key size. My question is: what is the trade off? In translating this to an algorithm to be used by a computer, there are size, time, and bandwidth constraints that practically limit the size of keys that can be chosen.

I also don't see the procedure for choosing keys in the first place. How the keys are chosen or generated is at least, if not more, important than the key length.

3. Simultaneous transmission/Key sharing

This is where I'm completely lost. Simultaneous transmission of information has nothing to do with encryption. It is a limitation of the transmission media being used. Most devices are wireless and, therefore, can transmit simultaneously anyway. Those devices that communicate over wires and cables would still be bound by the physical limitations of those media.

Based on the paper, what it seems that it is doing is taking multiple information streams and encrypting them all. If that is what it is doing, then fine, just say that. But I would deny the simultaneous nature of the transmission. All this seems like is a form of multiplexing - wrapping multiple streams of information into one - and then encrypting that using a single key. So, basically, a VPN.

Conclusion

I'm at a loss to see what is revolutionary here. It'd be nice to see a lay person translation of how this algorithm works, and what protections it offers against modern cryptanalysis. But, generally, speaking, articles that are hyped up like this rarely live up to it.

No comments: