IBM Cries Crypto Wolf, Experts Say

[No User]

Big Blue says it can make encryption twice as fast. But the company hyped a similar advancement years ago; experts say that idea didn't amount to much, and this one won't either. 
By Elinor Abreu 
IBM is announcing a new algorithm on Thursday that it says will double the speed at which online communications are encrypted. But several crypto experts say that IBM is fixing something that isn't broken and that Big Blue has a history of tooting its horn needlessly.

IBM's new as-yet-unnamed security algorithm simultaneously encrypts and authenticates messages. It works with symmetric cryptography in which the same secret key, or mathematical code, is used to encrypt and decrypt, as opposed to public key cryptography, in which two different keys are used. The new algorithm has been submitted to the U.S. Patent Office and proposed to the National Institute of Standards.


The improvement in speed won't be noticed when sending small items, such as an e-mail, but it will make a difference with things like a long Microsoft Word document, an entire Web page and bulk data, according to Charles Palmer, manager of IBM's Network Security and Cryptography division.


The algorithm will be especially useful with parallel processors, spreading the work among multiple processors for even greater speed improvement, so that "pointing [a handheld device] at a Coke machine actually makes the transaction happen as soon as you touch the button," said Palmer.


However, several crypto experts questioned the need for the technology and said it can't be taken seriously until it's been widely analyzed and tested.

"There is no market demand for this algorithm," said Bruce Schneier, author of several cryptography and security books and chief technology officer of Counterpane Internet Security, a network monitoring outsourcer. "Sure, RSA (crypto) can be slow, but other aspects of network protocols are much slower. Rarely is the cryptography the bottleneck in any communications."


Performance is already addressed by Moore's Law, which dictates that processing speed increases twofold every 18 months, Schneier pointed out. He also suggested that IBM's method is counterproductive P that most security protocols prefer separating encryption and authentication because they often have different key management and implementation requirements. "Combining the two makes engineering harder, not easier," he said. "I predict that if you go back in one year, zero applications will be using it."


Tim Dierks, CTO of Certicom, concurred with Schneier and added that there are already other means, including hardware accelerators, to improve crypto performance. "I don't have reason to believe the market is hung up on this sort of solution. It's a question of whether there is market demand for it," he said.


IBM's Palmer acknowledged that the new technology isn't going to have any drastic impact in the near term. "We can do it all right today, but this is just going to get worse as we get cable modems and DSL," he said. "[Schneier's] right; we may not have a blinding need for this right now."


The criticism wouldn't be so harsh if IBM hadn't done this before. Two years ago, IBM announced what it called the "Cramer-Shoup cryptosystem" that it cited as "provably secure" and hyped as a replacement for SSL (Secure Sockets Layer), a protocol that is ubiquitous in e-commerce transactions. That IBM technology, which was designed to prevent against an obscure type of crypto attack, has not yet been deployed, noted Schneier.


"IBM's got a track record of coming out with these major crypto announcements around early stage results" that haven't been evaluated and tested, said Dierks of Certicom. "They're seen as self promoting." An IBM algorithm dubbed the "Atjai-Dwork cryptosystem" was announced in 1997 and broken the following year, he said.


Burt Kaliski, chief scientist and director of RSA's Labs, came to IBM's defense. The new IBM algorithm "is an interesting line of research; a nice application of theory to achieve some significant results," he said. "While we could debate whether there's a problem to be solved, it's a nice technology they've come up with.


"Here, they seem to be on more solid ground in terms of the technology they're proposing," Kaliski added. "It still needs some more analysis by the crypto community."