WARNING: Math Bugs put Global Commerce at Risk
“One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.”
“Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.”
“A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.”
Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be “trivially broken with a single chosen message.”
Executing the attack would require only knowledge of the math flaw and the ability to send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system. With this approach, “millions of PC’s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Mr. Shamir wrote.
An Intel spokesman noted that the flaw was a theoretical one and something that required a lot of contingencies.
Mr. Shamir said he had no evidence that anyone is using an attack like the one he described.
Thank you to John Markoff for writing this useful warning article.
Source: John Markoff @ NYTIMES
