"'Quantum-Safe' Crypto Hacked by 10-Year-Old PC"

Cryptographers worldwide have spent the last two decades developing postquantum cryptography (PQC) algorithms to stay ahead of the quantum threat. These are based on new mathematical problems that are difficult to solve for both quantum and classical computers. Researchers at organizations such as the National Institute of Standards and Technology (NIST) have been exploring which PQC algorithms are eligible to become new standards that the world should adopt. NIST announced it was looking for candidate PQC algorithms in 2016, and received 82 submissions in 2017. After three rounds of review, NIST announced four algorithms in July 2020 that would become standards, and four additional algorithms would enter another round of review as possible additional candidates. SIKE (Supersingular Isogeny Key Encapsulation) is a PQC algorithm family that uses elliptic curves. One of SIKE's flaws was that in order to function, it needed to provide auxiliary torsion points to the public, which is extra information. For a long time, attackers attempted to use this extra information to break SIKE, but were unsuccessful. However, using advanced mathematics, a new paper discovered a way to do it. The coauthor Thomas Decru, a mathematical cryptographer at KU Leuven in Belgium, explains that, while elliptic curves are one-dimensional objects, they can be visualized as objects with two dimensions or any other number of dimensions in mathematics. Isogenies can also be formed between these generalized objects. The new attack employs a 25-year-old theorem to construct an isogeny in two dimensions using the extra information made public by SIKE. This isogeny can then be used to reconstruct the secret key used by SIKE to encrypt a message. Decru and study senior author Wouter Castryck published their findings in the Cryptology ePrint Archive on August 5. They discovered that a 10-year-old Intel desktop took 4 minutes to find a secret key protected by SIKE using an algorithm based on this new attack. This article continues to discuss the invalidation of SIKE by a new attack. 

IEEE Spectrum  reports "'Quantum-Safe' Crypto Hacked by 10-Year-Old PC"