Software // Information Management
06:37 PM
Connect Directly

Math Error Could Compromise Cryptographic Systems

The increasing sophistication of computer chip design raises the risk that undetected bugs could be used to crack public key encryption systems, security luminary Adi Shamir says.

A highly respected cryptographer warned on Friday that the increasing sophistication of computer chip design raises the risk that undetected bugs could be used to crack public key encryption systems.

The warning was issued by Adi Shamir, a professor at Israel's Weizmann Institute of Science. The "S" in RSA, one such public key encryption algorithm, belongs to Shamir.

"With the increasing word size and sophisticated optimizations of multiplication units in modern microprocessors, it becomes increasingly likely that they contain some undetected bugs," Shamir said in his note. "This was demonstrated by the accidental discovery of the obscure Pentium division bug in the mid 1990's, and by the recent discovery of a multiplication bug in the Microsoft Excel program."

Shamir goes on to warn that if some intelligence organization discovers the existence of such a flaw, or perhaps secretly plants one, then any public key encryption scheme on any computer can be "trivially broken with a single chosen message."

The notion of intelligence agencies influencing chip design to create a secret back door, or simply exploiting one that's already there, may sound like paranoia. But with questions surrounding the origins of a recently discovered flaw in a random number generation algorithm backed by the National Security Agency and National Institute of Standards and Technology coming from respected cryptographers like Bruce Schneier, not to mention the escalating sophistication of cyberattacks in general, such worries sound less loopy.

Shamir likens this "bug attack" to a fault attack method described in 1996, which might involve, for example, using a sudden power spike to exploit an electrical device. The bug attack, however, appears to pose a theoretical risk of greater scope. It might allow millions of PCs to be attacked simultaneously.

While a major chip designer like Intel may have learned from previous design errors, Shamir says that smaller chip design companies may not be so meticulous. And the problem could extend beyond PCs to cell phones, which also may rely on vulnerable silicon.

"As we have demonstrated in this note, even a single (innocent or intentional) bug in any one of these multipliers can lead to a huge security disaster, which can be secretly exploited in an essentially undetectable way by a sophisticated intelligence organization," Shamir concludes.

Among cryptographers such risks are known. In a post to Google Groups about Shamir's note, Wei Dai, co-creator of the VMAC message authentication code and author of Crypto++, a free C++ class library of cryptographic algorithms, said that there are ways to protect against CPU math errors and that "the RSA implementation in Crypto++ is already protected against this attack..."

Still, it's not every day that a crypto luminary issues such a warning.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.