Fujitsu’s crypto research claims – what does this really mean ?
In addition to Luther’s post on the topic, here’s how the recent Fujitsu results relate to our products and commentary from a world-wide recognized expert on pairing based cryptography – Prof. Dan Boneh. The bottom line is there is no impact to the security or strength of encryption to any of our product lines including Voltage SecureMail – the world’s easiest to use secure email encryption solution for enterprises, Voltage SecureData Payments – our market leading P2P Encryption solution used by top merchants and acquirers world-wide for PCI scope reduction, or Voltage SecureMail Cloud – our on-demand email and file encryption solution.
While the recent announcement by Fujitsu Laboratories, NICT and Kyushu University researchers concerning their record-setting discrete logarithm calculation is interesting, it is also important to note that their work does not diminish the security of identity-based encryption (IBE). Their published approach relies on special properties of certain carefully-selected mathematical structures. Voltage products and the IBE key management system they incorporate use a completely distinct mathematical basis that is not subject to the attacks presented in the paper. The implementation that is defined in IEEE 1363.3 and IETF RFC 5091 standards is not affected.
"Variants of the algorithm used in the recent announcement have been known since 1994, and have been considered by researchers in the pairing based cryptography community. The result shows an efficient implementation of the algorithm, but does not change the overall security analysis of pairing based cryptography."
Voltage works closely with a group of senior cryptographic researchers to both monitor the current state of relevant mathematical research, and also to insure that we have made conservative parameter choices using well-understood algorithm choices. We continue to have confidence in the design choices employed in our products and their ability to maintain a strong level of protection for our customers.
In 1994, Len Adelman and Ming-Deh Huang described the "function field sieve," which is the algorithm that runs particularly fast with the parameters that Fujitsu used.
Fujitsu’s research is an implementation of this earlier idea. An earlier paper by the same set of researchers had indicated that these special form groups needed to be large to avoid this kind of attack. The implementation confirms that hypothesis, but does not change the overall security analysis.
The function field sieve is efficient over groups with a small characteristic. The characteristic used in the Fujitsu research was 3. The Voltage IBE implementations use a characteristic on the order of 2512, which renders this algorithm completely ineffective.
The Fujitsu work is interesting, in that it establishes how large keys need to be in these special-case settings. Mainstream implementations of IBE like Voltage IBE or pairing based security are unaffected by the result, since they use groups that are not subject to the analysis presented in this paper.