Big Blue says it can make encryption twice as fast. But the company hyped a similar
advancement years ago; experts say that idea didn't amount to much, and this one won't
either.
By Elinor Abreu
IBM is announcing a new algorithm on Thursday that it says will double the speed at
which online communications are encrypted. But several crypto experts say that IBM is
fixing something that isn't broken and that Big Blue has a history of tooting its horn
needlessly.
IBM's new as-yet-unnamed security algorithm simultaneously encrypts and authenticates
messages. It works with symmetric cryptography in which the same secret key, or
mathematical code, is used to encrypt and decrypt, as opposed to public key
cryptography, in which two different keys are used. The new algorithm has been
submitted to the U.S. Patent Office and proposed to the National Institute of
Standards.
The improvement in speed won't be noticed when sending small items, such as an e-mail,
but it will make a difference with things like a long Microsoft Word document, an
entire Web page and bulk data, according to Charles Palmer, manager of IBM's Network
Security and Cryptography division.
The algorithm will be especially useful with parallel processors, spreading the work
among multiple processors for even greater speed improvement, so that "pointing [a
handheld device] at a Coke machine actually makes the transaction happen as soon as
you touch the button," said Palmer.
However, several crypto experts questioned the need for the technology and said it
can't be taken seriously until it's been widely analyzed and tested.
"There is no market demand for this algorithm," said Bruce Schneier, author of several
cryptography and security books and chief technology officer of Counterpane Internet
Security, a network monitoring outsourcer. "Sure, RSA (crypto) can be slow, but other
aspects of network protocols are much slower. Rarely is the cryptography the
bottleneck in any communications."
Performance is already addressed by Moore's Law, which dictates that processing speed
increases twofold every 18 months, Schneier pointed out. He also suggested that IBM's
method is counterproductive Ð that most security protocols prefer separating
encryption and authentication because they often have different key management and
implementation requirements. "Combining the two makes engineering harder, not easier,"
he said. "I predict that if you go back in one year, zero applications will be using
it."
Tim Dierks, CTO of Certicom, concurred with Schneier and added that there are already
other means, including hardware accelerators, to improve crypto performance. "I don't
have reason to believe the market is hung up on this sort of solution. It's a question
of whether there is market demand for it," he said.
IBM's Palmer acknowledged that the new technology isn't going to have any drastic
impact in the near term. "We can do it all right today, but this is just going to get
worse as we get cable modems and DSL," he said. "[Schneier's] right; we may not have a
blinding need for this right now."
The criticism wouldn't be so harsh if IBM hadn't done this before. Two years ago, IBM
announced what it called the "Cramer-Shoup cryptosystem" that it cited as "provably
secure" and hyped as a replacement for SSL (Secure Sockets Layer), a protocol that is
ubiquitous in e-commerce transactions. That IBM technology, which was designed to
prevent against an obscure type of crypto attack, has not yet been deployed, noted
Schneier.
"IBM's got a track record of coming out with these major crypto announcements around
early stage results" that haven't been evaluated and tested, said Dierks of Certicom.
"They're seen as self promoting." An IBM algorithm dubbed the "Atjai-Dwork
cryptosystem" was announced in 1997 and broken the following year, he said.
Burt Kaliski, chief scientist and director of RSA's Labs, came to IBM's defense. The
new IBM algorithm "is an interesting line of research; a nice application of theory to
achieve some significant results," he said. "While we could debate whether there's a
problem to be solved, it's a nice technology they've come up with.
"Here, they seem to be on more solid ground in terms of the technology they're
proposing," Kaliski added. "It still needs some more analysis by the crypto
community."
