Adi Shamir, a leading expert on computer cryptography, has posited that a new security risk might be dawning as computer chips get more and more complex. Shamir is a professor at the Weizmann Institute of Science in Israel and is the "S" is RSA.
The New York Times reported recently that Shamir circulated a research note to colleagues hypothesizing that a subtle math error in advanced computer chips could be recognized and exploited in a way that would break public-key cryptography systems, including RSA security.
Shamir said that if an intelligence organization discovered such a flaw, security software on a computer with a compromised chip could be "trivially broken with a single chosen message." The attacker would send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
Trouble with Design Secrets
"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually," Shamir wrote.
One problem, Shamir said, is that due to the top-secret nature of chip design, it would be impossible to verify that a manufacturer's chip was not flawed. "Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers," he said, "there are many smaller manufacturers of microprocessors who may be less careful with their design."
Andrew Storms, director of security operations for nCircle Network Security, emphasized that Shamir's work is hypothetical and intended for discussion among his peers.
"It's important to note that Shamir had not intended for his notes to be dispersed among large crowds," Storms wrote in an e-mail. "This was more of the case of him sending an interesting note among trusted colleagues." Times reporter John Markoff made the issue one for public discussion by reporting on it.
Still in a Theoretical Stage
"This is a hypothetical thought process at this time and if it hadn't come from Shamir, one of the co-inventors of RSA, then it would not be receiving so much attention," Storms said. "My guess is that Shamir is also reticent that this is now open to public discourse at this time."
The attack that Shamir postulated is "still in a theoretical stage," Storms said. This is why we have innovators like Shamir, who can help to invent a method to secure data and years later discover potential flaws with that method, he added. Storms said that, for the time being, there is no imminent threat and the fact that Shamir has done this research provides awareness to microchip producers to ensure new products are free of potential problems.
Jean-Jacques Quisquater, a cryptographic researcher at Louvain University in Belgium was quoted by the Times as saying that the remarkable thing about Shamir's note is that "Adi Shamir is saying that RSA is potentially vulnerable."